Open ramonpetgrave64 opened 3 weeks ago
While we wait for this to get picked up, I’ve been downloading the artifacts with artifact-id
and actions/github-script@v7
after npm install @actions/artifact@2.1.9
.
…
jobs:
build-low-perms:
outputs:
build-artifact-id: ${{ steps.upload-artifact.outputs.artifact-id }}
…
- name: upload-artifact
id: upload-artifact
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a #v4.3.6
with:
name: ${{ inputs.build-artifact-name }}
path: ${{ inputs.subject-path }}
if-no-files-found: error
…
sign:
…
- run: npm install @actions/artifact@2.1.9
- name: download-build-artifact
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
ARTIFACT_ID: ${{ needs.build-low-perms.outputs.build-artifact-id }}
ARTIFACTS_FOLDER: ./artifacts
with:
script: |
const {default: artifactClient} = require('@actions/artifact')
const { ARTIFACT_ID, ARTIFACTS_FOLDER } = process.env
await artifactClient.downloadArtifact(ARTIFACT_ID, { path: ARTIFACTS_FOLDER })
What would you like to be added?
The ability to download an artifact by specifying it's
artifact-id
from actions/upload-artifact. The JavaScript library already supports this.Since we often want to download multiple artifacts with one invocation of this Action, we could make the new input be
artifact-ids
(plural), instead of onlyartifact-id
(singular).example:
Why is this needed?
actions/upload-artifact@v4
now uploads artifacts in an immutable manner: If an artifact were to be re-uploaded, or overwritten with the same name, then it gets a newartifact-id
.To take advantage of the risks this new immutable
artifact-id
mitigatesactions/download-artifact@v4
can accept a new input to allow the user to specify know artifact ids, instead of the possibly overwritten artifact with the samename
.