Merge pull request #404 from salmanmkc/node24

Update Node.js version to 24.x

.github/dependabot.yml

@@ -4,8 +4,14 @@ updates:
     directory: '/'
     schedule:
       interval: 'weekly'
+    groups:
+      non-breaking-changes:
+        update-types: [minor, patch]
 
   - package-ecosystem: 'npm'
     directory: '/'
     schedule:
       interval: 'weekly'
+    groups:
+      non-breaking-changes:
+        update-types: [minor, patch]

.github/release-drafter.yml

@@ -10,7 +10,7 @@ template: |
 
   See details of [all code changes](https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION) since previous release.
 
-  :warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the [compatibility table](https://github.com/$OWNER/$REPOSITORY/#compatibilty).
+  :warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the [compatibility table](https://github.com/$OWNER/$REPOSITORY/#compatibility).
 categories:
   - title: '🚀 Features'
     labels:

.github/workflows/check-dist.yml

@@ -46,7 +46,7 @@ jobs:
           fi
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/draft-release.yml

@@ -11,6 +11,6 @@ jobs:
   draft-release:
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0
+      - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish-immutable-actions.yml

@@ -0,0 +1,20 @@
+name: 'Publish Immutable Action Version'
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+
+    steps:
+      - name: Checking out
+        uses: actions/checkout@v4
+      - name: Publish
+        id: publish
+        uses: actions/publish-immutable-action@0.0.3

.github/workflows/rebuild-dependabot-prs.yml

@@ -45,7 +45,7 @@ jobs:
             git add dist/
             git config --local user.name "github-actions[bot]"
             git config --local user.email "github-actions[bot]@users.noreply.github.com"
-            git commit -m "Update distributables after Dependabot 🤖"
+            git commit -m "[dependabot skip] Update distributables after Dependabot 🤖"
             echo "Pushing branch ${{ github.ref_name }}"
             git push origin ${{ github.ref_name }}
           fi

.github/workflows/release.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
       - name: Update the ${{ env.TAG_NAME }} tag
         id: update-major-tag
-        uses: actions/publish-action@v0.2.2
+        uses: actions/publish-action@v0.3.0
         with:
           source-tag: ${{ env.TAG_NAME }}
           slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.node-version

@@ -1 +1 @@
-20.10.0
+24.4.0

README.md

@@ -6,11 +6,11 @@ This action is used to deploy [Actions artifacts][artifacts] to [GitHub Pages](h
 
 ## Usage
 
-See [action.yml](action.yml) for the various `inputs` this action supports.
+See [action.yml](action.yml) for the various `inputs` this action supports (or [below](#inputs-📥)).
 
 For examples that make use of this action, check out our [starter-workflows][starter-workflows] in a variety of frameworks.
 
-This action expects an artifact named `github-pages` to have been created prior to execution. This is done automatically when using [`actions/upload-pages-artifact`][upload-pages-artifact].
+This action deploys a Pages site previously uploaded as an artifact (e.g. using [`actions/upload-pages-artifact`][upload-pages-artifact]).
 
 We recommend this action to be used in a dedicated job:
 
