Bump the non-breaking-changes group across 1 directory with 5 updates

Bumps the non-breaking-changes group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact) | `2.1.8` | `2.1.11` |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.10.1` | `1.11.1` |
| [@vercel/ncc](https://github.com/vercel/ncc) | `0.38.1` | `0.38.2` |
| [nock](https://github.com/nock/nock) | `13.5.4` | `13.5.5` |
| [undici](https://github.com/nodejs/undici) | `6.19.2` | `6.20.1` |



Updates `@actions/artifact` from 2.1.8 to 2.1.11
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact)

Updates `@actions/core` from 1.10.1 to 1.11.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@vercel/ncc` from 0.38.1 to 0.38.2
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.1...0.38.2)

Updates `nock` from 13.5.4 to 13.5.5
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v13.5.4...v13.5.5)

Updates `undici` from 6.19.2 to 6.20.1
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.19.2...v6.20.1)

---
updated-dependencies:
- dependency-name: "@actions/artifact"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-breaking-changes
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: non-breaking-changes
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: non-breaking-changes
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: non-breaking-changes
- dependency-name: undici
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: non-breaking-changes
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/dependabot.yml

@@ -4,8 +4,14 @@ updates:
     directory: '/'
     schedule:
       interval: 'weekly'
+    groups:
+      non-breaking-changes:
+        update-types: [minor, patch]
 
   - package-ecosystem: 'npm'
     directory: '/'
     schedule:
       interval: 'weekly'
+    groups:
+      non-breaking-changes:
+        update-types: [minor, patch]

.github/release-drafter.yml

@@ -10,7 +10,7 @@ template: |
 
   See details of [all code changes](https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION) since previous release.
 
-  :warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the [compatibility table](https://github.com/$OWNER/$REPOSITORY/#compatibilty).
+  :warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the [compatibility table](https://github.com/$OWNER/$REPOSITORY/#compatibility).
 categories:
   - title: '🚀 Features'
     labels:

.github/workflows/check-dist.yml

@@ -46,7 +46,7 @@ jobs:
           fi
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/draft-release.yml

@@ -11,6 +11,6 @@ jobs:
   draft-release:
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0
+      - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish-immutable-actions.yml

@@ -0,0 +1,20 @@
+name: 'Publish Immutable Action Version'
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+
+    steps:
+      - name: Checking out
+        uses: actions/checkout@v4
+      - name: Publish
+        id: publish
+        uses: actions/publish-immutable-action@0.0.3

.github/workflows/rebuild-dependabot-prs.yml

@@ -45,7 +45,7 @@ jobs:
             git add dist/
             git config --local user.name "github-actions[bot]"
             git config --local user.email "github-actions[bot]@users.noreply.github.com"
-            git commit -m "Update distributables after Dependabot 🤖"
+            git commit -m "[dependabot skip] Update distributables after Dependabot 🤖"
             echo "Pushing branch ${{ github.ref_name }}"
             git push origin ${{ github.ref_name }}
           fi

.github/workflows/release.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
       - name: Update the ${{ env.TAG_NAME }} tag
         id: update-major-tag
-        uses: actions/publish-action@v0.2.2
+        uses: actions/publish-action@v0.3.0
         with:
           source-tag: ${{ env.TAG_NAME }}
           slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

