Bump actions/upload-artifact from 5 to 6

[dependabot]

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #745
Resolves #744
Resolves actions/upload-artifact#719
Resolves actions/upload-artifact#744
Resolves actions/upload-artifact#745

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates the actions/upload-artifact GitHub Action from v5 to v6 across three workflow files. This is a straightforward dependency update with no code logic changes.

---

Code Quality

✅ Code follows style guide

• Status: N/A - No actual code changes, only GitHub Actions version bumps
• Assessment: This is a workflow configuration update, not code

✅ No commented-out code

• Status: PASS
• Files reviewed:
  • .github/workflows/go-test-darwin.yaml
  • .github/workflows/go-test-linux.yaml
  • .github/workflows/go-test-windows.yaml
• Assessment: No commented-out code found

✅ Meaningful variable names

• Status: N/A - No variables changed

✅ DRY principle followed

• Status: PASS
• Assessment: The changes are consistently applied across all three platform workflows (darwin, linux, windows)

✅ Identify Defects

• Status: PASS
• Assessment: No bugs, logic errors, or security vulnerabilities introduced. This is a simple version bump of a trusted GitHub Action
• Note: The actions/upload-artifact@v6 action requires Node.js 20+ which is satisfied by modern GitHub runners

⚠️ Project memory configuration

• Status: N/A - No .claude/CLAUDE.md file found in the repository

---

Testing

⚠️ Unit tests for new functions

• Status: N/A - No new functions added

⚠️ Integration tests for new endpoints

• Status: N/A - No new endpoints added

⚠️ Edge cases covered

• Status: N/A - No new logic to test

⚠️ Test coverage > 80%

• Status: N/A - No code changes affecting coverage
• Note: The workflows themselves test coverage collection, but this change doesn't affect that

---

Documentation

⚠️ Readme updated if needed

• Status: N/A - This change doesn't require README updates

⚠️ API docs updated

• Status: N/A - No API changes

⚠️ Inline comments for complex logic

• Status: N/A - No complex logic added

❌ CHANGELOG.md updated

• Status: FAIL
• Assessment: No CHANGELOG.md update found for this dependency version bump
• Recommendation: Add an entry like:

  ### Changed
  - Updated `actions/upload-artifact` from v5 to v6 in CI workflows

✅ Markdown files follow CommonMark

• Status: PASS
• Assessment: No markdown files were modified in this PR

---

Security

✅ No hardcoded credentials

• Status: PASS
• Assessment: No credentials in the diff

✅ Input validation implemented

• Status: N/A - No input handling added

✅ Proper error handling

• Status: N/A - No error handling changes

✅ No sensitive data in logs

• Status: PASS
• Assessment: No new logging added

✅ No license files (.lic) or AQAAAD strings

• Status: PASS
• Assessment: No license files or suspicious strings detected

---

Overall Assessment

✅ APPROVED with minor recommendations

This is a clean, straightforward dependency update that:

• Consistently updates all three platform workflows
• Maintains backward compatibility
• Follows best practices for GitHub Actions maintenance
• Introduces no security concerns or defects

Recommendations:

1. CHANGELOG.md (Minor): Add an entry documenting this GitHub Actions version bump
2. Testing: Consider monitoring the first workflow runs after merge to ensure actions/upload-artifact@v6 behaves as expected (though this is low risk)

Migration Notes for v6:

The actions/upload-artifact@v6 action includes:

• Node.js 20 runtime (from Node.js 16 in v5)
• Improved performance and reliability
• No breaking changes affecting the syntax used in these workflows

No blocking issues found. This PR is safe to merge.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

❌ CHANGELOG.md updated: The CHANGELOG.md exists and follows a pattern of documenting dependency updates. The [Unreleased] section should be updated with this GitHub Actions dependency bump. It should contain an entry like "Update GitHub Actions upload-artifact from v5 to v6" under ### Changed in [Unreleased].

✅ Markdown formatting: The workflow YAML files are not markdown, so this criterion doesn't apply to the changes.

---

Security

✅ No hardcoded credentials: No credentials present in the diff.

✅ Input validation implemented: N/A - No new inputs to validate.

✅ Proper error handling: The existing error handling (via if: always() conditions) remains unchanged.

✅ No sensitive data in logs: No sensitive data being logged.

✅ No license files (.lic) or AQAAAD strings: No license files or suspicious strings in the diff.

---

Additional Observations

Positive Aspects:

1. Consistent updates: The same version bump is applied uniformly across all three platform-specific workflows (Darwin, Linux, Windows)
2. Safe dependency update: actions/upload-artifact@v6 is a legitimate GitHub Actions version upgrade
3. Maintains artifact naming: The artifact naming patterns remain consistent with matrix variables

Recommendations:

1. Update CHANGELOG.md (Required): Add an entry under the [Unreleased] section:

   ## [Unreleased]
   
   ### Changed in [Unreleased]
   
   - Update GitHub Actions upload-artifact from v5 to v6

   Location: /home/runner/work/check-self/check-self/CHANGELOG.md:10

2. Consider v6 breaking changes: Verify that the upload-artifact@v6 action doesn't introduce breaking changes regarding artifact retention, naming, or download behavior that might affect downstream workflows.

---

Final Verdict

Overall Assessment: ✅ APPROVED with minor documentation fix required

The code changes are clean, safe, and follow good practices. However, the CHANGELOG.md must be updated to document this dependency change, consistent with the project's established pattern of documenting updates.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

⚠️ No file changes detected - skipping code review.

This PR appears to contain only metadata changes (labels, description, etc.).