Merge pull request #608 from actions/joshmgross/fix-include-hidden-files-input-node20

Ensure hidden files input is used

.licenses/npm/@actions/artifact.dep.yml

@@ -1,30 +1,20 @@
 ---
 name: "@actions/artifact"
-version: 1.1.1
+version: 1.1.2
 type: npm
-summary: 
+summary: Actions artifact lib
-homepage: 
+homepage: https://github.com/actions/toolkit/tree/main/packages/artifact
 license: mit
 licenses:
-- sources: Auto-generated MIT license text
+- sources: LICENSE.md
-  text: |
+  text: |-
-    MIT License
+    The MIT License (MIT)
 
-    Permission is hereby granted, free of charge, to any person obtaining a copy
+    Copyright 2019 GitHub
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
 
-    The above copyright notice and this permission notice shall be included in all
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-    copies or substantial portions of the Software.
 
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE.
 notices: []

.licenses/npm/@actions/http-client.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@actions/http-client"
-version: 1.0.11
+version: 2.0.1
 type: npm
 summary: Actions Http Client
-homepage: https://github.com/actions/http-client#readme
+homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@types/tmp.dep.yml

@@ -1,26 +0,0 @@
----
-name: "@types/tmp"
-version: 0.1.0
-type: npm
-summary: TypeScript definitions for tmp
-homepage: https://github.com/DefinitelyTyped/DefinitelyTyped#readme
-license: mit
-licenses:
-- sources: LICENSE
-  text: "    MIT License\r\n\r\n    Copyright (c) Microsoft Corporation. All rights
-    reserved.\r\n\r\n    Permission is hereby granted, free of charge, to any person
-    obtaining a copy\r\n    of this software and associated documentation files (the
-    \"Software\"), to deal\r\n    in the Software without restriction, including without
-    limitation the rights\r\n    to use, copy, modify, merge, publish, distribute,
-    sublicense, and/or sell\r\n    copies of the Software, and to permit persons to
-    whom the Software is\r\n    furnished to do so, subject to the following conditions:\r\n\r\n
-    \   The above copyright notice and this permission notice shall be included in
-    all\r\n    copies or substantial portions of the Software.\r\n\r\n    THE SOFTWARE
-    IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r\n    IMPLIED,
-    INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r\n    FITNESS
-    FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r\n    AUTHORS
-    OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r\n    LIABILITY,
-    WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r\n    OUT
-    OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\r\n
-    \   SOFTWARE\r\n"
-notices: []

.licenses/npm/glob.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: glob
-version: 7.1.6
+version: 7.2.3
 type: npm
 summary: a little globber
-homepage: https://github.com/isaacs/node-glob#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/minimatch.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: minimatch
-version: 3.0.4
+version: 3.1.2
 type: npm
 summary: a glob matcher in javascript
-homepage: https://github.com/isaacs/minimatch#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/rimraf.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: rimraf
-version: 2.6.3
+version: 3.0.2
 type: npm
 summary: A deep deletion module for node (like `rm -rf`)
-homepage: https://github.com/isaacs/rimraf#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/tmp-promise.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: tmp-promise
-version: 2.1.1
+version: 3.0.3
 type: npm
 summary: The tmp package with promises support and disposers.
-homepage: https://github.com/benjamingr/tmp-promise#readme
+homepage: 
 license: mit
 licenses:
 - sources: Auto-generated MIT license text

.licenses/npm/tmp.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: tmp
-version: 0.1.0
+version: 0.2.1
 type: npm
 summary: Temporary file and directory creator
 homepage: http://github.com/raszi/node-tmp

.licenses/npm/uuid.dep.yml

@@ -0,0 +1,20 @@
+---
+name: uuid
+version: 8.3.2
+type: npm
+summary: RFC4122 (v1, v4, and v5) UUIDs
+homepage: 
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2010-2020 Robert Kieffer and other contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

README.md

@@ -1,6 +1,4 @@
-# Upload-Artifact v4 beta
+# Upload-Artifact v3
-
-❗ Not publicly available. If you try to use this version then it will fail. Available only internally at GitHub while in development. Stay tuned for public announcements soon about broader availability❗
 
 This uploads artifacts from your workflow allowing you to share data between jobs and store data once a workflow is complete.
 
