Merge pull request #297 from actions/bump-actions-artifact

Bump actions/artifact to 2.0.1

.github/workflows/check-dist.yml

@@ -46,7 +46,7 @@ jobs:
           fi
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/release.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
       - name: Update the ${{ env.TAG_NAME }} tag
         id: update-major-tag
-        uses: actions/publish-action@v0.2.2
+        uses: actions/publish-action@v0.3.0
         with:
           source-tag: ${{ env.TAG_NAME }}
           slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.node-version

@@ -1 +1 @@
-18.9.0
+20.10.0

README.md

@@ -6,11 +6,11 @@ This action is used to deploy [Actions artifacts][artifacts] to [GitHub Pages](h
 
 ## Usage
 
-See [action.yml](action.yml) for the various `inputs` this action supports.
+See [action.yml](action.yml) for the various `inputs` this action supports (or [below](#inputs-📥)).
 
 For examples that make use of this action, check out our [starter-workflows][starter-workflows] in a variety of frameworks.
 
-This action expects an artifact named `github-pages` to have been created prior to execution. This is done automatically when using [`actions/upload-pages-artifact`][upload-pages-artifact].
+This action deploys a Pages site previously uploaded as an artifact (e.g. using [`actions/upload-pages-artifact`][upload-pages-artifact]).
 
 We recommend this action to be used in a dedicated job:
 
