Open matt-rev opened 2 months ago
If you roll back to v4.1.6 of download-artifact, does that fix the error? Between v4.1.6 and v4.1.7, there was a large-ish change to the internals of how zip files are extracted, and it would be interesting to know whether that change is the root cause of the issue.
If v4.1.6 doesn't work, what about v4.1.5 and earlier? It would be interesting to find out what is the last version of download-artifact that does not trigger this error.
I reverted both upload and download to version 4.0.0 and it works again. I haven't had time to debug this more fully.
I have the same error. I reverted from v4 to the patch release v4.1.6 and received a new error.
Found 1 artifact(s)
No input name or pattern filtered specified, downloading all artifacts
An extra directory with the artifact name will be created for each download
Preparing to download the following artifacts:
- my-artifact (ID: 1468066618, Size: 150)
Redirecting to blob download url: https://productionresultssa6.blob.core.windows.net/actions-results/9311fcac-0e99-4a8a-aa90-b7c6d0ba7554/workflow-job-run-b9b8939c-34f7-58f5-3e5f-9a6d71c26129/artifacts/68943e0b3a1b89da7a246a5e41f981dbe788a3845e7634a7bab4d9f5696a802e.zip
Starting download of artifact to: /home/runner/work/maestro-ui-test/maestro-ui-test/my-artifact
Extracting artifact entry: /home/runner/work/maestro-ui-test/maestro-ui-test/my-artifact/my-artifact
(node:1493) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Extracting artifact entry: /home/runner/work/maestro-ui-test/maestro-ui-test/my-artifact/my-artifact
Extracting artifact entry: /home/runner/work/maestro-ui-test/maestro-ui-test/my-artifact/my-artifact
Extracting artifact entry: /home/runner/work/maestro-ui-test/maestro-ui-test/my-artifact/my-artifact
Extracting artifact entry: /home/runner/work/maestro-ui-test/maestro-ui-test/my-artifact/my-artifact
Error: Unable to download artifact(s): Unable to download and extract artifact: Artifact download failed after 5 retries.
4.1.0 has a new error.
Run actions/download-artifact@v4.1.0
No input name specified, downloading all artifacts. Extra directory with the artifact name will be created for each download
Found 1 artifact(s)
Preparing to download the following artifacts:
- my-artifact (ID: 14[6](https://github.com/iyocode/maestro-ui-test/actions/runs/8928238932/job/24523352069#step:4:7)8106963, Size: 150)
Redirecting to blob download url: https://productionresultssa16.blob.core.windows.net/actions-results/eaed20[7](https://github.com/iyocode/maestro-ui-test/actions/runs/8928238932/job/24523352069#step:4:8)d-1feb-4366-91d8-a8e7e607c693/workflow-job-run-b9b[8](https://github.com/iyocode/maestro-ui-test/actions/runs/8928238932/job/24523352069#step:4:9)939c-34f7-58f5-3e5f-9a6d71c26129/artifacts/68943e0b3a1b8[9](https://github.com/iyocode/maestro-ui-test/actions/runs/8928238932/job/24523352069#step:4:10)da7a246a5e41f981dbe788a3845e7634a7bab4d9f5696a802e.zip
Starting download of artifact to: /home/runner/work/maestro-ui-test/maestro-ui-test/my-artifact
(node:1496) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Error: Unable to download artifact(s): Unable to download and extract artifact: EEXIST: file already exists, mkdir '/home/runner/work/maestro-ui-test/maestro-ui-test/my-artifact'
It's looking like the whole 4.1.x chain of releases cannot download files.
Alright...results! It looks like the bug is predominantly error output and documentation. When I adjusted the filesystem paths I was able to do a full upload/download/show cycle in a single job. For reference, here's my example workflow
name: Debugging Artifact Actions
on:
push:
jobs:
save-artifact:
runs-on: ubuntu-latest
steps:
- name: Write Artifact
run: echo "Hello world" > my-artifact
- name: Save artifact
uses: actions/upload-artifact@v4
with:
name: my-artifact
path: my-artifact
# https://github.com/actions/download-artifact/issues/328
- name: Download Artifact
uses: actions/download-artifact@v4
with:
path: mine-artifact
- name: Show artifact
run: |
ls -l mine-artifact/my-artifact
cat mine-artifact/my-artifact/my-artifact
My previous error outputs were from runs where I omitted the path: mine-artifact
input and used the default from the download-artifact action.