@@ -8,11 +6,19 @@ See also [download-artifact](https://github.com/actions/download-artifact).
 
 # What's new
 
-🚧 Under construction 🚧
+- Easier upload
+  - Specify a wildcard pattern
+  - Specify an individual file
+  - Specify a directory (previously you were limited to only this option)
+  - Multi path upload
+    - Use a combination of individual files, wildcards or directories
+    - Support for excluding certain files
+- Upload an artifact without providing a name
+- Fix for artifact uploads sometimes not working with containers
+- Proxy support out of the box
+- Port entire action to typescript from a runner plugin so it is easier to collaborate and accept contributions
 
-Big changes coming...
+Refer [here](https://github.com/actions/upload-artifact/tree/releases/v1) for the previous version
-
-Refer [here](https://github.com/actions/upload-artifact/tree/releases/v3) for the previous version
 
 # Usage
 
@@ -28,7 +34,7 @@ steps:
 
 - run: echo hello > path/to/artifact/world.txt
 
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/world.txt
@@ -37,7 +43,7 @@ steps:
 ### Upload an Entire Directory
 
 ```yaml
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/ # or path/to/artifact
@@ -46,7 +52,7 @@ steps:
 ### Upload using a Wildcard Pattern
 
 ```yaml
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/**/[abc]rtifac?/*
@@ -55,7 +61,7 @@ steps:
 ### Upload using Multiple Paths and Exclusions
 
 ```yaml
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: |
@@ -91,7 +97,7 @@ The [@actions/artifact](https://github.com/actions/toolkit/tree/main/packages/ar
 If a path (or paths), result in no files being found for the artifact, the action will succeed but print out a warning. In certain scenarios it may be desirable to fail the action or suppress the warning. The `if-no-files-found` option allows you to customize the behavior of the action if no files are found:
 
 ```yaml
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/
@@ -103,7 +109,7 @@ If a path (or paths), result in no files being found for the artifact, the actio
 To upload artifacts only when the previous step of a job failed, use [`if: failure()`](https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions#job-status-check-functions):
 
 ```yaml
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   if: failure()
   with:
     name: my-artifact
@@ -115,7 +121,7 @@ To upload artifacts only when the previous step of a job failed, use [`if: failu
 You can upload an artifact without specifying a name
 
 ```yaml
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   with:
     path: path/to/artifact/world.txt
 ```
@@ -124,21 +130,51 @@ If not provided, `artifact` will be used as the default name which will manifest
 
 ### Uploading to the same artifact
 
-Unlike earlier versions of `upload-artifact`, uploading to the same artifact via multiple jobs is _not_ supported with `v4`. 
+With the following example, the available artifact (named `artifact` by default if no name is provided) would contain both `world.txt` (`hello`) and `extra-file.txt` (`howdy`):
 
 ```yaml
 - run: echo hi > world.txt
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   with:
     path: world.txt
 
 - run: echo howdy > extra-file.txt
-- uses: actions/upload-artifact@v4-beta
+- uses: actions/upload-artifact@v3
   with:
     path: extra-file.txt
+
+- run: echo hello > world.txt
+- uses: actions/upload-artifact@v3
+  with:
+    path: world.txt
 ```
 
-Artifact names must be unique since each created artifact is idempotent so multiple jobs cannot modify the same artifact.
+Each artifact behaves as a file share. Uploading to the same artifact multiple times in the same workflow can overwrite and append already uploaded files:
+
+```yaml
+    strategy:
+      matrix:
+          node-version: [8.x, 10.x, 12.x, 13.x]
+    steps:
+        - name: Create a file
+          run: echo ${{ matrix.node-version }} > my_file.txt
+        - name: Accidentally upload to the same artifact via multiple jobs
+          uses: actions/upload-artifact@v3
+          with:
+              name: my-artifact
+              path: ${{ github.workspace }}
+```
+
+> **_Warning:_** Be careful when uploading to the same artifact via multiple jobs as artifacts may become corrupted. When uploading a file with an identical name and path in multiple jobs, uploads may fail with 503 errors due to conflicting uploads happening at the same time. Ensure uploads to identical locations to not interfere with each other.
+
+In the above example, four jobs will upload four different files to the same artifact but there will only be one file available when `my-artifact` is downloaded. Each job overwrites what was previously uploaded. To ensure that jobs don't overwrite existing artifacts, use a different name per job:
+
+```yaml
+          uses: actions/upload-artifact@v3
+          with:
+              name: my-artifact ${{ matrix.node-version }}
+              path: ${{ github.workspace }}
+```
 
 ### Environment Variables and Tilde Expansion
 
@@ -148,9 +184,9 @@ You can use `~` in the path input as a substitute for `$HOME`. Basic tilde expan
   - run: |
       mkdir -p ~/new/artifact
       echo hello > ~/new/artifact/world.txt
-  - uses: actions/upload-artifact@v4-beta
+  - uses: actions/upload-artifact@v3
     with:
-      name: Artifacts-V4-beta
+      name: Artifacts-V3
       path: ~/new/**/*
 ```
 