@@ -41,7 +41,7 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v2 # or the latest "vX.X.X" version tag for this action
+        uses: actions/deploy-pages@v4 # or specific "vX.X.X" version tag for this action
 ```
 
 ### Inputs 📥
@@ -51,7 +51,7 @@ jobs:
 | `token` | `true` | `${{ github.token }}` | The GitHub token used to create an authenticated client - Provided for you by default! |
 | `timeout` | `false` | `"600000"` | Time in milliseconds after which to timeout and cancel the deployment (default: 10 minutes) |
 | `error_count` | `false` | `"10"` | Maximum number of status report errors before cancelling a deployment (default: 10) |
-| `reporting_interval` | `false` | `"5000"` | Time in milliseconds between two deployment status report (default: 5 seconds) |
+| `reporting_interval` | `false` | `"5000"` | Time in milliseconds between two deployment status reports (default: 5 seconds) |
 | `artifact_name` | `false` | `"github-pages"` | The name of the artifact to deploy |
 | `preview` | `false` | `"false"` | Is this attempting to deploy a pull request as a GitHub Pages preview site? (NOTE: This feature is only in alpha currently and is not available to the public!) |
 
@@ -71,7 +71,7 @@ jobs:
 
 There are a few important considerations to be aware of:
 
-1. The artifact being deployed must have been uploaded in a previous step, either in the same job or a separate job that doesn't execute until the upload is complete.
+1. The artifact being deployed must have been uploaded in a previous step, either in the same job or a separate job that doesn't execute until the upload is complete. See [`actions/upload-pages-artifact`][upload-pages-artifact] for more information about the format of the artifact we expect.
 
 2. The job that executes the deployment must at minimum have the following permissions:
    - `pages: write`
@@ -85,10 +85,13 @@ There are a few important considerations to be aware of:
 
 ## Compatibility
 
-This action is primarily design for use with GitHub.com's Actions workflows and Pages deployments. However, certain releases should also be compatible with GitHub Enterprise Server (GHES) `3.7` and above.
+This action is primarily designed for use with GitHub.com's Actions workflows and Pages deployments. However, certain releases should also be compatible with GitHub Enterprise Server (GHES) `3.7` and above.
 
 | Release | GHES Compatibility |
 |:---|:---|
+| [`v4`](https://github.com/actions/deploy-pages/releases/tag/v4) | :warning: Incompatible at this time |
+| [`v3`](https://github.com/actions/deploy-pages/releases/tag/v3) | `>= 3.9` |
+| `v3.x.x` | `>= 3.9` |
 | [`v2`](https://github.com/actions/deploy-pages/releases/tag/v2) | `>= 3.9` |
 | `v2.x.x` | `>= 3.9` |
 | [`v1`](https://github.com/actions/deploy-pages/releases/tag/v1) | `>= 3.7` |
@@ -105,7 +108,7 @@ In order to release a new version of this Action:
 
 2. Publish the draft release from the `main` branch with semantic version as the tag name, _with_ the checkbox to publish to the GitHub Marketplace checked. :ballot_box_with_check:
 
-3. After publishing the release, the [`release` workflow][release] will automatically run to create/update the corresponding the major version tag such as `v1`.
+3. After publishing the release, the [`release` workflow][release] will automatically run to create/update the corresponding major version tag such as `v1`.
 
    ⚠️ Environment approval is required. Check the [Release workflow run list][release-workflow-runs].
 

coverage_badge.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="116" height="20" role="img" aria-label="Coverage: 79.53%"><title>Coverage: 79.53%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#e05d44"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">79.53%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">79.53%</text></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="116" height="20" role="img" aria-label="Coverage: 81.13%"><title>Coverage: 81.13%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#dfb317"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">81.13%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">81.13%</text></g></svg>

package.json

@@ -4,21 +4,22 @@
   "description": "Deploy an actions artifact to GitHub Pages",
   "main": "./dist/index.js",
   "dependencies": {
-    "@actions/core": "^1.10.0",
+    "@actions/artifact": "^2.0.1",
-    "@actions/github": "^5.1.1",