@lazzarello's solution doesn't work for me. Turning on debug logging reveals that the error is during extraction, and the message is "Invalid signature in zip file".
Downloading artifacts from the URL given in the upload step show that the zip archive can't be extracted using the unzip-stream
library that actions/download-artifact
uses. Debug-logging that operation gives "Unexpected signature in zip file: 0x16d4b50 "PKm", skipped 1 bytes".
The upload-artifact
code uses a different library, and my guess is that the two libraries aren't 100% compatible. The README for unzip-stream
says:
Please note that the zip file format isn't really meant to be processed by streaming, though this library should succeed in most cases, if you do have complete zip file available, you should consider using other libraries which read zip files from the end - as originally intended
However, download-artifact
unzips directly from a network stream so the complete zip isn't available with the current design.
Strangely, artifacts from other elements of our matrix build are fine, and it's just this one combination that's giving problems.
I've created mhr3/unzip-stream#50
@neilmayhew If you use download-artifact v4.1.6 instead of v4.1.7, does that fix the issue? Between v4.1.6 and v4.1.7, one of the changes was which unzip-stream method is being used to unzip the file. If v4.1.6 works but v4.1.7 doesn't, or vice-versa, that would likely help in tracking down the ultimate source of the bug.
@rmunn Using download-artifact
v4.1.6 instead of v4.1.7 does indeed fix the issue
As I said in mhr3/unzip-stream#50,
The archive can be opened and the contents extracted by every other zip utility I've tried. It was produced by
actions/upload-artifact
which uses thearchiver
package to create it. The version ofarchiver
being used is currently7.0.1
but it was previously5.3.1
. I've been able to work around the problem in our CI by pinning the version ofactions/upload-artifact
to4.2.0
which uses the older version ofarchiver
.
So downgrading download-artifact
is another solution.
There is clearly a bug in unzip-stream
since it can't process some apparently valid zip files when used standalone. However, the project seems to be unmaintained (no PRs merged in over a year) so I'm not hopeful of getting it fixed there.
The upload-artifact
and download-artifact
actions are heavily used, of course, so I think it's important that they (via the underlying actions/toolkit
SDK) take some steps to avoid hitting this problem. Ideally, they would remove the dependency on an unmaintained library.
Unfortunately, I don't feel like upload-artifact
and download-artifact
are all that well maintained either. I have a PR open to fix https://github.com/actions/upload-artifact/issues/38 and https://github.com/actions/upload-artifact/issues/485, which has been open for over a month. (The PR is https://github.com/actions/toolkit/pull/1723). GitHub policy sensibly requires a code review from team members before PRs can be considered for merging; the problem is that I have been completely unable to bring the PR to the attention of anyone from the GitHub Actions team. I have tried not to be too obnoxious, only pinging GitHub employees about once per week. But nobody has responded, or even acknowledged the existence of the PR, as far as I can tell. The fact that a quite small and easy-to-review PR that fixes two important bugs (one of which is the sixth-most-upvoted issue in its tracker) has languished with no attention for a month is discouraging.
There is clearly a bug in
unzip-stream
since it can't process some apparently valid zip files when used standalone. However, the project seems to be unmaintained (no PRs merged in over a year) so I'm not hopeful of getting it fixed there.
Actually, https://github.com/mhr3/unzip-stream/pull/39 and https://github.com/mhr3/unzip-stream/pull/47 were merged on April 21st, 2024, exactly two months ago as of when I'm writing this. But overall, yes, the maintainer of that library doesn't seem to be managing to keep up with it, and it could probably use a new maintainer or two.
For us, not even pinning both upload and download actions to 4.0.0 works anymore. The project is unfortunately not open source, so I cannot post the whole log, but it gives
Redirecting to blob download url: <redacted>.zip
Starting download of artifact to: <redacted>
Error: Unable to download artifact(s): Unable to download and extract artifact: Not a valid zip file
This worked fine last week with the latest v4 of both actions at that time. The artifacts in question are python wheels if that helps.
Another piece of information, one of the artifacts was the docker build summary (see the relevant docs). When we got rid of the summary artifact, our build now works fine with 4.1.7. So maybe the docker build summary file (which itself is a zip archive) is tripping up the zip libraries?
@no23reason We got a similar report in https://github.com/docker/build-push-action/issues/1167. We are using the API to upload the build export artifact and we are not using zip format but gzip one:
And seems the API always expect a zip artifact when downloading: https://github.com/actions/toolkit/blob/361a115e538ac6d8eb06cc47f3fcecce557d04c8/packages/artifact/src/internal/download/download-artifact.ts#L92
@bethanyj28 @robherley Maybe you could skip extracting files that are not valid zip?