@@ -163,7 +199,7 @@ Environment variables along with context expressions can also be used for input.
     - run: |
         mkdir -p ${{ github.workspace }}/artifact
         echo hello > ${{ github.workspace }}/artifact/world.txt
-    - uses: actions/upload-artifact@v4-beta
+    - uses: actions/upload-artifact@v3
       with:
         name: ${{ env.name }}-name
         path: ${{ github.workspace }}/artifact/**/*
@@ -177,7 +213,7 @@ For environment variables created in other steps, make sure to use the `env` exp
         mkdir testing
         echo "This is a file to upload" > testing/file.txt
         echo "artifactPath=testing/file.txt" >> $GITHUB_ENV
-    - uses: actions/upload-artifact@v4-beta
+    - uses: actions/upload-artifact@v3
       with:
         name: artifact
         path: ${{ env.artifactPath }} # this will resolve to testing/file.txt at runtime
@@ -192,7 +228,7 @@ Artifacts are retained for 90 days by default. You can specify a shorter retenti
     run: echo "I won't live long" > my_file.txt
 
   - name: Upload Artifact
-    uses: actions/upload-artifact@v4-beta
+    uses: actions/upload-artifact@v3
     with:
       name: my-artifact
       path: my_file.txt
@@ -201,44 +237,27 @@ Artifacts are retained for 90 days by default. You can specify a shorter retenti
 
 The retention period must be between 1 and 90 inclusive. For more information see [artifact and log retention policies](https://docs.github.com/en/free-pro-team@latest/actions/reference/usage-limits-billing-and-administration#artifact-and-log-retention-policy).
 
-## Outputs
 
-If an artifact upload is successful then an `artifact-id` output is available. This ID is a unique identifier that can be used with [Artifact REST APIs](https://docs.github.com/en/rest/actions/artifacts).
+### Hidden Files 
 
-### Example output between steps
+By default, hidden files are ignored by this action to avoid unintentionally uploading sensitive information.
 
-```yml
+In versions of this action before v3.2.0, these hidden files were included by default.
-    - uses: actions/upload-artifact@v4-beta
-      id: artifact-upload-step
-      with:
-        name: my-artifact
-        path: path/to/artifact/content/
 
-    - name: Output artifact ID
+If you need to upload hidden files, you can use the `include-hidden-files` input.
-      run:  echo 'Artifact ID is ${{ steps.artifact-upload-step.outputs.artifact-id }}'
-```
 
