Bump actions/upload-artifact from 5 to 6

[dependabot]

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #745
Resolves #744
Resolves actions/upload-artifact#719
Resolves actions/upload-artifact#744
Resolves actions/upload-artifact#745

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates the actions/upload-artifact GitHub Action from v5 to v6 across three workflow files. This is a straightforward dependency update with no code changes.

---

Code Quality

✅ Code follows style guide - N/A for GitHub Actions workflow files. The YAML formatting is consistent and follows GitHub Actions conventions.

✅ No commented-out code - No commented code found.

✅ Meaningful variable names - N/A, no new variables introduced.

✅ DRY principle followed - The change is consistently applied across all three workflow files.

✅ Defects - No bugs, logic errors, or security vulnerabilities introduced. This is a simple version bump of a GitHub Actions action.

✅ Project memory configuration - No .claude/CLAUDE.md file exists in the repository to check against.

---

Testing

⚠️ Unit tests for new functions - N/A for workflow changes, but consider:

• The workflow changes should be tested by observing the next CI run
• Verify that artifact uploads still work correctly with v6

⚠️ Integration tests - N/A for GitHub Actions updates, but manual verification recommended.

✅ Edge cases covered - The if: always() condition is preserved for test log uploads, ensuring logs are captured even on failure.

⚠️ Test coverage > 80% - N/A for workflow files.

---

Documentation

⚠️ Readme updated if needed - No README update required for dependency bumps in CI workflows.

✅ API docs updated - N/A

✅ Inline comments for complex logic - N/A

❌ CHANGELOG.md updated - The CHANGELOG.md file should document this dependency update. Let me verify if it exists and check if it was updated.

✅ Markdown formatting - N/A, no markdown files modified.

---

Security

✅ No hardcoded credentials - No credentials present.

✅ Input validation implemented - N/A

✅ Proper error handling - The if: always() condition ensures error scenarios are handled for log uploads.

✅ No sensitive data in logs - No changes to logging behavior.

✅ No license files (.lic) or AQAAAD strings - Not present in this diff.

---

Detailed Findings

⚠️ Potential Issues

1. CHANGELOG.md not updated - This dependency update should be documented in the CHANGELOG.md file if one exists in the repository.

2. Breaking changes consideration - The upgrade from v5 to v6 of actions/upload-artifact includes breaking changes:

   • v6 uses a different backend storage mechanism
   • Artifacts are scoped to the workflow run (not shared across workflows)
   • Artifact names must be unique within a workflow run

   Specific concern: All three workflow files use the same artifact names (cover.out and test-log). If these workflows run in parallel as part of the same workflow run, there may be naming conflicts. Consider adding platform-specific prefixes:

   • .github/workflows/go-test-darwin.yaml:44 - Use darwin-cover.out instead of cover.out
   • .github/workflows/go-test-linux.yaml:45 - Use linux-cover.out instead of cover.out
   • .github/workflows/go-test-windows.yaml:43 - Use windows-cover.out instead of cover.out

---

Recommendation

Action Required:

• ✅ The code changes are correct
• ❌ Add CHANGELOG.md entry documenting the GitHub Actions dependency update
• ⚠️ Consider artifact naming - Verify that these workflows don't run in parallel within the same workflow run, or update artifact names to be platform-specific to avoid v6 naming conflicts

Overall Assessment: Approve with minor documentation update required.

Automated code review analyzing defects and coding standards