@no23reason I made some changes in the toolkit to skip files that don't have the expected content-type before extracting them: https://github.com/actions/toolkit/compare/main...crazy-max:toolkit:test-skip-non-zip
It seems to solve the issue. Here's a workflow to test this:
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Meta
id: meta
uses: docker/metadata-action@master
-
name: Upload meta bake definition
uses: actions/upload-artifact@v4
with:
name: bake-meta
path: ${{ steps.meta.outputs.bake-file }}
if-no-files-found: error
retention-days: 1
-
name: Build
uses: docker/build-push-action@master
with:
context: .
post:
runs-on: ubuntu-latest
needs: build
steps:
-
name: Download artifacts
uses: crazy-max/download-artifact@test-skip-non-zip
Debug logs of "Download artifacts" step:
Preparing to download the following artifacts:
- docker~test-docker-action~BGHOTQ.dockerbuild (ID: 1654731091, Size: 5567)
- bake-meta (ID: 1654730707, Size: 497)
##[debug]Artifact destination folder does not exist, creating: /home/runner/work/test-docker-action/test-docker-action/docker~test-docker-action~BGHOTQ.dockerbuild
##[debug]Artifact destination folder does not exist, creating: /home/runner/work/test-docker-action/test-docker-action/bake-meta
##[debug]Workflow Run Backend ID: 0cc20625-3561-4440-9048-70024d8ad258
##[debug]Workflow Job Run Backend ID: 937ea504-f21e-52f6-d164-c808765d698a
##[debug][Request] ListArtifacts https://results-receiver.actions.githubusercontent.com/twirp/github.actions.results.api.v1.ArtifactService/ListArtifacts
##[debug]Workflow Run Backend ID: 0cc20625-3561-4440-9048-70024d8ad258
##[debug]Workflow Job Run Backend ID: 937ea504-f21e-52f6-d164-c808765d698a
##[debug][Request] ListArtifacts https://results-receiver.actions.githubusercontent.com/twirp/github.actions.results.api.v1.ArtifactService/ListArtifacts
##[debug][Response] - 200
##[debug]Headers: {
##[debug] "content-length": "282",
##[debug] "content-type": "application/json",
##[debug] "date": "Mon, 01 Jul 2024 09:36:54 GMT",
##[debug] "x-github-backend": "Kubernetes",
##[debug] "x-github-request-id": "E00A:2A89D3:1D45CA:25322C:668278B6"
##[debug]}
##[debug]Body: {
##[debug] "artifacts": [
##[debug] {
##[debug] "workflow_run_backend_id": "0cc20625-3561-4440-9048-70024d8ad258",
##[debug] "workflow_job_run_backend_id": "ca395085-040a-526b-2ce8-bdc85f692774",
##[debug] "database_id": "1654731091",
##[debug] "name": "docker~test-docker-action~BGHOTQ.dockerbuild",
##[debug] "size": "5567",
##[debug] "created_at": "2024-07-01T09:36:43Z"
##[debug] }
##[debug] ]
##[debug]}
##[debug][Request] GetSignedArtifactURL https://results-receiver.actions.githubusercontent.com/twirp/github.actions.results.api.v1.ArtifactService/GetSignedArtifactURL
##[debug][Response] - 200
##[debug]Headers: {
##[debug] "content-length": "560",
##[debug] "content-type": "application/json",
##[debug] "date": "Mon, 01 Jul 2024 09:36:54 GMT",
##[debug] "x-github-backend": "Kubernetes",
##[debug] "x-github-request-id": "E00A:2A89D3:1D45DB:253240:668278B6"
##[debug]}
##[debug]Body: {
##[debug] "signed_url": "https://productionresultssa10.blob.core.windows.net/actions-results/0cc20625-3561-4440-9048-70024d8ad258/workflow-job-run-ca395085-040a-526b-2ce8-bdc85f692774/artifacts/771ba7777401e8a24ea0b5dc7d95a3da79ee6e928254cc46f0f13e40846c0ab1.zip?se=2024-07-01T09%3A46%3A54Z&sig=B9B9ehrtCs66uPrB9jHHRXfHsr6n0g8hnLS1TuwBTtc%3D&ske=2024-07-01T19%3A00%3A39Z&skoid=ca7593d4-ee42-46cd-af88-8b886a2f84eb&sks=b&skt=2024-07-01T07%3A00%3A39Z&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skv=2023-11-03&sp=r&spr=https&sr=b&st=2024-07-01T09%3A36%3A49Z&sv=2023-11-03"