+    "@actions/core": "^1.10.1",
-    "@actions/http-client": "^2.2.0",
+    "@actions/github": "^6.0.0",
     "@octokit/request-error": "^5.0.1",
     "http-status-messages": "^1.1.0"
   },
   "devDependencies": {
     "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.54.0",
+    "eslint": "^8.56.0",
-    "eslint-config-prettier": "^9.0.0",
+    "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-github": "^4.10.1",
     "jest": "^29.7.0",
-    "nock": "^13.3.8",
+    "make-coverage-badge": "^1.2.0",
+    "nock": "^13.4.0",
     "prettier": "^3.1.0",
-    "make-coverage-badge": "^1.2.0"
+    "undici": "^6.2.1"
   },
   "scripts": {
     "all": "npm run format && npm run lint && npm run prepare && npm run test && npm run coverage-badge",

src/__tests__/index.test.js

@@ -4,9 +4,7 @@ const path = require('path')
 
 describe('with all environment variables set', () => {
   beforeEach(() => {
-    process.env.ACTIONS_RUNTIME_URL = 'http://my-url'
     process.env.GITHUB_RUN_ID = '123'
-    process.env.ACTIONS_RUNTIME_TOKEN = 'a-token'
     process.env.GITHUB_REPOSITORY = 'actions/is-awesome'
     process.env.GITHUB_TOKEN = 'gha-token'
     process.env.GITHUB_SHA = '123abc'
@@ -26,7 +24,7 @@ describe('with all environment variables set', () => {
 
 describe('with variables missing', () => {
   it('execution fails if there are missing variables', done => {
-    delete process.env.ACTIONS_RUNTIME_URL
+    delete process.env.GITHUB_RUN_ID
     const ip = path.join(__dirname, '../index.js')
     cp.exec(`node ${ip}`, { env: process.env }, (err, stdout) => {
       expect(stdout).toBe('')

src/internal/api-client.js

@@ -1,119 +1,118 @@
 const core = require('@actions/core')
 const github = require('@actions/github')
-const hc = require('@actions/http-client')
+const { DefaultArtifactClient } = require('@actions/artifact')
 const { RequestError } = require('@octokit/request-error')
 const HttpStatusMessages = require('http-status-messages')
 
-// All variables we need from the runtime are loaded here
+function wrapTwirpResponseLikeOctokit(twirpResponse, requestOptions) {
-const getContext = require('./context')
-
-async function processRuntimeResponse(res, requestOptions) {
-  // Parse the response body as JSON
-  let obj = null
-  try {
-    const contents = await res.readBody()
-    if (contents && contents.length > 0) {
-      obj = JSON.parse(contents)
-    }
-  } catch (error) {
-    // Invalid resource (contents not json); leaving resulting obj as null
-  }
-
   // Specific response shape aligned with Octokit
   const response = {
-    url: res.message?.url || requestOptions.url,
+    url: requestOptions.url,
-    status: res.message?.statusCode || 0,
+    status: 200,
     headers: {
-      ...res.message?.headers
+      ...requestOptions.headers
     },
-    data: obj
+    data: twirpResponse
   }
-
-  // Forcibly throw errors for negative HTTP status codes!
-  // @actions/http-client doesn't do this by default.
-  // Mimic the errors thrown by Octokit for consistency.
-  if (response.status >= 400) {
-    // Try to get an error message from the response body
-    const errorMsg =
-      (typeof response.data === 'string' && response.data) ||
-      response.data?.error ||
-      response.data?.message ||
-      // Try the Node HTTP IncomingMessage's statusMessage property
-      res.message?.statusMessage ||
-      // Fallback to the HTTP status message based on the status code
-      HttpStatusMessages[response.status] ||
-      // Or if the status code is unexpected...
-      `Unknown error (${response.status})`
-
-    throw new RequestError(errorMsg, response.status, {
-      response,
-      request: requestOptions
-    })
-  }
-
   return response
 }
 
-async function getSignedArtifactMetadata({ runtimeToken, workflowRunId, artifactName }) {
+// Mimic the errors thrown by Octokit for consistency.
-  const { runTimeUrl: RUNTIME_URL } = getContext()
+function wrapTwirpErrorLikeOctokit(twirpError, requestOptions) {
-  const artifactExchangeUrl = `${RUNTIME_URL}_apis/pipelines/workflows/${workflowRunId}/artifacts?api-version=6.0-preview`
+  const rawErrorMsg = twirpError?.message || twirpError?.toString() || ''
+  const statusCodeMatch = rawErrorMsg.match(/Failed request: \((?<statusCode>\d+)\)/)
+  const statusCode = statusCodeMatch?.groups?.statusCode ?? 500
 
-  const httpClient = new hc.HttpClient()
