Bump actions/upload-artifact from 5 to 6

[dependabot]

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #745
Resolves #744
Resolves actions/upload-artifact#719
Resolves actions/upload-artifact#744
Resolves actions/upload-artifact#745

[github-actions]

🤖 Claude Code Review

Pull Request Code Review

Executive Summary

This PR upgrades GitHub Actions actions/upload-artifact from v5 to v6 across three workflow files. This is a straightforward dependency update with minimal risk.

---

Detailed Review

Code Quality

✅ Code follows style guide: N/A - This PR only modifies GitHub Actions workflow YAML files, not Go code.

✅ No commented-out code: No commented-out code present.

✅ Meaningful variable names: N/A - No new variables introduced.

✅ DRY principle followed: The change is consistently applied across all three workflow files.

✅ Identify Defects: No bugs, logic errors, or security vulnerabilities identified. The upgrade from v5 to v6 of actions/upload-artifact is a standard dependency update. Note: v6 may have breaking changes in artifact naming/downloading behavior that should be verified if artifacts are downloaded elsewhere in the workflows.

✅ Project memory consideration: The .claude/CLAUDE.md file describes the project structure and doesn't contain environment-specific content. This workflow change doesn't conflict with project guidelines.

Testing

⚠️ Unit tests for new functions: N/A - No new functions added.

⚠️ Integration tests for new endpoints: N/A - No new endpoints.

⚠️ Edge cases covered: N/A - Workflow change only.

⚠️ Test coverage > 80%: N/A - This change doesn't affect test coverage.

Note: While automated tests aren't applicable here, this change should be validated by ensuring the updated workflows run successfully in CI/CD.

Documentation

✅ Readme updated if needed: Not needed - Internal workflow change doesn't affect user-facing functionality.

✅ API docs updated: Not needed - No API changes.

✅ Inline comments for complex logic: Not applicable - Workflow files are self-documenting.

❌ CHANGELOG.md updated: The CHANGELOG.md should be updated to document this dependency upgrade, even for CI/CD dependencies. This helps maintainers track infrastructure changes.

✅ Markdown formatting: N/A - No markdown files modified.

Security

✅ No hardcoded credentials: No credentials present.

✅ Input validation implemented: N/A - No new inputs.

✅ Proper error handling: The workflows include if: always() for test log uploads, which is good practice.

✅ No sensitive data in logs: No changes to logging behavior.

✅ No license files checked in: No .lic files or AQAAAD strings detected.

---

Recommendations

Required Changes

1. Update CHANGELOG.md - Add an entry documenting the upgrade:

   ### Changed
   - Upgraded GitHub Actions `actions/upload-artifact` from v5 to v6 in CI/CD workflows

Advisory Notes

1. Verify artifact compatibility: The actions/upload-artifact@v6 may have breaking changes in how artifacts are stored/retrieved. Ensure any downstream workflows that use actions/download-artifact are also updated to v6 if needed.

2. Monitor workflow execution: After merging, verify that all three workflows (Darwin, Linux, Windows) successfully upload coverage and test log artifacts.

---

Final Assessment

Status: ✅ Approve with minor documentation update

This is a clean, low-risk dependency upgrade that maintains consistency across all platform-specific test workflows. The only missing piece is a CHANGELOG.md entry to document the infrastructure change.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality ✅

• ✅ Code follows style guide: This is a GitHub Actions workflow update, not application code. The YAML formatting is consistent and follows GitHub Actions conventions.
• ✅ No commented-out code: No commented code present.
• ✅ Meaningful variable names: N/A - no new variables introduced.
• ✅ DRY principle followed: The change updates the same action version across multiple files consistently.
• ✅ Identify Defects: No bugs, logic errors, or security vulnerabilities identified. This is a straightforward dependency version bump from actions/upload-artifact@v5 to @v6.
• ✅ Project memory consideration: The change aligns with project practices - it's a maintenance update to CI/CD infrastructure.

Testing ⚠️

• ⚠️ Unit tests for new functions: N/A - This is a GitHub Actions workflow update, not application code changes.
• ⚠️ Integration tests for new endpoints: N/A
• ⚠️ Edge cases covered: N/A
• ⚠️ Test coverage > 80%: N/A - No code changes affecting coverage

Note: Testing checklist doesn't apply to workflow file updates. The workflows themselves test the application.

Documentation ✅

• ✅ Readme updated if needed: No README update needed - this is an internal workflow dependency update.
• ✅ API docs updated: N/A - No API changes.
• ✅ Inline comments for complex logic: N/A - Workflow files are self-documenting.
• ✅ CHANGELOG.md updated: This dependency update may not warrant a CHANGELOG entry as it's infrastructure-only, but should be confirmed based on project practices.
• ✅ Markdown formatting: No markdown files modified in this PR.

Security ✅

• ✅ No hardcoded credentials: No credentials present.
• ✅ Input validation implemented: N/A
• ✅ Proper error handling: N/A
• ✅ No sensitive data in logs: No changes to logging behavior.
• ✅ No license files or AQAAAD strings: No license files in diff.

---

Summary

Overall Assessment: ✅ APPROVED

This PR updates the actions/upload-artifact GitHub Action from v5 to v6 across three workflow files:

• .github/workflows/go-test-darwin.yaml (lines 71, 76)
• .github/workflows/go-test-linux.yaml (lines 70, 75)
• .github/workflows/go-test-windows.yaml (lines 66, 71)

Strengths:

• Consistent update across all platform test workflows
• Maintains security by using pinned major version
• No breaking changes expected (GitHub maintains backward compatibility in action major versions)

Recommendations:

1. Consider updating CHANGELOG.md if your project tracks CI/CD infrastructure changes
2. Monitor the first workflow runs after merge to confirm v6 compatibility
3. Consider using commit SHA pinning for enhanced security (e.g., actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 for v6.0.0) per GitHub security best practices

No blocking issues identified. This is a routine dependency update that improves the CI/CD pipeline.

Automated code review analyzing defects and coding standards