README.md

@@ -41,7 +41,7 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v3 # or specific "vX.X.X" version tag for this action
+        uses: actions/deploy-pages@v4 # or specific "vX.X.X" version tag for this action
 ```
 
 ### Inputs 📥
@@ -83,12 +83,19 @@ There are a few important considerations to be aware of:
 
 5. If your Pages site is using GitHub Actions as the source, while not required we highly recommend you also [protect your environment][environment-protection] (we will configure it by default for you).
 
+## OIDC
+When we invoke a job using GitHub Actions the job requests an OIDC token from GitHub's OIDC provider which responds with a JSON web token (JWT). Each token is unique to each workflow job [learn more about OIDC tokens](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token).
+
+OIDC tokens are minted within the context of a single job, and are used to form a trust relationship which validates properties of the workflow run against a third-party (e.g. cloud providers such as AWS or Azure). In the context of GitHub Pages, this is most relevant to ensure a workflow respects branch protection settings. To do this, the OIDC token includes a claim about which branch/ref is executing the workflow. The token is passed to the pages deployment API as part of the request payload, where it's decoded internally to validate the claims and verify if that workflow is allowed to deploy to pages.
+A common question regarding OIDC tokens is the need to use both `pages:write` and `id-token:write`. The pages permission relates to the `GITHUB_TOKEN` by giving it the permissions to create pages deployments when calling the GitHub API. The id-token permission is necessary to request the OIDC JWT token. For more information on the id-token, check the docs on [adding permissions settings](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings).
+
 ## Compatibility
 
 This action is primarily designed for use with GitHub.com's Actions workflows and Pages deployments. However, certain releases should also be compatible with GitHub Enterprise Server (GHES) `3.7` and above.
 
 | Release | GHES Compatibility |
 |:---|:---|
+| [`v4`](https://github.com/actions/deploy-pages/releases/tag/v4) | :warning: Incompatible at this time |
 | [`v3`](https://github.com/actions/deploy-pages/releases/tag/v3) | `>= 3.9` |
 | `v3.x.x` | `>= 3.9` |
 | [`v2`](https://github.com/actions/deploy-pages/releases/tag/v2) | `>= 3.9` |

coverage_badge.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="116" height="20" role="img" aria-label="Coverage: 81.39%"><title>Coverage: 81.39%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#dfb317"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">81.39%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">81.39%</text></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="116" height="20" role="img" aria-label="Coverage: 80.84%"><title>Coverage: 80.84%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#dfb317"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">80.84%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">80.84%</text></g></svg>

package.json

@@ -4,19 +4,22 @@
   "description": "Deploy an actions artifact to GitHub Pages",
   "main": "./dist/index.js",
   "dependencies": {
-    "@actions/core": "^1.10.1",
-    "@actions/github": "^6.0.0"
+    "@actions/artifact": "^2.1.11",
+    "@actions/core": "^1.11.1",
+    "@actions/github": "^6.0.0",
+    "@octokit/request-error": "^5.0.1",
+    "http-status-messages": "^1.1.0"
   },
   "devDependencies": {
-    "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.55.0",
+    "@vercel/ncc": "^0.38.2",
+    "eslint": "^8.57.0",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-github": "^4.10.1",
+    "eslint-plugin-github": "^4.10.2",
     "jest": "^29.7.0",
     "make-coverage-badge": "^1.2.0",
-    "nock": "^13.4.0",
-    "prettier": "^3.1.0",
-    "undici": "^6.0.0"
+    "nock": "^13.5.5",
+    "prettier": "^3.3.3",
+    "undici": "^6.20.1"
   },
   "scripts": {
     "all": "npm run format && npm run lint && npm run prepare && npm run test && npm run coverage-badge",