@@ -41,7 +41,7 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v3 # or specific "vX.X.X" version tag for this action
+        uses: actions/deploy-pages@v4 # or specific "vX.X.X" version tag for this action
 ```
 
 ### Inputs 📥
@@ -71,7 +71,7 @@ jobs:
 
 There are a few important considerations to be aware of:
 
-1. The artifact being deployed must have been uploaded in a previous step, either in the same job or a separate job that doesn't execute until the upload is complete.
+1. The artifact being deployed must have been uploaded in a previous step, either in the same job or a separate job that doesn't execute until the upload is complete. See [`actions/upload-pages-artifact`][upload-pages-artifact] for more information about the format of the artifact we expect.
 
 2. The job that executes the deployment must at minimum have the following permissions:
    - `pages: write`
@@ -83,12 +83,19 @@ There are a few important considerations to be aware of:
 
 5. If your Pages site is using GitHub Actions as the source, while not required we highly recommend you also [protect your environment][environment-protection] (we will configure it by default for you).
 
+## OIDC
+When we invoke a job using GitHub Actions the job requests an OIDC token from GitHub's OIDC provider which responds with a JSON web token (JWT). Each token is unique to each workflow job [learn more about OIDC tokens](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token).
+
+OIDC tokens are minted within the context of a single job, and are used to form a trust relationship which validates properties of the workflow run against a third-party (e.g. cloud providers such as AWS or Azure). In the context of GitHub Pages, this is most relevant to ensure a workflow respects branch protection settings. To do this, the OIDC token includes a claim about which branch/ref is executing the workflow. The token is passed to the pages deployment API as part of the request payload, where it's decoded internally to validate the claims and verify if that workflow is allowed to deploy to pages.
+A common question regarding OIDC tokens is the need to use both `pages:write` and `id-token:write`. The pages permission relates to the `GITHUB_TOKEN` by giving it the permissions to create pages deployments when calling the GitHub API. The id-token permission is necessary to request the OIDC JWT token. For more information on the id-token, check the docs on [adding permissions settings](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings).
+
 ## Compatibility
 
 This action is primarily designed for use with GitHub.com's Actions workflows and Pages deployments. However, certain releases should also be compatible with GitHub Enterprise Server (GHES) `3.7` and above.
 
 | Release | GHES Compatibility |
 |:---|:---|
+| [`v4`](https://github.com/actions/deploy-pages/releases/tag/v4) | :warning: Incompatible at this time |
 | [`v3`](https://github.com/actions/deploy-pages/releases/tag/v3) | `>= 3.9` |
 | `v3.x.x` | `>= 3.9` |
 | [`v2`](https://github.com/actions/deploy-pages/releases/tag/v2) | `>= 3.9` |

action.yml

@@ -2,7 +2,7 @@ name: 'Deploy GitHub Pages site'
 description: 'A GitHub Action to deploy an artifact as a GitHub Pages site'
 author: 'GitHub'
 runs:
-  using: 'node20'
+  using: 'node24'
   main: 'dist/index.js'
 inputs:
   token:

coverage_badge.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="116" height="20" role="img" aria-label="Coverage: 81.39%"><title>Coverage: 81.39%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#dfb317"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">81.39%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">81.39%</text></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="116" height="20" role="img" aria-label="Coverage: 80.84%"><title>Coverage: 80.84%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#dfb317"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">80.84%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">80.84%</text></g></svg>

package.json

@@ -4,22 +4,22 @@
   "description": "Deploy an actions artifact to GitHub Pages",
   "main": "./dist/index.js",
   "dependencies": {
+    "@actions/artifact": "^2.1.8",
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.0",
-    "@actions/http-client": "^2.2.0",
     "@octokit/request-error": "^5.0.1",
     "http-status-messages": "^1.1.0"
   },
   "devDependencies": {
     "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.55.0",
+    "eslint": "^8.57.0",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-github": "^4.10.1",
+    "eslint-plugin-github": "^4.10.2",
     "jest": "^29.7.0",
     "make-coverage-badge": "^1.2.0",
-    "nock": "^13.4.0",
-    "prettier": "^3.1.0",
-    "undici": "^6.0.0"
+    "nock": "^13.5.4",
+    "prettier": "^3.3.3",
+    "undici": "^6.19.2"
   },
   "scripts": {
     "all": "npm run format && npm run lint && npm run prepare && npm run test && npm run coverage-badge",

src/__tests__/index.test.js

