chore(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1

[dependabot]

Bumps actions/upload-artifact from 3.1.3 to 4.3.1.

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.1

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.3.0

What's Changed

• Reorganize upload code in prep for merge logic & add more tests by @​robherley in actions/upload-artifact#504
• Add sub-action to merge artifacts by @​robherley in actions/upload-artifact#505

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

What's Changed

• Ability to overwrite an Artifact by @​robherley in actions/upload-artifact#501

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

What's Changed

• Add migrations docs by @​robherley in actions/upload-artifact#482
• Update README.md by @​samuelwine in actions/upload-artifact#492
• Support artifact-url output by @​konradpabjan in actions/upload-artifact#496
• Update readme to reflect new 500 artifact per job limit by @​robherley in actions/upload-artifact#497

New Contributors

• @​samuelwine made their first contribution in actions/upload-artifact#492

Full Changelog: actions/upload-artifact@v4...v4.1.0

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​vmjoseph made their first contribution in actions/upload-artifact#464

Full Changelog: actions/upload-artifact@v3...v4.0.0

Commits

• 5d5d22a Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1
• f1e993d update artifact license
• 4881bfd updating dist:
• a30777e @​eggyhead
• 3a80482 Merge pull request #511 from actions/robherley/migration-docs-typo
• 9d63e3f Merge branch 'main' into robherley/migration-docs-typo
• dfa1ab2 fix typo with v3 artifact downloads in migration guide
• d00351b Merge pull request #509 from markmssd/patch-1
• 707f5a7 Update limitation of 10 artifacts upload to 500
• 26f96df Merge pull request #505 from actions/robherley/merge-artifacts
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[leandrodamascena]

@heitorlessa or @sthulb, I need your review here, pls!

[heitorlessa]

thank you <3 Waiting for Andrea to confirm whether overwrite was indeed all we needed before we merge.

[heitorlessa]

preemptive approval on Andrea's confirmation

[dreamorosi]

Overall, the fact that v4 of this action considers artifacts immutable means that it'll raise an exception whenever a given workflow tries to mutate (aka overwrite) an artifact with the same key.

If a workflow generates a single artifact or multiple artifacts with unique keys then it'll continue working. In both these cases the overwrite key is not needed and I'd be inclined to use the default behavior (aka treat artifacts as immutable).

It's important to note that an artifact is already considered unique in the context of a workflow run. This means that a workflow A that generates an artifact called foo.zip, when run twice, the two foo.zip are considered unique. This is because they were created in the context of two separate runs.

On the other hand, a workflow B, that has two steps that both write to an artifact called bar.zip, is considered to be mutating the same artifact because it writes twice to the same key within the same run.

With this in mind, I think the only workflow that needs the overwrite: true setting to be enabled is the layers one. The other 3 are only uploading an artifact as a terminal state of a run.

[leandrodamascena]

Thanks for the clear explanation @dreamorosi! I am applying your suggestions.

[sonarqubecloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[heitorlessa]

great call out on "v4 artifacts are now unique per job run"! Let me know when the changes are in and we can merge @leandrodamascena

[dreamorosi]

Thank you for working on this!

[heitorlessa]

thank you Le for the changes!!