src/__tests__/internal/deployment.test.js

@@ -1,4 +1,6 @@
 const core = require('@actions/core')
+// For mocking network calls with core http (http-client)
+const nock = require('nock')
 // For mocking network calls with native Fetch (octokit)
 const { MockAgent, setGlobalDispatcher } = require('undici')
 
@@ -7,6 +9,8 @@ const { Deployment, MAX_TIMEOUT, ONE_GIGABYTE, SIZE_LIMIT_DESCRIPTION } = requir
 const fakeJwt =
   'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiNjllMWIxOC1jOGFiLTRhZGQtOGYxOC03MzVlMzVjZGJhZjAiLCJzdWIiOiJyZXBvOnBhcGVyLXNwYS9taW55aTplbnZpcm9ubWVudDpQcm9kdWN0aW9uIiwiYXVkIjoiaHR0cHM6Ly9naXRodWIuY29tL3BhcGVyLXNwYSIsInJlZiI6InJlZnMvaGVhZHMvbWFpbiIsInNoYSI6ImEyODU1MWJmODdiZDk3NTFiMzdiMmM0YjM3M2MxZjU3NjFmYWM2MjYiLCJyZXBvc2l0b3J5IjoicGFwZXItc3BhL21pbnlpIiwicmVwb3NpdG9yeV9vd25lciI6InBhcGVyLXNwYSIsInJ1bl9pZCI6IjE1NDY0NTkzNjQiLCJydW5fbnVtYmVyIjoiMzQiLCJydW5fYXR0ZW1wdCI6IjIiLCJhY3RvciI6IllpTXlzdHkiLCJ3b3JrZmxvdyI6IkNJIiwiaGVhZF9yZWYiOiIiLCJiYXNlX3JlZiI6IiIsImV2ZW50X25hbWUiOiJwdXNoIiwicmVmX3R5cGUiOiJicmFuY2giLCJlbnZpcm9ubWVudCI6IlByb2R1Y3Rpb24iLCJqb2Jfd29ya2Zsb3dfcmVmIjoicGFwZXItc3BhL21pbnlpLy5naXRodWIvd29ya2Zsb3dzL2JsYW5rLnltbEByZWZzL2hlYWRzL21haW4iLCJpc3MiOiJodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwibmJmIjoxNjM4ODI4MDI4LCJleHAiOjE2Mzg4Mjg5MjgsImlhdCI6MTYzODgyODYyOH0.1wyupfxu1HGoTyIqatYg0hIxy2-0bMO-yVlmLSMuu2w'
 
+const LIST_ARTIFACTS_TWIRP_PATH = '/twirp/github.actions.results.api.v1.ArtifactService/ListArtifacts'
+
 describe('Deployment', () => {
   let mockPool
 
@@ -19,6 +23,10 @@ describe('Deployment', () => {
     process.env.GITHUB_ACTOR = 'monalisa'
     process.env.GITHUB_ACTION = '__monalisa/octocat'
     process.env.GITHUB_ACTION_PATH = 'something'
+    // A valid actions token must have an 'scp' field whose value is a space-delimited list of strings
+    process.env.ACTIONS_RUNTIME_TOKEN =
+      'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY3AiOiJBY3Rpb25zLkV4YW1wbGVTY29wZSBBY3Rpb25zLlJlc3VsdHM6Y2U3ZjU0YzctNjFjNy00YWFlLTg4N2YtMzBkYTQ3NWY1ZjFhOmNhMzk1MDg1LTA0MGEtNTI2Yi0yY2U4LWJkYzg1ZjY5Mjc3NCJ9.l-VcBU1PeNk_lWpOhjWehQlYyjCcY2dp_EMt7Rf06io'
+    process.env.ACTIONS_RESULTS_URL = 'https://actions-results-url.biz'
 
     jest.spyOn(core, 'getInput').mockImplementation(param => {
       switch (param) {
@@ -48,7 +56,7 @@ describe('Deployment', () => {
     jest.spyOn(core, 'debug').mockImplementation(jest.fn())
 
     // Set up Fetch mocking
-    const mockAgent = new MockAgent()
+    let mockAgent = new MockAgent()
     mockAgent.disableNetConnect()
     setGlobalDispatcher(mockAgent)
     mockPool = mockAgent.get('https://api.github.com')
@@ -63,16 +71,12 @@ describe('Deployment', () => {
     it('can successfully create a deployment', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -114,21 +118,18 @@ describe('Deployment', () => {
       expect(core.info).toHaveBeenLastCalledWith(
         expect.stringMatching(new RegExp(`^Created deployment for ${process.env.GITHUB_SHA}`))
       )
+      twirpScope.done()
     })
 
     it('can successfully create a preview deployment', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -176,39 +177,42 @@ describe('Deployment', () => {
       expect(core.info).toHaveBeenLastCalledWith(
         expect.stringMatching(new RegExp(`^Created deployment for ${process.env.GITHUB_SHA}`))
       )
+      twirpScope.done()
     })
 
     it('reports errors with failed artifact metadata exchange', async () => {
       process.env.GITHUB_SHA = 'invalid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
-        .reply(400, { message: 'Bad request' }, { headers: { 'content-type': 'application/json' } })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(400, { msg: 'yikes!' }, { 'content-type': 'application/json' })
 
       // Create the deployment
       const deployment = new Deployment()
-      await expect(deployment.create()).rejects.toEqual(
-        new Error(
-          `Failed to create deployment (status: 400) with build version ${process.env.GITHUB_SHA}. Responded with: Bad request`
+      await expect(deployment.create()).rejects.toThrow(
+        `Failed to create deployment (status: 400) with build version ${process.env.GITHUB_SHA}.`
       )
+      expect(core.error).toHaveBeenNthCalledWith(
+        1,
+        'Listing artifact metadata failed',
+        new Error('Failed to ListArtifacts: Received non-retryable error: Failed request: (400) null: yikes!')
       )
+      expect(core.error).toHaveBeenNthCalledWith(
+        2,
+        'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages, or Actions? Please re-run the deployment at a later time.',
+        expect.any(Error)
+      )
+      twirpScope.done()
     })
 
     it('reports errors with a failed 500 in a deployment', async () => {
       process.env.GITHUB_SHA = 'build-version'
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -238,20 +242,17 @@ describe('Deployment', () => {
           `Failed to create deployment (status: 500) with build version ${process.env.GITHUB_SHA}. Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.`
         )
       )
+      twirpScope.done()
     })
 
     it('reports errors with an unexpected 403 during deployment', async () => {
       process.env.GITHUB_SHA = 'build-version'
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -281,20 +282,17 @@ describe('Deployment', () => {
           `Failed to create deployment (status: 403) with build version ${process.env.GITHUB_SHA}. Ensure GITHUB_TOKEN has permission "pages: write".`
         )
       )
+      twirpScope.done()
     })
 
     it('reports errors with an unexpected 404 during deployment', async () => {
       process.env.GITHUB_SHA = 'build-version'
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -324,20 +322,17 @@ describe('Deployment', () => {
           `Failed to create deployment (status: 404) with build version ${process.env.GITHUB_SHA}. Ensure GitHub Pages has been enabled: https://github.com/actions/is-awesome/settings/pages`
         )
       )
+      twirpScope.done()
     })
 
     it('reports errors with failed deployments', async () => {
       process.env.GITHUB_SHA = 'invalid-build-version'
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -367,31 +362,20 @@ describe('Deployment', () => {
           `Failed to create deployment (status: 400) with build version ${process.env.GITHUB_SHA}. Responded with: Bad request`
         )
       )
+      twirpScope.done()
     })
 
     it('fails if there are multiple artifacts with the same name', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 2,
             artifacts: [
-              {
-                id: 13,
-                name: `github-pages`,
-                size_in_bytes: 1400
-              },
-              {
-                id: 14,
-                name: `github-pages`,
-                size_in_bytes: 1620
-              }
+              { databaseId: 13, name: 'github-pages', size: 1400 },
+              { databaseId: 14, name: 'github-pages', size: 1620 }
             ]
           },
           { headers: { 'content-type': 'application/json' } }
@@ -399,22 +383,19 @@ describe('Deployment', () => {
 
       const deployment = new Deployment()
       await expect(deployment.create(fakeJwt)).rejects.toThrow(
-        `Multiple artifact unexpectedly found for workflow run ${process.env.GITHUB_RUN_ID}. Artifact count is 2.`
+        `Multiple artifacts named "github-pages" were unexpectedly found for this workflow run. Artifact count is 2.`
       )
+      twirpScope.done()
     })
 
     it('fails if there are no artifacts found', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 0,
             artifacts: []
           },
           { headers: { 'content-type': 'application/json' } }
@@ -422,40 +403,46 @@ describe('Deployment', () => {
 
       const deployment = new Deployment()
       await expect(deployment.create(fakeJwt)).rejects.toThrow(
-        `No artifacts found for workflow run ${process.env.GITHUB_RUN_ID}. Ensure artifacts are uploaded with actions/artifact@v4 or later.`
+        `No artifacts named "github-pages" were found for this workflow run. Ensure artifacts are uploaded with actions/upload-artifact@v4 or later.`
       )
+      twirpScope.done()
     })
 