@@ -4,9 +4,7 @@ const path = require('path')
 
 describe('with all environment variables set', () => {
   beforeEach(() => {
-    process.env.ACTIONS_RUNTIME_URL = 'http://my-url'
     process.env.GITHUB_RUN_ID = '123'
-    process.env.ACTIONS_RUNTIME_TOKEN = 'a-token'
     process.env.GITHUB_REPOSITORY = 'actions/is-awesome'
     process.env.GITHUB_TOKEN = 'gha-token'
     process.env.GITHUB_SHA = '123abc'
@@ -26,7 +24,7 @@ describe('with all environment variables set', () => {
 
 describe('with variables missing', () => {
   it('execution fails if there are missing variables', done => {
-    delete process.env.ACTIONS_RUNTIME_URL
+    delete process.env.GITHUB_RUN_ID
     const ip = path.join(__dirname, '../index.js')
     cp.exec(`node ${ip}`, { env: process.env }, (err, stdout) => {
       expect(stdout).toBe('')

src/__tests__/internal/deployment.test.js

@@ -9,20 +9,24 @@ const { Deployment, MAX_TIMEOUT, ONE_GIGABYTE, SIZE_LIMIT_DESCRIPTION } = requir
 const fakeJwt =
   'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiNjllMWIxOC1jOGFiLTRhZGQtOGYxOC03MzVlMzVjZGJhZjAiLCJzdWIiOiJyZXBvOnBhcGVyLXNwYS9taW55aTplbnZpcm9ubWVudDpQcm9kdWN0aW9uIiwiYXVkIjoiaHR0cHM6Ly9naXRodWIuY29tL3BhcGVyLXNwYSIsInJlZiI6InJlZnMvaGVhZHMvbWFpbiIsInNoYSI6ImEyODU1MWJmODdiZDk3NTFiMzdiMmM0YjM3M2MxZjU3NjFmYWM2MjYiLCJyZXBvc2l0b3J5IjoicGFwZXItc3BhL21pbnlpIiwicmVwb3NpdG9yeV9vd25lciI6InBhcGVyLXNwYSIsInJ1bl9pZCI6IjE1NDY0NTkzNjQiLCJydW5fbnVtYmVyIjoiMzQiLCJydW5fYXR0ZW1wdCI6IjIiLCJhY3RvciI6IllpTXlzdHkiLCJ3b3JrZmxvdyI6IkNJIiwiaGVhZF9yZWYiOiIiLCJiYXNlX3JlZiI6IiIsImV2ZW50X25hbWUiOiJwdXNoIiwicmVmX3R5cGUiOiJicmFuY2giLCJlbnZpcm9ubWVudCI6IlByb2R1Y3Rpb24iLCJqb2Jfd29ya2Zsb3dfcmVmIjoicGFwZXItc3BhL21pbnlpLy5naXRodWIvd29ya2Zsb3dzL2JsYW5rLnltbEByZWZzL2hlYWRzL21haW4iLCJpc3MiOiJodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwibmJmIjoxNjM4ODI4MDI4LCJleHAiOjE2Mzg4Mjg5MjgsImlhdCI6MTYzODgyODYyOH0.1wyupfxu1HGoTyIqatYg0hIxy2-0bMO-yVlmLSMuu2w'
 
+const LIST_ARTIFACTS_TWIRP_PATH = '/twirp/github.actions.results.api.v1.ArtifactService/ListArtifacts'
+
 describe('Deployment', () => {
   let mockPool
 
   beforeEach(() => {
     jest.clearAllMocks()
-    process.env.ACTIONS_RUNTIME_URL = 'http://my-url/'
     process.env.GITHUB_RUN_ID = '123'
-    process.env.ACTIONS_RUNTIME_TOKEN = 'a-token'
     process.env.GITHUB_REPOSITORY = 'actions/is-awesome'
     process.env.GITHUB_TOKEN = 'gha-token'
     process.env.GITHUB_SHA = '123abc'
     process.env.GITHUB_ACTOR = 'monalisa'
     process.env.GITHUB_ACTION = '__monalisa/octocat'
     process.env.GITHUB_ACTION_PATH = 'something'
+    // A valid actions token must have an 'scp' field whose value is a space-delimited list of strings
+    process.env.ACTIONS_RUNTIME_TOKEN =
+      'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY3AiOiJBY3Rpb25zLkV4YW1wbGVTY29wZSBBY3Rpb25zLlJlc3VsdHM6Y2U3ZjU0YzctNjFjNy00YWFlLTg4N2YtMzBkYTQ3NWY1ZjFhOmNhMzk1MDg1LTA0MGEtNTI2Yi0yY2U4LWJkYzg1ZjY5Mjc3NCJ9.l-VcBU1PeNk_lWpOhjWehQlYyjCcY2dp_EMt7Rf06io'
+    process.env.ACTIONS_RESULTS_URL = 'https://actions-results-url.biz'
 
     jest.spyOn(core, 'getInput').mockImplementation(param => {
       switch (param) {
@@ -52,7 +56,7 @@ describe('Deployment', () => {
     jest.spyOn(core, 'debug').mockImplementation(jest.fn())
 
     // Set up Fetch mocking
-    const mockAgent = new MockAgent()
+    let mockAgent = new MockAgent()
     mockAgent.disableNetConnect()
     setGlobalDispatcher(mockAgent)
     mockPool = mockAgent.get('https://api.github.com')
@@ -67,14 +71,15 @@ describe('Deployment', () => {
     it('can successfully create a deployment', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -85,10 +90,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.pages_build_version === process.env.GITHUB_SHA &&
               body.oidc_token === fakeJwt
             )
@@ -113,21 +118,21 @@ describe('Deployment', () => {
       expect(core.info).toHaveBeenLastCalledWith(
         expect.stringMatching(new RegExp(`^Created deployment for ${process.env.GITHUB_SHA}`))
       )
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('can successfully create a preview deployment', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -138,11 +143,11 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 4 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
               keys[3] === 'preview' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.pages_build_version === process.env.GITHUB_SHA &&
               body.oidc_token === fakeJwt &&
               body.preview === true
@@ -172,32 +177,45 @@ describe('Deployment', () => {
       expect(core.info).toHaveBeenLastCalledWith(
         expect.stringMatching(new RegExp(`^Created deployment for ${process.env.GITHUB_SHA}`))
       )
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
-    it('reports errors with failed artifact exchange', async () => {
+    it('reports errors with failed artifact metadata exchange', async () => {
       process.env.GITHUB_SHA = 'invalid-build-version'
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(400, {})
