Skip to content

Bump actions/upload-artifact from 4 to 6 #1424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jtran merged 1 commit into from
Jan 18, 2026
Merged

Bump actions/upload-artifact from 4 to 6 #1424

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/make-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
tags:
- v*
permissions:
contents: write

Check failure on line 6 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

excessive-permissions 

make-release.yml:6: overly broad permissions: contents: write is overly broad at the workflow level
name: make-release
jobs:
makerelease:
Expand Down Expand Up @@ -39,17 +39,17 @@

cargo install toml-cli
- name: Cache cargo registry
uses: actions/cache@v4

Check failure on line 42 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:42: runtime artifacts potentially vulnerable to a cache poisoning attack: enables caching by default
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v4

Check failure on line 47 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:47: runtime artifacts potentially vulnerable to a cache poisoning attack: enables caching by default
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build
uses: actions/cache@v4

Check failure on line 52 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:52: runtime artifacts potentially vulnerable to a cache poisoning attack: enables caching by default
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
Expand All @@ -65,7 +65,7 @@
export VERSION=v$(toml get Cargo.toml package.version | jq -r .)
mkdir -p releases/$(basename $(pwd))
cp -r cross releases/$(basename $(pwd))/${VERSION}
cp cross/README.md cross/${{matrix.os}}-${{github.ref_name}}-README.md

Check failure on line 68 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:68: code injection via template expansion: may expand into attacker-controllable code
- name: 'upload binary files'
id: upload-files
uses: google-github-actions/[email protected]
Expand All @@ -74,13 +74,13 @@
destination: dl.kittycad.io
# Store the binary artifacts for retrival later.
- name: Upload artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v6
with:
name: release-${{ matrix.os }}-${{github.ref_name}}
path: ./cross
# Store the readme as an artifact so we can combine the two.
- name: Archive the README.md data
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v6
with:
name: ${{matrix.os}}-${{github.ref_name}}-README.md
path: ${{github.workspace}}/cross/${{matrix.os}}-${{github.ref_name}}-README.md
Expand Down Expand Up @@ -112,8 +112,8 @@
ls -la
echo 'These instructions are meant as an easy way to install. Note: you likely need to install `coreutils` in order to have the `sha256sum` command.' > release.md
echo "" >> release.md
cat macos-latest-${{github.ref_name}}-README.md \

Check failure on line 115 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:115: code injection via template expansion: may expand into attacker-controllable code
ubuntu-latest-${{github.ref_name}}-README.md \

Check failure on line 116 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:116: code injection via template expansion: may expand into attacker-controllable code
>> release.md
rm build/*-README.md
rm build/README.md
Expand Down
Loading