-    it('fails with error message if list artifact endpoint returns 500', async () => {
+    it('fails with error message if list artifact endpoint returns 501', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
-        .reply(500, { message: 'oh no' }, { headers: { 'content-type': 'application/json' } })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
+        .reply(501, { msg: 'oh no' }, { headers: { 'content-type': 'application/json' } })
 
       const deployment = new Deployment()
       await expect(deployment.create(fakeJwt)).rejects.toThrow(
-        `Failed to create deployment (status: 500) with build version valid-build-version. Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.`
+        `Failed to create deployment (status: 501) with build version ${process.env.GITHUB_SHA}. Server error, is githubstatus.com reporting a Pages outage? Please re-run the deployment at a later time.`
       )
+      expect(core.error).toHaveBeenNthCalledWith(
+        1,
+        'Listing artifact metadata failed',
+        new Error('Failed to ListArtifacts: Received non-retryable error: Failed request: (501) null: oh no')
+      )
+      expect(core.error).toHaveBeenNthCalledWith(
+        2,
+        'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages, or Actions? Please re-run the deployment at a later time.',
+        expect.any(Error)
+      )
+
+      twirpScope.done()
     })
 
     it('warns if the artifact size is bigger than maximum', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
       const artifactSize = ONE_GIGABYTE + 1
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 12, name: `github-pages`, size_in_bytes: artifactSize }]
+            artifacts: [{ databaseId: 12, name: 'github-pages', size: artifactSize }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -497,21 +484,18 @@ describe('Deployment', () => {
       expect(core.info).toHaveBeenLastCalledWith(
         expect.stringMatching(new RegExp(`^Created deployment for ${process.env.GITHUB_SHA}`))
       )
+      twirpScope.done()
     })
 
     it('warns when the timeout is greater than the maximum allowed', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -567,6 +551,7 @@ describe('Deployment', () => {
       expect(core.warning).toBeCalledWith(
         `Warning: timeout value is greater than the allowed maximum - timeout set to the maximum of ${MAX_TIMEOUT} milliseconds.`
       )
+      twirpScope.done()
     })
   })
 
@@ -574,16 +559,12 @@ describe('Deployment', () => {
     it('sets output to success when deployment is successful', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -631,6 +612,7 @@ describe('Deployment', () => {
 
       expect(core.setOutput).toBeCalledWith('status', 'succeed')
       expect(core.info).toHaveBeenLastCalledWith('Reported success!')
+      twirpScope.done()
     })
 
     it('fails check when no deployment is found', async () => {
@@ -643,16 +625,12 @@ describe('Deployment', () => {
     it('exits early when deployment is not in progress', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -691,21 +669,18 @@ describe('Deployment', () => {
       deployment.deploymentInfo.pending = false
       await deployment.check()
       expect(core.setFailed).toBeCalledWith('Unable to get deployment status.')
+      twirpScope.done()
     })
 
     it('enforces max timeout', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -790,21 +765,18 @@ describe('Deployment', () => {
       expect(deployment.timeout).toEqual(MAX_TIMEOUT)
       expect(core.error).toBeCalledWith('Timeout reached, aborting!')
       expect(core.setFailed).toBeCalledWith('Timeout reached, aborting!')
+      twirpScope.done()
     })
 
     it('sets timeout to user timeout if user timeout is less than max timeout', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -878,21 +850,18 @@ describe('Deployment', () => {
       expect(deployment.timeout).toEqual(42)
       expect(core.error).toBeCalledWith('Timeout reached, aborting!')
       expect(core.setFailed).toBeCalledWith('Timeout reached, aborting!')
+      twirpScope.done()
     })
 