+
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(400, { msg: 'yikes!' }, { 'content-type': 'application/json' })
 
       // Create the deployment
       const deployment = new Deployment()
-      await expect(deployment.create()).rejects.toEqual(
-        new Error(
-          `Failed to create deployment (status: 400) with build version ${process.env.GITHUB_SHA}. Responded with: Bad Request`
-        )
+      await expect(deployment.create()).rejects.toThrow(
+        `Failed to create deployment (status: 400) with build version ${process.env.GITHUB_SHA}.`
       )
-
-      artifactExchangeScope.done()
+      expect(core.error).toHaveBeenNthCalledWith(
+        1,
+        'Listing artifact metadata failed',
+        new Error('Failed to ListArtifacts: Received non-retryable error: Failed request: (400) null: yikes!')
+      )
+      expect(core.error).toHaveBeenNthCalledWith(
+        2,
+        'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages, or Actions? Please re-run the deployment at a later time.',
+        expect.any(Error)
+      )
+      twirpScope.done()
     })
 
     it('reports errors with a failed 500 in a deployment', async () => {
       process.env.GITHUB_SHA = 'build-version'
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, { value: [{ url: 'https://invalid-artifact.com', name: 'github-pages' }] })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -208,9 +226,9 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 2 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'pages_build_version' &&
-              body.artifact_url === 'https://invalid-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
           }
@@ -224,15 +242,20 @@ describe('Deployment', () => {
           `Failed to create deployment (status: 500) with build version ${process.env.GITHUB_SHA}. Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.`
         )
       )
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('reports errors with an unexpected 403 during deployment', async () => {
       process.env.GITHUB_SHA = 'build-version'
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, { value: [{ url: 'https://invalid-artifact.com', name: 'github-pages' }] })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -243,9 +266,9 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 2 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'pages_build_version' &&
-              body.artifact_url === 'https://invalid-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
           }
@@ -259,15 +282,20 @@ describe('Deployment', () => {
           `Failed to create deployment (status: 403) with build version ${process.env.GITHUB_SHA}. Ensure GITHUB_TOKEN has permission "pages: write".`
         )
       )
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('reports errors with an unexpected 404 during deployment', async () => {
       process.env.GITHUB_SHA = 'build-version'
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, { value: [{ url: 'https://invalid-artifact.com', name: 'github-pages' }] })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -278,9 +306,9 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 2 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'pages_build_version' &&
-              body.artifact_url === 'https://invalid-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
           }
@@ -294,15 +322,20 @@ describe('Deployment', () => {
           `Failed to create deployment (status: 404) with build version ${process.env.GITHUB_SHA}. Ensure GitHub Pages has been enabled: https://github.com/actions/is-awesome/settings/pages`
         )
       )
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('reports errors with failed deployments', async () => {
       process.env.GITHUB_SHA = 'invalid-build-version'
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, { value: [{ url: 'https://invalid-artifact.com', name: 'github-pages' }] })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -313,9 +346,9 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 2 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'pages_build_version' &&
-              body.artifact_url === 'https://invalid-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
           }
@@ -329,22 +362,90 @@ describe('Deployment', () => {
           `Failed to create deployment (status: 400) with build version ${process.env.GITHUB_SHA}. Responded with: Bad request`
         )
       )
+      twirpScope.done()
+    })
 
-      artifactExchangeScope.done()
+    it('fails if there are multiple artifacts with the same name', async () => {
+      process.env.GITHUB_SHA = 'valid-build-version'
+
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [
+              { databaseId: 13, name: 'github-pages', size: 1400 },
+              { databaseId: 14, name: 'github-pages', size: 1620 }
+            ]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
+
+      const deployment = new Deployment()
