search

canonical / ubuntu-pro-client

Ubuntu Pro Client for offerings from Canonical
https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/
GNU General Public License v3.0
52 stars 73 forks source link

ci: bump actions/download-artifact version #3291

Closed renanrodrigo closed 3 weeks ago

renanrodrigo commented 1 month ago

Why is this needed?

This PR solves all of our problems because it mitigates CVE-2024-42471. Dependabot told us about this one, but I'm reopening here to let CI run and make sure all is good. See #3289 for context.

Test Steps

Just let the CI run

github-actions[bot] commented 1 month ago

PR Checklist

How to use this checklist ### How to use this checklist #### PR Author For each section, check a box when it is true. Uncheck a box if it becomes un-true. Then check the box at the bottom of the PR description to re-run the action that creates this checklist. The action that creates and updates this comment will retain your edits. The action will fail if the checklist is not completed. #### PR Reviewer Check that the PR checklist action did not fail. Double check that the author filled out the checklist accurately. If you disagree with a checklist item, start a conversation. For example, the author may say they don't think integration tests are necessary, but you may disagree.
### Bug References None. #### Confirm - [x] I've properly referenced all bugs that this PR fixes
How to properly reference fixed bugs * If this PR is related to a Jira item, include an `SC-1234` reference in the PR title * If this PR is fixes a GitHub issue, include a `Fixes: #1234` reference in the commit that fixes the issue * If this PR is fixes a Launchpad bug, include a `LP: #12345678` reference in the commit that fixes the issue
### Test Updates #### Unit Tests - [ ] I have updated or added any unit tests accordingly - [x] No unit test changes are necessary for this change #### Integration Tests - [ ] I have updated or added any integration tests accordingly - [x] No integration test changes are necessary for this change ### Documentation - [ ] Changes here need to be documented and I have referenced the docs PR in the description - [x] No documentation updates are necessary for this change ### Does this PR require review from someone outside the core ubuntu-pro-client team? - [ ] Yes, and I have requested those reviews via GitHub - [x] No
renanrodrigo commented 1 month ago

So, CI ran an the new version of the action is not pulling our artifact. Needs some investigation on why.

renanrodrigo commented 1 month ago

@paride I see there is an upload-artifact action too - maybe there is where the mismatch happens. This gotta be simpler than expected I guess

renanrodrigo commented 4 weeks ago

Solved - this is now good to go

paride commented 3 weeks ago

Thanks. Sorry with all the things around .5 I didn't get to this earlier.

renanrodrigo commented 3 weeks ago

@paride don't worry - it was easier than expected and at least we didn't waste your time (: