upload-artifact@v3 is deprecated

[jc00ke]

action-full-scan/.github/workflows/check-dist.yml

Line 47 in a9fbae9

- uses: actions/upload-artifact@v3

This was deprecated on April 14, 2024 and will not be usable on November 30, 2024. I hope it's an easy upgrade and that the breaking changes don't impact this work.

[lgmorand]

deadline is 30 nov. after that, the action will be broken

[thc202]

This is an internal workflow which does not affect users of the action. Also updating the library in the action itself will break other users.

[lgmorand]

Thanks for the quick answer

"This is an internal workflow which does not affect users of the action" it does as it displays warnings when we use this action and thus, pretty sure the artefact won't be uploaded after 30th Nov. these warning are detected in our corporate env and trigger alerts

Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "zap_scan".
Please update your workflow to use v4 of the artifact actions.

" Also updating the library in the action itself will break other users." why is that ? new version and new tag isn't it ? furthermore, as some point, common-scan may not work anymore if the API used is removed by GH.

[thc202]

check-dist.yml is an internal and unpublished workflow, updating the action there will have no effect to end users.

Because the new version does not yet support GHES. https://github.com/actions/upload-artifact?tab=readme-ov-file#v4---whats-new

[lgmorand]

not there but the action-common package loaded in JS yeah. what is the link with GHES ?
I have the warning here: https://github.com/lgmorand/book-github-actions-advanced-workflows/actions/runs/10648189726

[thc202]

There are users running the action in GHES.

[lgmorand]

Yeah this point is clear but not you refuse to fix it and use tagging.

• for GHA you could use v4 and you can tag your version accordingly
• for GHES, they stick with the actual code
  tagging is meant for that. to be able to fix it without having a breaking change.

if v4 is not supported by November, then your action won't work anymore.

[kingthorin]

Hopefully also by their own deadline GitHub will also address the GHES requirement 😉

[lgmorand]

That's my colleagues and... you have great hope my friend :)

once bitten, twice shy

[kingthorin]

Feel free to follow it up internally. IMHO treating GHES customers as second class citizens sucks. (As would having to maintain two different actions because the org can't follow it's own deadlines).