+      await expect(deployment.create(fakeJwt)).rejects.toThrow(
+        `Multiple artifacts named "github-pages" were unexpectedly found for this workflow run. Artifact count is 2.`
+      )
+      twirpScope.done()
+    })
+
+    it('fails if there are no artifacts found', async () => {
+      process.env.GITHUB_SHA = 'valid-build-version'
+
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: []
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
+
+      const deployment = new Deployment()
+      await expect(deployment.create(fakeJwt)).rejects.toThrow(
+        `No artifacts named "github-pages" were found for this workflow run. Ensure artifacts are uploaded with actions/upload-artifact@v4 or later.`
+      )
+      twirpScope.done()
+    })
+
+    it('fails with error message if list artifact endpoint returns 501', async () => {
+      process.env.GITHUB_SHA = 'valid-build-version'
+
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(501, { msg: 'oh no' }, { headers: { 'content-type': 'application/json' } })
+
+      const deployment = new Deployment()
+      await expect(deployment.create(fakeJwt)).rejects.toThrow(
+        `Failed to create deployment (status: 501) with build version ${process.env.GITHUB_SHA}. Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.`
+      )
+      expect(core.error).toHaveBeenNthCalledWith(
+        1,
+        'Listing artifact metadata failed',
+        new Error('Failed to ListArtifacts: Received non-retryable error: Failed request: (501) null: oh no')
+      )
+      expect(core.error).toHaveBeenNthCalledWith(
+        2,
+        'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages, or Actions? Please re-run the deployment at a later time.',
+        expect.any(Error)
+      )
+
+      twirpScope.done()
     })
 
     it('warns if the artifact size is bigger than maximum', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
       const artifactSize = ONE_GIGABYTE + 1
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://fake-artifact.com', name: 'github-pages', size: `${artifactSize}` },
-            { url: 'https://another-artifact.com', name: 'another-artifact' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 12, name: 'github-pages', size: artifactSize }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -355,10 +456,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 12 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -383,21 +484,21 @@ describe('Deployment', () => {
       expect(core.info).toHaveBeenLastCalledWith(
         expect.stringMatching(new RegExp(`^Created deployment for ${process.env.GITHUB_SHA}`))
       )
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('warns when the timeout is greater than the maximum allowed', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -408,10 +509,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -450,8 +551,7 @@ describe('Deployment', () => {
       expect(core.warning).toBeCalledWith(
         `Warning: timeout value is greater than the allowed maximum - timeout set to the maximum of ${MAX_TIMEOUT} milliseconds.`
       )
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
   })
 
@@ -459,14 +559,15 @@ describe('Deployment', () => {
     it('sets output to success when deployment is successful', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -477,10 +578,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -511,8 +612,7 @@ describe('Deployment', () => {
 
       expect(core.setOutput).toBeCalledWith('status', 'succeed')
       expect(core.info).toHaveBeenLastCalledWith('Reported success!')
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('fails check when no deployment is found', async () => {
@@ -525,14 +625,15 @@ describe('Deployment', () => {
     it('exits early when deployment is not in progress', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -543,10 +644,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -568,21 +669,21 @@ describe('Deployment', () => {
       deployment.deploymentInfo.pending = false
       await deployment.check()
       expect(core.setFailed).toBeCalledWith('Unable to get deployment status.')
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('enforces max timeout', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -593,10 +694,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -664,21 +765,21 @@ describe('Deployment', () => {
       expect(deployment.timeout).toEqual(MAX_TIMEOUT)
       expect(core.error).toBeCalledWith('Timeout reached, aborting!')
       expect(core.setFailed).toBeCalledWith('Timeout reached, aborting!')
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('sets timeout to user timeout if user timeout is less than max timeout', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -689,10 +790,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -749,21 +850,21 @@ describe('Deployment', () => {
       expect(deployment.timeout).toEqual(42)
       expect(core.error).toBeCalledWith('Timeout reached, aborting!')