+  // Try to provide the best error message
-  let data = null
+  const errorMsg =
+    rawErrorMsg ||
+    // Fallback to the HTTP status message based on the status code
+    HttpStatusMessages[statusCode] ||
+    // Or if the status code is unexpected...
+    `Unknown error (${statusCode})`
+
+  // RequestError is an Octokit-specific class
+  return new RequestError(errorMsg, statusCode, {
+    response: {
+      url: requestOptions.url,
+      status: statusCode,
+      headers: {
+        ...requestOptions.headers
+      },
+      data: rawErrorMsg ? { message: rawErrorMsg } : ''
+    },
+    request: requestOptions
+  })
+}
+
+function getArtifactsServiceOrigin() {
+  const resultsUrl = process.env.ACTIONS_RESULTS_URL
+  return resultsUrl ? new URL(resultsUrl).origin : ''
+}
+
+async function getArtifactMetadata({ artifactName }) {
+  const artifactClient = new DefaultArtifactClient()
+
+  // Primarily for debugging purposes, accuracy is not critical
+  const requestOptions = {
+    method: 'POST',
+    url: `${getArtifactsServiceOrigin()}/twirp/github.actions.results.api.v1.ArtifactService/ListArtifacts`,
+    headers: {
+      'content-type': 'application/json'
+    },
+    body: {}
+  }
 
   try {
-    const requestHeaders = {
+    core.info(`Fetching artifact metadata for "${artifactName}" in this workflow run`)
-      accept: 'application/json',
+
-      authorization: `Bearer ${runtimeToken}`
+    let response
-    }
+    try {
-    const requestOptions = {
+      const twirpResponse = await artifactClient.listArtifacts()
-      method: 'GET',
+      response = wrapTwirpResponseLikeOctokit(twirpResponse, requestOptions)
-      url: artifactExchangeUrl,
+    } catch (twirpError) {
-      headers: {
+      core.error('Listing artifact metadata failed', twirpError)
-        ...requestHeaders
+      const octokitError = wrapTwirpErrorLikeOctokit(twirpError, requestOptions)
-      },
+      throw octokitError
-      body: null
     }
 
-    core.info(`Artifact exchange URL: ${artifactExchangeUrl}`)
+    const filteredArtifacts = response.data.artifacts.filter(artifact => artifact.name === artifactName)
-    const res = await httpClient.get(artifactExchangeUrl, requestHeaders)
 
-    // May throw a RequestError (HttpError)
+    const artifactCount = filteredArtifacts.length
-    const response = await processRuntimeResponse(res, requestOptions)
+    core.debug(`List artifact count: ${artifactCount}`)
 
-    data = response.data
+    if (artifactCount === 0) {
-    core.debug(JSON.stringify(data))
+      throw new Error(
+        `No artifacts named "${artifactName}" were found for this workflow run. Ensure artifacts are uploaded with actions/artifact@v4 or later.`
+      )
+    } else if (artifactCount > 1) {
+      throw new Error(
+        `Multiple artifacts named "${artifactName}" were unexpectedly found for this workflow run. Artifact count is ${artifactCount}.`
+      )
+    }
+
+    const artifact = filteredArtifacts[0]
+    core.debug(`Artifact: ${JSON.stringify(artifact)}`)
+
+    if (!artifact.size) {
+      core.warning('Artifact size was not found. Unable to verify if artifact size exceeds the allowed size.')
+    }
+
+    return artifact
   } catch (error) {
-    core.error('Getting signed artifact URL failed', error)
+    core.error(
-    throw error
+      'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages, or Actions? Please re-run the deployment at a later time.',
-  }
+      error
-
-  const artifact = data?.value?.find(artifact => artifact.name === artifactName)
-  const artifactRawUrl = artifact?.url
-  if (!artifactRawUrl) {
-    throw new Error(
-      'No uploaded artifact was found! Please check if there are any errors at build step, or uploaded artifact name is correct.'
     )
-  }
+    throw error
-
-  const signedArtifactUrl = `${artifactRawUrl}&%24expand=SignedContent`
-
-  const artifactSize = artifact?.size
-  if (!artifactSize) {
-    core.warning('Artifact size was not found. Unable to verify if artifact size exceeds the allowed size.')
-  }
-
-  return {
-    url: signedArtifactUrl,
-    size: artifactSize
   }
 }
 
-async function createPagesDeployment({ githubToken, artifactUrl, buildVersion, idToken, isPreview = false }) {
+async function createPagesDeployment({ githubToken, artifactId, buildVersion, idToken, isPreview = false }) {
   const octokit = github.getOctokit(githubToken)
 
   const payload = {