##[debug]}
Redirecting to blob download url: https://productionresultssa10.blob.core.windows.net/actions-results/0cc20625-3561-4440-9048-70024d8ad258/workflow-job-run-ca395085-040a-526b-2ce8-bdc85f692774/artifacts/771ba7777401e8a24ea0b5dc7d95a3da79ee6e928254cc46f0f13e40846c0ab1.zip
Starting download of artifact to: /home/runner/work/test-docker-action/test-docker-action/docker~test-docker-action~BGHOTQ.dockerbuild
##[debug][Response] - 200
##[debug]Headers: {
##[debug] "content-length": "246",
##[debug] "content-type": "application/json",
##[debug] "date": "Mon, 01 Jul 2024 09:36:54 GMT",
##[debug] "x-github-backend": "Kubernetes",
##[debug] "x-github-request-id": "E00B:1FBE19:1D1E16:24FD99:668278B6"
##[debug]}
##[debug]Body: {
##[debug] "artifacts": [
##[debug] {
##[debug] "workflow_run_backend_id": "0cc20625-3561-4440-9048-70024d8ad258",
##[debug] "workflow_job_run_backend_id": "ca395085-040a-526b-2ce8-bdc85f692774",
##[debug] "database_id": "1654730707",
##[debug] "name": "bake-meta",
##[debug] "size": "497",
##[debug] "created_at": "2024-07-01T09:36:37Z"
##[debug] }
##[debug] ]
##[debug]}
##[debug][Request] GetSignedArtifactURL https://results-receiver.actions.githubusercontent.com/twirp/github.actions.results.api.v1.ArtifactService/GetSignedArtifactURL
##[debug][Response] - 200
##[debug]Headers: {
##[debug] "content-length": "562",
##[debug] "content-type": "application/json",
##[debug] "date": "Mon, 01 Jul 2024 09:36:54 GMT",
##[debug] "x-github-backend": "Kubernetes",
##[debug] "x-github-request-id": "E00B:1FBE19:1D1E23:24FDAA:668278B6"
##[debug]}
##[debug]Body: {
##[debug] "signed_url": "https://productionresultssa10.blob.core.windows.net/actions-results/0cc20625-3561-4440-9048-70024d8ad258/workflow-job-run-ca395085-040a-526b-2ce8-bdc85f692774/artifacts/906bf0728887597ba91b16b1778f41cea66aa49961106539f0c04e0b11d3abd5.zip?se=2024-07-01T09%3A46%3A54Z&sig=ArW2G%2BWxAGsJgNZB2X2kZhBt2RmgSbTSwR6atQG4Hwo%3D&ske=2024-07-01T20%3A16%3A40Z&skoid=ca7593d4-ee42-46cd-af88-8b886a2f84eb&sks=b&skt=2024-07-01T08%3A16%3A40Z&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skv=2023-11-03&sp=r&spr=https&sr=b&st=2024-07-01T09%3A36%3A49Z&sv=2023-11-03"
##[debug]}
Redirecting to blob download url: https://productionresultssa10.blob.core.windows.net/actions-results/0cc20625-3561-4440-9048-70024d8ad258/workflow-job-run-ca395085-040a-526b-2ce8-bdc85f692774/artifacts/906bf0728887597ba91b16b1778f41cea66aa49961106539f0c04e0b11d3abd5.zip
Starting download of artifact to: /home/runner/work/test-docker-action/test-docker-action/bake-meta
##[debug]response.message.headers: {"content-length":"5567","content-type":"application/gzip","content-md5":"s35vhwNK24ehlOSl2bTFUA==","last-modified":"Mon, 01 Jul 2024 09:36:43 GMT","accept-ranges":"bytes","etag":"\"0x8DC99B15171B60C\"","server":"Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0","x-ms-request-id":"e9c547ca-a01e-0012-649a-cb4aa8000000","x-ms-version":"2023-11-03","x-ms-creation-time":"Mon, 01 Jul 2024 09:36:43 GMT","x-ms-lease-status":"unlocked","x-ms-lease-state":"available","x-ms-blob-type":"BlockBlob","content-disposition":"attachment; filename=\"docker~test-docker-action~BGHOTQ.dockerbuild\"","x-ms-server-encrypted":"true","access-control-expose-headers":"x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-creation-time,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Content-Disposition,x-ms-server-encrypted,Accept-Ranges,Content-Length,Date,Transfer-Encoding","access-control-allow-origin":"*","date":"Mon, 01 Jul 2024 09:36:53 GMT"}
##[debug]Invalid content-type: application/gzip, skipping download
Artifact download completed successfully.