       expect(core.setFailed).toBeCalledWith('Timeout reached, aborting!')
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('sets output to success when timeout is set but not reached', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -774,10 +875,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -835,8 +936,7 @@ describe('Deployment', () => {
       expect(core.error).not.toBeCalled()
       expect(core.setOutput).toBeCalledWith('status', 'succeed')
       expect(core.info).toHaveBeenLastCalledWith('Reported success!')
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
   })
 
@@ -844,14 +944,15 @@ describe('Deployment', () => {
     it('can successfully cancel a deployment', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -862,10 +963,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -897,8 +998,7 @@ describe('Deployment', () => {
       await deployment.cancel()
 
       expect(core.info).toHaveBeenLastCalledWith(`Canceled deployment with ID ${process.env.GITHUB_SHA}`)
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
 
     it('can exit if a pages deployment was not created and none need to be cancelled', async () => {
@@ -917,14 +1017,15 @@ describe('Deployment', () => {
     it('catches an error when trying to cancel a deployment', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      const artifactExchangeScope = nock(`http://my-url`)
-        .get('/_apis/pipelines/workflows/123/artifacts?api-version=6.0-preview')
-        .reply(200, {
-          value: [
-            { url: 'https://another-artifact.com', name: 'another-artifact' },
-            { url: 'https://fake-artifact.com', name: 'github-pages' }
-          ]
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(
+          200,
+          {
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
+          },
+          { headers: { 'content-type': 'application/json' } }
+        )
 
       mockPool
         .intercept({
@@ -935,10 +1036,10 @@ describe('Deployment', () => {
             const keys = Object.keys(body).sort()
             return (
               keys.length === 3 &&
-              keys[0] === 'artifact_url' &&
+              keys[0] === 'artifact_id' &&
               keys[1] === 'oidc_token' &&
               keys[2] === 'pages_build_version' &&
-              body.artifact_url === 'https://fake-artifact.com&%24expand=SignedContent' &&
+              body.artifact_id === 11 &&
               body.oidc_token === fakeJwt &&
               body.pages_build_version === process.env.GITHUB_SHA
             )
@@ -970,8 +1071,7 @@ describe('Deployment', () => {
       await deployment.cancel()
 
       expect(core.error).toHaveBeenCalledWith(`Canceling Pages deployment failed`, expect.anything())
-
-      artifactExchangeScope.done()
+      twirpScope.done()
     })
   })
 })

src/internal/api-client.js

@@ -1,119 +1,118 @@
 const core = require('@actions/core')
 const github = require('@actions/github')
-const hc = require('@actions/http-client')
+const { DefaultArtifactClient } = require('@actions/artifact')
 const { RequestError } = require('@octokit/request-error')
 const HttpStatusMessages = require('http-status-messages')
 
-// All variables we need from the runtime are loaded here
-const getContext = require('./context')
-
-async function processRuntimeResponse(res, requestOptions) {
-  // Parse the response body as JSON
-  let obj = null
-  try {
-    const contents = await res.readBody()
-    if (contents && contents.length > 0) {
-      obj = JSON.parse(contents)
-    }
-  } catch (error) {
-    // Invalid resource (contents not json); leaving resulting obj as null
-  }
-
+function wrapTwirpResponseLikeOctokit(twirpResponse, requestOptions) {
   // Specific response shape aligned with Octokit
   const response = {
-    url: res.message?.url || requestOptions.url,
-    status: res.message?.statusCode || 0,
+    url: requestOptions.url,
+    status: 200,
     headers: {
-      ...res.message?.headers
+      ...requestOptions.headers
     },
-    data: obj
+    data: twirpResponse
   }
-
-  // Forcibly throw errors for negative HTTP status codes!
-  // @actions/http-client doesn't do this by default.
-  // Mimic the errors thrown by Octokit for consistency.
-  if (response.status >= 400) {
-    // Try to get an error message from the response body
-    const errorMsg =
-      (typeof response.data === 'string' && response.data) ||
-      response.data?.error ||
-      response.data?.message ||
-      // Try the Node HTTP IncomingMessage's statusMessage property
-      res.message?.statusMessage ||
-      // Fallback to the HTTP status message based on the status code
-      HttpStatusMessages[response.status] ||
-      // Or if the status code is unexpected...
-      `Unknown error (${response.status})`
-
-    throw new RequestError(errorMsg, response.status, {
-      response,
-      request: requestOptions
-    })
-  }
-
   return response
 }
 
-async function getSignedArtifactMetadata({ runtimeToken, workflowRunId, artifactName }) {