-### Example output between jobs
+```yaml
-
-```yml
 jobs:
-  job1:
+  upload:
     runs-on: ubuntu-latest
-    outputs:
-      output1: ${{ steps.my-artifact.outputs.artifact-id }}
     steps:
-      - uses: actions/upload-artifact@v4-beta
+      - name: Create a Hidden File
-        id: artifact-upload-step
+        run: echo "hello from a hidden file" > .hidden-file.txt
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v3
         with:
-          name: my-artifact
+          path: .hidden-file.txt
-          path: path/to/artifact/content/
+          include-hidden-files: true
-  job2:
-    runs-on: ubuntu-latest
-    needs: job1
-    steps:
-      - env:
-          OUTPUT1: ${{needs.job1.outputs.output1}}
-        run: echo "Artifact ID from previous job is $OUTPUT1"
 ```
 
 ## Where does the upload go?
@@ -249,7 +268,42 @@ At the bottom of the workflow summary page, there is a dedicated section for art
 
 There is a trashcan icon that can be used to delete the artifact. This icon will only appear for users who have write permissions to the repository.
 
-The size of the artifact is denoted in bytes. The displayed artifact size denotes the size of the zip that `upload-artifact` creates during upload.
+The size of the artifact is denoted in bytes. The displayed artifact size denotes the raw uploaded artifact size (the sum of all the individual files uploaded during the workflow run for the artifact), not the compressed size. When you click to download an artifact from the summary page, a compressed zip is created with all the contents of the artifact and the size of the zip that you download may differ significantly from the displayed size. Billing is based on the raw uploaded size and not the size of the zip.
+
+# Limitations
+
+### Zipped Artifact Downloads
+
+During a workflow run, files are uploaded and downloaded individually using the `upload-artifact` and `download-artifact` actions. However, when a workflow run finishes and an artifact is downloaded from either the UI or through the [download api](https://developer.github.com/v3/actions/artifacts/#download-an-artifact), a zip is dynamically created with all the file contents that were uploaded. There is currently no way to download artifacts after a workflow run finishes in a format other than a zip or to download artifact contents individually. One of the consequences of this limitation is that if a zip is uploaded during a workflow run and then downloaded from the UI, there will be a double zip created.
+
+### Permission Loss
+
+:exclamation: File permissions are not maintained during artifact upload :exclamation: For example, if you make a file executable using `chmod` and then upload that file, post-download the file is no longer guaranteed to be set as an executable.
+
+### Case Insensitive Uploads
+
+:exclamation: File uploads are case insensitive :exclamation: If you upload `A.txt` and `a.txt` with the same root path, only a single file will be saved and available during download.
+
+### Maintaining file permissions and case sensitive files
+
+If file permissions and case sensitivity are required, you can `tar` all of your files together before artifact upload. Post download, the `tar` file will maintain file permissions and case sensitivity:
+
+```yaml
+  - name: Tar files
+    run: tar -cvf my_files.tar /path/to/my/directory
+
+  - name: Upload Artifact
+    uses: actions/upload-artifact@v3
+    with:
+      name: my-artifact
+      path: my_files.tar
+```
+
+### Too many uploads resulting in 429 responses
+
+A very minute subset of users who upload a very very large amount of artifacts in a short period of time may see their uploads throttled or fail because of `Request was blocked due to exceeding usage of resource 'DBCPU' in namespace` or `Unable to copy file to server StatusCode=TooManyRequests`.
+
+To reduce the chance of this happening, you can reduce the number of HTTP calls made during artifact upload by zipping or archiving the contents of your artifact before an upload starts. As an example, imagine an artifact with 1000 files (each 10 Kb in size). Without any modification, there would be around 1000 HTTP calls made to upload the artifact. If you zip or archive the artifact beforehand, the number of HTTP calls can be dropped to single digit territory. Measures like this will significantly speed up your upload and prevent uploads from being throttled or in some cases fail.
 
 ## Additional Documentation
 

__tests__/search.test.ts

@@ -61,6 +61,20 @@ const lonelyFilePath = path.join(
   'lonely-file.txt'
 )
 
+const hiddenFile = path.join(root, '.hidden-file.txt')
+const fileInHiddenFolderPath = path.join(
