.github: update and pin actions/upload-artifact to latest 4.x (#13556)

Update and pin actions/upload-artifact usage to latest 4.x. These were
previously pointing to @3 which pulls in the latest v3 as they are
released, with the potential to break our workflows if a breaking change
or malicious version on the @3 stream is ever pushed.

Changing this to a pinned version also means that dependabot will keep
this in the pinned version format (e.g., referencing a SHA) when it
opens a PR to bump the dependency.

Updates #cleanup

Signed-off-by: Mario Minardi <mario@tailscale.com>
This commit is contained in:
Mario Minardi 2024-09-23 16:44:26 -06:00 committed by GitHub
parent a8bd0cb9c2
commit 04bbef0e8b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -456,12 +456,16 @@ jobs:
fuzz-seconds: 300 fuzz-seconds: 300
dry-run: false dry-run: false
language: go language: go
- name: Set artifacts_path in env (workaround for actions/upload-artifact#176)
if: steps.run.outcome != 'success' && steps.build.outcome == 'success'
run: |
echo "artifacts_path=$(realpath .)" >> $GITHUB_ENV
- name: upload crash - name: upload crash
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
if: steps.run.outcome != 'success' && steps.build.outcome == 'success' if: steps.run.outcome != 'success' && steps.build.outcome == 'success'
with: with:
name: artifacts name: artifacts
path: ./out/artifacts path: ${{ env.artifacts_path }}/out/artifacts
depaware: depaware:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04