-  const { runTimeUrl: RUNTIME_URL } = getContext()
-  const artifactExchangeUrl = `${RUNTIME_URL}_apis/pipelines/workflows/${workflowRunId}/artifacts?api-version=6.0-preview`
+// Mimic the errors thrown by Octokit for consistency.
+function wrapTwirpErrorLikeOctokit(twirpError, requestOptions) {
+  const rawErrorMsg = twirpError?.message || twirpError?.toString() || ''
+  const statusCodeMatch = rawErrorMsg.match(/Failed request: \((?<statusCode>\d+)\)/)
+  const statusCode = statusCodeMatch?.groups?.statusCode ?? 500
 
-  const httpClient = new hc.HttpClient()
-  let data = null
+  // Try to provide the best error message
+  const errorMsg =
+    rawErrorMsg ||
+    // Fallback to the HTTP status message based on the status code
+    HttpStatusMessages[statusCode] ||
+    // Or if the status code is unexpected...
+    `Unknown error (${statusCode})`
+
+  // RequestError is an Octokit-specific class
+  return new RequestError(errorMsg, statusCode, {
+    response: {
+      url: requestOptions.url,
+      status: statusCode,
+      headers: {
+        ...requestOptions.headers
+      },
+      data: rawErrorMsg ? { message: rawErrorMsg } : ''
+    },
+    request: requestOptions
+  })
+}
+
+function getArtifactsServiceOrigin() {
+  const resultsUrl = process.env.ACTIONS_RESULTS_URL
+  return resultsUrl ? new URL(resultsUrl).origin : ''
+}
+
+async function getArtifactMetadata({ artifactName }) {
+  const artifactClient = new DefaultArtifactClient()
+
+  // Primarily for debugging purposes, accuracy is not critical
+  const requestOptions = {
+    method: 'POST',
+    url: `${getArtifactsServiceOrigin()}/twirp/github.actions.results.api.v1.ArtifactService/ListArtifacts`,
+    headers: {
+      'content-type': 'application/json'
+    },
+    body: {}
+  }
 
   try {
-    const requestHeaders = {
-      accept: 'application/json',
-      authorization: `Bearer ${runtimeToken}`
-    }
-    const requestOptions = {
-      method: 'GET',
-      url: artifactExchangeUrl,
-      headers: {
-        ...requestHeaders
-      },
-      body: null
+    core.info(`Fetching artifact metadata for "${artifactName}" in this workflow run`)
+
+    let response
+    try {
+      const twirpResponse = await artifactClient.listArtifacts()
+      response = wrapTwirpResponseLikeOctokit(twirpResponse, requestOptions)
+    } catch (twirpError) {
+      core.error('Listing artifact metadata failed', twirpError)
+      const octokitError = wrapTwirpErrorLikeOctokit(twirpError, requestOptions)
+      throw octokitError
     }
 
-    core.info(`Artifact exchange URL: ${artifactExchangeUrl}`)
-    const res = await httpClient.get(artifactExchangeUrl, requestHeaders)
+    const filteredArtifacts = response.data.artifacts.filter(artifact => artifact.name === artifactName)
 
-    // May throw a RequestError (HttpError)
-    const response = await processRuntimeResponse(res, requestOptions)
+    const artifactCount = filteredArtifacts.length
+    core.debug(`List artifact count: ${artifactCount}`)
 
-    data = response.data
-    core.debug(JSON.stringify(data))
+    if (artifactCount === 0) {
+      throw new Error(
+        `No artifacts named "${artifactName}" were found for this workflow run. Ensure artifacts are uploaded with actions/upload-artifact@v4 or later.`
+      )
+    } else if (artifactCount > 1) {
+      throw new Error(
+        `Multiple artifacts named "${artifactName}" were unexpectedly found for this workflow run. Artifact count is ${artifactCount}.`
+      )
+    }
+
+    const artifact = filteredArtifacts[0]
+    core.debug(`Artifact: ${JSON.stringify(artifact)}`)
+
+    if (!artifact.size) {
+      core.warning('Artifact size was not found. Unable to verify if artifact size exceeds the allowed size.')
+    }
+
+    return artifact
   } catch (error) {
-    core.error('Getting signed artifact URL failed', error)
-    throw error
-  }
-
-  const artifact = data?.value?.find(artifact => artifact.name === artifactName)
-  const artifactRawUrl = artifact?.url
-  if (!artifactRawUrl) {
-    throw new Error(
-      'No uploaded artifact was found! Please check if there are any errors at build step, or uploaded artifact name is correct.'
+    core.error(
+      'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages, or Actions? Please re-run the deployment at a later time.',
+      error
     )
-  }
-
-  const signedArtifactUrl = `${artifactRawUrl}&%24expand=SignedContent`
-
-  const artifactSize = artifact?.size
-  if (!artifactSize) {
-    core.warning('Artifact size was not found. Unable to verify if artifact size exceeds the allowed size.')
-  }
-
-  return {
-    url: signedArtifactUrl,
-    size: artifactSize
+    throw error
   }
 }
 
-async function createPagesDeployment({ githubToken, artifactUrl, buildVersion, idToken, isPreview = false }) {
+async function createPagesDeployment({ githubToken, artifactId, buildVersion, idToken, isPreview = false }) {
   const octokit = github.getOctokit(githubToken)
 
   const payload = {
-    artifact_url: artifactUrl,
