Use the Actions artifacts client to avoid needing the actions-read permission

2025-12-08 16:16:16 +00:00 · 2023-12-19 14:46:02 -06:00
parent f33f41b675
commit 81251b551f
7 changed files with 100228 additions and 1106 deletions
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -4,6 +4,7 @@
  "description": "Deploy an actions artifact to GitHub Pages",
  "main": "./dist/index.js",
  "dependencies": {
+    "@actions/artifact": "^2.0.0",
    "@actions/core": "^1.10.1",
    "@actions/github": "^6.0.0"
  },
--- a/src/internal/api-client.js
+++ b/src/internal/api-client.js
@@ -1,47 +1,38 @@
 const core = require('@actions/core')
 const github = require('@actions/github')
+const { DefaultArtifactClient } = require('@actions/artifact')

-async function getArtifactMetadata({ githubToken, runId, artifactName }) {
-  const octokit = github.getOctokit(githubToken)
+async function getArtifactMetadata({ artifactName }) {
+  const artifactClient = new DefaultArtifactClient()

  try {
-    core.info(`Fetching artifact metadata for ${artifactName} in run ${runId}`)
+    core.info(`Fetching artifact metadata for ${artifactName} in this workflow run`)

-    const response = await octokit.request(
-      'GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts?name={artifactName}',
-      {
-        owner: github.context.repo.owner,
-        repo: github.context.repo.repo,
-        run_id: runId,
-        artifactName: artifactName
-      }
-    )
+    const response = await artifactClient.listArtifacts()

-    const artifactCount = response.data.total_count
+    const filteredArtifacts = response.artifacts.filter(artifact => artifact.name === artifactName)
+
+    const artifactCount = filteredArtifacts.length
    core.debug(`List artifact count: ${artifactCount}`)

    if (artifactCount === 0) {
      throw new Error(
-        `No artifacts found for workflow run ${runId}. Ensure artifacts are uploaded with actions/artifact@v4 or later.`
+        'No artifacts found for this workflow run. Ensure artifacts are uploaded with actions/artifact@v4 or later.'
      )
    } else if (artifactCount > 1) {
      throw new Error(
-        `Multiple artifact unexpectedly found for workflow run ${runId}. Artifact count is ${artifactCount}.`
+        `Multiple artifacts unexpectedly found for this workflow run. Artifact count is ${artifactCount}.`
      )
    }

-    const artifact = response.data.artifacts[0]
+    const artifact = filteredArtifacts[0]
    core.debug(`Artifact: ${JSON.stringify(artifact)}`)

-    const artifactSize = artifact.size_in_bytes
-    if (!artifactSize) {
+    if (!artifact.size) {
      core.warning('Artifact size was not found. Unable to verify if artifact size exceeds the allowed size.')
    }

-    return {
-      id: artifact.id,
-      size: artifactSize
-    }
+    return artifact
  } catch (error) {
    core.error(
      'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages or Actions? Please re-run the deployment at a later time.',
--- a/src/internal/deployment.js
+++ b/src/internal/deployment.js
@@ -63,11 +63,7 @@ class Deployment {
      core.debug(`Action ID: ${this.actionsId}`)
      core.debug(`Actions Workflow Run ID: ${this.workflowRun}`)

-      const artifactData = await getArtifactMetadata({
-        githubToken: this.githubToken,
-        runId: this.workflowRun,
-        artifactName: this.artifactName
-      })
+      const artifactData = await getArtifactMetadata({ artifactName: this.artifactName })

      if (artifactData?.size > ONE_GIGABYTE) {
        core.warning(