     it('sets output to success when timeout is set but not reached', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -967,6 +936,7 @@ describe('Deployment', () => {
       expect(core.error).not.toBeCalled()
       expect(core.setOutput).toBeCalledWith('status', 'succeed')
       expect(core.info).toHaveBeenLastCalledWith('Reported success!')
+      twirpScope.done()
     })
   })
 
@@ -974,16 +944,12 @@ describe('Deployment', () => {
     it('can successfully cancel a deployment', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -1032,6 +998,7 @@ describe('Deployment', () => {
       await deployment.cancel()
 
       expect(core.info).toHaveBeenLastCalledWith(`Canceled deployment with ID ${process.env.GITHUB_SHA}`)
+      twirpScope.done()
     })
 
     it('can exit if a pages deployment was not created and none need to be cancelled', async () => {
@@ -1050,16 +1017,12 @@ describe('Deployment', () => {
     it('catches an error when trying to cancel a deployment', async () => {
       process.env.GITHUB_SHA = 'valid-build-version'
 
-      mockPool
-        .intercept({
-          path: `/repos/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}/artifacts?name=github-pages`,
-          method: 'GET'
-        })
+      const twirpScope = nock(process.env.ACTIONS_RESULTS_URL)
+        .post(LIST_ARTIFACTS_TWIRP_PATH)
         .reply(
           200,
           {
-            total_count: 1,
-            artifacts: [{ id: 11, name: `github-pages`, size_in_bytes: 221 }]
+            artifacts: [{ databaseId: 11, name: 'github-pages', size: 221 }]
           },
           { headers: { 'content-type': 'application/json' } }
         )
@@ -1108,6 +1071,7 @@ describe('Deployment', () => {
       await deployment.cancel()
 
       expect(core.error).toHaveBeenCalledWith(`Canceling Pages deployment failed`, expect.anything())
+      twirpScope.done()
     })
   })
 })

src/internal/api-client.js

@@ -1,50 +1,107 @@
 const core = require('@actions/core')
 const github = require('@actions/github')
+const { DefaultArtifactClient } = require('@actions/artifact')
+const { RequestError } = require('@octokit/request-error')
+const HttpStatusMessages = require('http-status-messages')
 
-async function getArtifactMetadata({ githubToken, runId, artifactName }) {
-  const octokit = github.getOctokit(githubToken)
+function wrapTwirpResponseLikeOctokit(twirpResponse, requestOptions) {
+  // Specific response shape aligned with Octokit
+  const response = {
+    url: requestOptions.url,
+    status: 200,
+    headers: {
+      ...requestOptions.headers
+    },
+    data: twirpResponse
+  }
+  return response
+}
+
+// Mimic the errors thrown by Octokit for consistency.
+function wrapTwirpErrorLikeOctokit(twirpError, requestOptions) {
+  const rawErrorMsg = twirpError?.message || twirpError?.toString() || ''
+  const statusCodeMatch = rawErrorMsg.match(/Failed request: \((?<statusCode>\d+)\)/)
+  const statusCode = statusCodeMatch?.groups?.statusCode ?? 500
+
+  // Try to provide the best error message
+  const errorMsg =
+    rawErrorMsg ||
+    // Fallback to the HTTP status message based on the status code
+    HttpStatusMessages[statusCode] ||
+    // Or if the status code is unexpected...
+    `Unknown error (${statusCode})`
+
+  // RequestError is an Octokit-specific class
+  return new RequestError(errorMsg, statusCode, {
+    response: {
+      url: requestOptions.url,
+      status: statusCode,
+      headers: {
+        ...requestOptions.headers
+      },
+      data: rawErrorMsg ? { message: rawErrorMsg } : ''
+    },
+    request: requestOptions
+  })
+}
+
+function getArtifactsServiceOrigin() {
+  const resultsUrl = process.env.ACTIONS_RESULTS_URL
+  return resultsUrl ? new URL(resultsUrl).origin : ''
+}
+
+async function getArtifactMetadata({ artifactName }) {
+  const artifactClient = new DefaultArtifactClient()
+
+  // Primarily for debugging purposes, accuracy is not critical
+  const requestOptions = {
+    method: 'POST',
+    url: `${getArtifactsServiceOrigin()}/twirp/github.actions.results.api.v1.ArtifactService/ListArtifacts`,
+    headers: {
+      'content-type': 'application/json'
+    },
+    body: {}
+  }
 
   try {