+    artifact_id: artifactId,
     pages_build_version: buildVersion,
     oidc_token: idToken
   }
@@ -173,7 +172,7 @@ async function cancelPagesDeployment({ githubToken, deploymentId }) {
 }
 
 module.exports = {
-  getSignedArtifactMetadata,
+  getArtifactMetadata,
   createPagesDeployment,
   getPagesDeploymentStatus,
   cancelPagesDeployment

src/internal/context.js

@@ -3,9 +3,7 @@ const core = require('@actions/core')
 // Load variables from Actions runtime
 function getRequiredVars() {
   return {
-    runTimeUrl: process.env.ACTIONS_RUNTIME_URL,
     workflowRun: process.env.GITHUB_RUN_ID,
-    runTimeToken: process.env.ACTIONS_RUNTIME_TOKEN,
     repositoryNwo: process.env.GITHUB_REPOSITORY,
     buildVersion: process.env.GITHUB_SHA,
     buildActor: process.env.GITHUB_ACTOR,

src/internal/deployment.js

@@ -3,7 +3,7 @@ const core = require('@actions/core')
 // All variables we need from the runtime are loaded here
 const getContext = require('./context')
 const {
-  getSignedArtifactMetadata,
+  getArtifactMetadata,
   createPagesDeployment,
   getPagesDeploymentStatus,
   cancelPagesDeployment
@@ -17,7 +17,6 @@ const temporaryErrorStatus = {
 
 const finalErrorStatus = {
   deployment_failed: 'Deployment failed, try again later.',
-  deployment_perms_error: 'Deployment failed. Please ensure that the file permissions are correct.',
   deployment_content_failed:
     'Artifact could not be deployed. Please ensure the content does not contain any hard links, symlinks and total size is less than 10GB.',
   deployment_cancelled: 'Deployment cancelled.',
@@ -31,9 +30,7 @@ const SIZE_LIMIT_DESCRIPTION = '1 GB'
 class Deployment {
   constructor() {
     const context = getContext()
-    this.runTimeUrl = context.runTimeUrl
     this.repositoryNwo = context.repositoryNwo
-    this.runTimeToken = context.runTimeToken
     this.buildVersion = context.buildVersion
     this.buildActor = context.buildActor
     this.actionsId = context.actionsId
@@ -48,8 +45,8 @@ class Deployment {
     this.startTime = null
   }
 
-  // Ask the runtime for the unsigned artifact URL and deploy to GitHub Pages
-  // by creating a deployment with that artifact
+  // Call GitHub api to fetch artifacts matching the provided name and deploy to GitHub Pages
+  // by creating a deployment with that artifact id
   async create(idToken) {
     if (Number(core.getInput('timeout')) > MAX_TIMEOUT) {
       core.warning(
@@ -65,11 +62,7 @@ class Deployment {
       core.debug(`Action ID: ${this.actionsId}`)
       core.debug(`Actions Workflow Run ID: ${this.workflowRun}`)
 
-      const artifactData = await getSignedArtifactMetadata({
-        runtimeToken: this.runTimeToken,
-        workflowRunId: this.workflowRun,
-        artifactName: this.artifactName
-      })
+      const artifactData = await getArtifactMetadata({ artifactName: this.artifactName })
 
       if (artifactData?.size > ONE_GIGABYTE) {
         core.warning(
@@ -79,7 +72,7 @@ class Deployment {
 
       const deployment = await createPagesDeployment({
         githubToken: this.githubToken,
-        artifactUrl: artifactData.url,
+        artifactId: artifactData.id,
         buildVersion: this.buildVersion,
         idToken,
         isPreview: this.isPreview
@@ -104,14 +97,17 @@ class Deployment {
 
       // build customized error message based on server response
       if (error.response) {
-        let errorMessage = `Failed to create deployment (status: ${error.status}) with build version ${this.buildVersion}. `
+        let errorMessage = `Failed to create deployment (status: ${error.status}) with build version ${this.buildVersion}.`
+        if (error.response.headers['x-github-request-id']) {
+          errorMessage += ` Request ID ${error.response.headers['x-github-request-id']}`
+        }
         if (error.status === 400) {
-          errorMessage += `Responded with: ${error.message}`
+          errorMessage += ` Responded with: ${error.message}`
         } else if (error.status === 403) {
-          errorMessage += 'Ensure GITHUB_TOKEN has permission "pages: write".'
+          errorMessage += ' Ensure GITHUB_TOKEN has permission "pages: write".'
         } else if (error.status === 404) {
           const pagesSettingsUrl = `${this.githubServerUrl}/${this.repositoryNwo}/settings/pages`
-          errorMessage += `Ensure GitHub Pages has been enabled: ${pagesSettingsUrl}`
+          errorMessage += ` Ensure GitHub Pages has been enabled: ${pagesSettingsUrl}`
           // If using GHES, add a special note about compatibility
           if (new URL(this.githubServerUrl).hostname.toLowerCase() !== 'github.com') {
             errorMessage +=
@@ -119,7 +115,7 @@ class Deployment {
           }
         } else if (error.status >= 500) {
           errorMessage +=
-            'Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.'
+            ' Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.'
         }
         throw new Error(errorMessage)
       } else {