-    artifact_url: artifactUrl,
+    artifact_id: artifactId,
     pages_build_version: buildVersion,
     oidc_token: idToken
   }
@@ -173,7 +172,7 @@ async function cancelPagesDeployment({ githubToken, deploymentId }) {
 }
 
 module.exports = {
-  getSignedArtifactMetadata,
+  getArtifactMetadata,
   createPagesDeployment,
   getPagesDeploymentStatus,
   cancelPagesDeployment

src/internal/context.js

@@ -3,9 +3,7 @@ const core = require('@actions/core')
 // Load variables from Actions runtime
 function getRequiredVars() {
   return {
-    runTimeUrl: process.env.ACTIONS_RUNTIME_URL,
     workflowRun: process.env.GITHUB_RUN_ID,
-    runTimeToken: process.env.ACTIONS_RUNTIME_TOKEN,
     repositoryNwo: process.env.GITHUB_REPOSITORY,
     buildVersion: process.env.GITHUB_SHA,
     buildActor: process.env.GITHUB_ACTOR,

src/internal/deployment.js

@@ -3,7 +3,7 @@ const core = require('@actions/core')
 // All variables we need from the runtime are loaded here
 const getContext = require('./context')
 const {
-  getSignedArtifactMetadata,
+  getArtifactMetadata,
   createPagesDeployment,
   getPagesDeploymentStatus,
   cancelPagesDeployment
@@ -31,9 +31,7 @@ const SIZE_LIMIT_DESCRIPTION = '1 GB'
 class Deployment {
   constructor() {
     const context = getContext()
-    this.runTimeUrl = context.runTimeUrl
     this.repositoryNwo = context.repositoryNwo
-    this.runTimeToken = context.runTimeToken
     this.buildVersion = context.buildVersion
     this.buildActor = context.buildActor
     this.actionsId = context.actionsId
@@ -48,8 +46,8 @@ class Deployment {
     this.startTime = null
   }
 
-  // Ask the runtime for the unsigned artifact URL and deploy to GitHub Pages
+  // Call GitHub api to fetch artifacts matching the provided name and deploy to GitHub Pages
-  // by creating a deployment with that artifact
+  // by creating a deployment with that artifact id
   async create(idToken) {
     if (Number(core.getInput('timeout')) > MAX_TIMEOUT) {
       core.warning(
@@ -65,11 +63,7 @@ class Deployment {
       core.debug(`Action ID: ${this.actionsId}`)
       core.debug(`Actions Workflow Run ID: ${this.workflowRun}`)
 
-      const artifactData = await getSignedArtifactMetadata({
+      const artifactData = await getArtifactMetadata({ artifactName: this.artifactName })
-        runtimeToken: this.runTimeToken,
-        workflowRunId: this.workflowRun,
-        artifactName: this.artifactName
-      })
 
       if (artifactData?.size > ONE_GIGABYTE) {
         core.warning(
@@ -79,7 +73,7 @@ class Deployment {
 
       const deployment = await createPagesDeployment({
         githubToken: this.githubToken,
-        artifactUrl: artifactData.url,
+        artifactId: artifactData.id,
         buildVersion: this.buildVersion,
         idToken,
         isPreview: this.isPreview
@@ -104,14 +98,14 @@ class Deployment {
 
       // build customized error message based on server response
       if (error.response) {
-        let errorMessage = `Failed to create deployment (status: ${error.status}) with build version ${this.buildVersion}. `
+        let errorMessage = `Failed to create deployment (status: ${error.status}) with build version ${this.buildVersion}.`
         if (error.status === 400) {
-          errorMessage += `Responded with: ${error.message}`
+          errorMessage += ` Responded with: ${error.message}`
         } else if (error.status === 403) {
-          errorMessage += 'Ensure GITHUB_TOKEN has permission "pages: write".'
+          errorMessage += ' Ensure GITHUB_TOKEN has permission "pages: write".'
         } else if (error.status === 404) {
           const pagesSettingsUrl = `${this.githubServerUrl}/${this.repositoryNwo}/settings/pages`
-          errorMessage += `Ensure GitHub Pages has been enabled: ${pagesSettingsUrl}`
+          errorMessage += ` Ensure GitHub Pages has been enabled: ${pagesSettingsUrl}`
           // If using GHES, add a special note about compatibility
           if (new URL(this.githubServerUrl).hostname.toLowerCase() !== 'github.com') {
             errorMessage +=
@@ -119,7 +113,7 @@ class Deployment {
           }
         } else if (error.status >= 500) {
           errorMessage +=
-            'Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.'
+            ' Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.'
         }
         throw new Error(errorMessage)
       } else {