##[debug]response.message.headers: {"content-length":"497","content-type":"zip","last-modified":"Mon, 01 Jul 2024 09:36:37 GMT","accept-ranges":"bytes","etag":"\"0x8DC99B14DA08F62\"","server":"Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0","x-ms-request-id":"63899c09-b01e-0021-749a-cb1503000000","x-ms-version":"2023-11-03","x-ms-creation-time":"Mon, 01 Jul 2024 09:36:37 GMT","x-ms-lease-status":"unlocked","x-ms-lease-state":"available","x-ms-blob-type":"BlockBlob","x-ms-server-encrypted":"true","access-control-expose-headers":"x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-creation-time,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,x-ms-server-encrypted,Accept-Ranges,Content-Length,Date,Transfer-Encoding","access-control-allow-origin":"*","date":"Mon, 01 Jul 2024 09:36:54 GMT"}
(node:1468) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Artifact download completed successfully.
Total of 2 artifact(s) downloaded
Download artifact has finished successfully
##[debug]Node Action run completed with exit code 0
##[debug]Set output download-path = /home/runner/work/test-docker-action/test-docker-action
##[debug]Finishing: Download artifacts
We have two files download by "Download artifacts". After adding some logging on response headers we can see that the regular artifact uploaded with actions/upload-artifact@v4
has zip
as content-type
header but one uploaded by docker/build-push-action
has application/gzip
:
{
"content-length": "5572",
"content-type": "application/gzip",
"content-md5": "yPIHPOPuYDEHs/vabwyt6A==",
"last-modified": "Mon, 01 Jul 2024 09:22:34 GMT",
"accept-ranges": "bytes",
"etag": "\"0x8DC99AF5777FC1C\"",
"server": "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"x-ms-request-id": "b45769a4-301e-00cf-5498-cb2dab000000",
"x-ms-version": "2023-11-03",
"x-ms-creation-time": "Mon, 01 Jul 2024 09:22:34 GMT",
"x-ms-lease-status": "unlocked",
"x-ms-lease-state": "available",
"x-ms-blob-type": "BlockBlob",
"content-disposition": "attachment; filename=\"docker~test-docker-action~44M6YV.dockerbuild\"",
"x-ms-server-encrypted": "true",
"access-control-expose-headers": "x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-creation-time,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Content-Disposition,x-ms-server-encrypted,Accept-Ranges,Content-Length,Date,Transfer-Encoding",
"access-control-allow-origin": "*",
"date": "Mon, 01 Jul 2024 09:22:47 GMT"
}
I think this change in the toolkit should mitigate this issue by making sure we try to extract a valid zip file if maintainers are ok with it. cc @bethanyj28 @robherley @konradpabjan
Did some tests: | actions/upload-artifact | actions/download-artifact | Working? |
---|---|---|---|
v4.3.3 | v4.1.7 | no | |
v4.3.3 | v4.1.6 | no | |
v4.3.3 | v4.1.5 | no | |
v4.3.3 | v4.1.4 | no | |
v4.3.3 | v4.1.3 | no | |
v4.3.3 | v4.1.2 | no | |
v4.3.3 | v4.1.1 | no | |
v4.3.3 | v4.1.0 | no | |
v4.3.3 | v4.0.0 | no | |
v4.0.0 | v4.0.0 | no |
What happened?
We have a CI process using github actions. It works on current versions, but I am trying to bump versions for security and performance improvements. There are two runner containers.
In the first one, we build using actions/upload-artifact@v4:
then, in the second one, we consume these build artifacts:
What did you expect to happen?
I expected to be able to download the artifact file. I can download the file from the first runner that uploads it, using the URL in the logs. I cannot download the file from the second runner that downloads it, using the URL in the runner logs. The URL looks different
How can we reproduce it?
This is running in a private repo. Please upload and download using the excerpts above in the what happened section. runs-on: ubuntu-latest
Anything else we need to know?
Logging from the action:
What version of the action are you using?
v4.1.7
What are your runner environments?
linux
Are you on GitHub Enterprise Server? If so, what version?
No response