-    core.info(`Fetching artifact metadata for ${artifactName} in run ${runId}`)
+    core.info(`Fetching artifact metadata for "${artifactName}" in this workflow run`)
 
-    const response = await octokit.request(
-      'GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts?name={artifactName}',
-      {
-        owner: github.context.repo.owner,
-        repo: github.context.repo.repo,
-        run_id: runId,
-        artifactName: artifactName
+    let response
+    try {
+      const twirpResponse = await artifactClient.listArtifacts()
+      response = wrapTwirpResponseLikeOctokit(twirpResponse, requestOptions)
+    } catch (twirpError) {
+      core.error('Listing artifact metadata failed', twirpError)
+      const octokitError = wrapTwirpErrorLikeOctokit(twirpError, requestOptions)
+      throw octokitError
     }
-    )
 
-    const artifactCount = response.data.total_count
+    const filteredArtifacts = response.data.artifacts.filter(artifact => artifact.name === artifactName)
+
+    const artifactCount = filteredArtifacts.length
     core.debug(`List artifact count: ${artifactCount}`)
 
     if (artifactCount === 0) {
       throw new Error(
-        `No artifacts found for workflow run ${runId}. Ensure artifacts are uploaded with actions/artifact@v4 or later.`
+        `No artifacts named "${artifactName}" were found for this workflow run. Ensure artifacts are uploaded with actions/upload-artifact@v4 or later.`
       )
     } else if (artifactCount > 1) {
       throw new Error(
-        `Multiple artifact unexpectedly found for workflow run ${runId}. Artifact count is ${artifactCount}.`
+        `Multiple artifacts named "${artifactName}" were unexpectedly found for this workflow run. Artifact count is ${artifactCount}.`
       )
     }
 
-    const artifact = response.data.artifacts[0]
+    const artifact = filteredArtifacts[0]
     core.debug(`Artifact: ${JSON.stringify(artifact)}`)
 
-    const artifactSize = artifact.size_in_bytes
-    if (!artifactSize) {
+    if (!artifact.size) {
       core.warning('Artifact size was not found. Unable to verify if artifact size exceeds the allowed size.')
     }
 
-    return {
-      id: artifact.id,
-      size: artifactSize
-    }
+    return artifact
   } catch (error) {
     core.error(
-      'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages or Actions? Please re-run the deployment at a later time.',
+      'Fetching artifact metadata failed. Is githubstatus.com reporting issues with API requests, Pages, or Actions? Please re-run the deployment at a later time.',
       error
     )
     throw error

src/internal/deployment.js

@@ -17,7 +17,6 @@ const temporaryErrorStatus = {
 
 const finalErrorStatus = {
   deployment_failed: 'Deployment failed, try again later.',
-  deployment_perms_error: 'Deployment failed. Please ensure that the file permissions are correct.',
   deployment_content_failed:
     'Artifact could not be deployed. Please ensure the content does not contain any hard links, symlinks and total size is less than 10GB.',
   deployment_cancelled: 'Deployment cancelled.',
@@ -63,11 +62,7 @@ class Deployment {
       core.debug(`Action ID: ${this.actionsId}`)
       core.debug(`Actions Workflow Run ID: ${this.workflowRun}`)
 
-      const artifactData = await getArtifactMetadata({
-        githubToken: this.githubToken,
-        runId: this.workflowRun,
-        artifactName: this.artifactName
-      })
+      const artifactData = await getArtifactMetadata({ artifactName: this.artifactName })
 
       if (artifactData?.size > ONE_GIGABYTE) {
         core.warning(
@@ -103,6 +98,9 @@ class Deployment {
       // build customized error message based on server response
       if (error.response) {
         let errorMessage = `Failed to create deployment (status: ${error.status}) with build version ${this.buildVersion}.`
+        if (error.response.headers['x-github-request-id']) {
+          errorMessage += ` Request ID ${error.response.headers['x-github-request-id']}`
+        }
         if (error.status === 400) {
           errorMessage += ` Responded with: ${error.message}`
         } else if (error.status === 403) {