+  root,
+  '.hidden-folder',
+  'folder-in-hidden-folder',
+  'file.txt'
+)
+const fileInHiddenFolderInFolderA = path.join(
+  root,
+  'folder-a',
+  '.hidden-folder-in-folder-a',
+  'file.txt'
+)
+
 describe('Search', () => {
   beforeAll(async () => {
     // mock all output so that there is less noise when running tests
@@ -92,6 +106,13 @@ describe('Search', () => {
     await fs.mkdir(path.join(root, 'folder-h', 'folder-j', 'folder-k'), {
       recursive: true
     })
+    await fs.mkdir(
+      path.join(root, '.hidden-folder', 'folder-in-hidden-folder'),
+      {recursive: true}
+    )
+    await fs.mkdir(path.join(root, 'folder-a', '.hidden-folder-in-folder-a'), {
+      recursive: true
+    })
 
     await fs.writeFile(searchItem1Path, 'search item1 file')
     await fs.writeFile(searchItem2Path, 'search item2 file')
@@ -110,10 +131,19 @@ describe('Search', () => {
     await fs.writeFile(amazingFileInFolderHPath, 'amazing file')
 
     await fs.writeFile(lonelyFilePath, 'all by itself')
+
+    await fs.writeFile(hiddenFile, 'hidden file')
+    await fs.writeFile(fileInHiddenFolderPath, 'file in hidden directory')
+    await fs.writeFile(fileInHiddenFolderInFolderA, 'file in hidden directory')
     /*
       Directory structure of files that get created:
       root/
+          .hidden-folder/
+            folder-in-hidden-folder/
+              file.txt
           folder-a/
+              .hidden-folder-in-folder-a/
+                file.txt
               folder-b/
                   folder-c/
                       search-item1.txt
@@ -136,6 +166,7 @@ describe('Search', () => {
               folder-j/
                   folder-k/
                       lonely-file.txt
+          .hidden-file.txt
           search-item5.txt
     */
   })
@@ -352,4 +383,24 @@ describe('Search', () => {
     )
     expect(searchResult.filesToUpload.includes(lonelyFilePath)).toEqual(true)
   })
+
+  it('Hidden files ignored by default', async () => {
+    const searchPath = path.join(root, '**/*')
+    const searchResult = await findFilesToUpload(searchPath)
+
+    expect(searchResult.filesToUpload).not.toContain(hiddenFile)
+    expect(searchResult.filesToUpload).not.toContain(fileInHiddenFolderPath)
+    expect(searchResult.filesToUpload).not.toContain(
+      fileInHiddenFolderInFolderA
+    )
+  })
+
+  it('Hidden files included', async () => {
+    const searchPath = path.join(root, '**/*')
+    const searchResult = await findFilesToUpload(searchPath, true)
+
+    expect(searchResult.filesToUpload).toContain(hiddenFile)
+    expect(searchResult.filesToUpload).toContain(fileInHiddenFolderPath)
+    expect(searchResult.filesToUpload).toContain(fileInHiddenFolderInFolderA)
+  })
 })

action.yml

@@ -23,24 +23,11 @@ inputs:
 
       Minimum 1 day.
       Maximum 90 days unless changed from the repository settings page.
-  compression-level:
+  include-hidden-files:
     description: >
-      The level of compression for Zlib to be applied to the artifact archive.
+      If true, hidden files will be included in the uploaded artifact.
-      The value can range from 0 to 9:
+      If false, hidden files will be excluded from the uploaded artifact.
-      - 0: No compression
+    default: 'false'
-      - 1: Best speed
-      - 6: Default compression (same as GNU Gzip)
-      - 9: Best compression
-      Higher levels will result in better compression, but will take longer to complete.
-      For large files that are not easily compressed, a value of 0 is recommended for significantly faster uploads.
-    default: '6'
-
-outputs:
-  artifact-id:
-    description: >
-      A unique identifier for the artifact that was just uploaded. Empty if artifact upload failed.
-
-      This ID can be used as input to other APIs to download, delete or get more information about an artifact: https://docs.github.com/en/rest/actions/artifacts
 runs:
   using: 'node20'
   main: 'dist/index.js'

package-lock.json

@@ -9,9 +9,9 @@
       "version": "3.0.0",
       "license": "MIT",
       "dependencies": {
-        "@actions/artifact": "^1.1.1",
+        "@actions/artifact": "^1.1.2",
         "@actions/core": "^1.10.0",
-        "@actions/glob": "^0.3.0",
+        "@actions/glob": "^0.5.0",
         "@actions/io": "^1.1.2"
       },
       "devDependencies": {
@@ -32,9 +32,9 @@
       }
     },
     "node_modules/@actions/artifact": {
-      "version": "1.1.1",
+      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-1.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-1.1.2.tgz",
-      "integrity": "sha512-Vv4y0EW0ptEkU+Pjs5RGS/0EryTvI6s79LjSV9Gg/h+O3H/ddpjhuX/Bi/HZE4pbNPyjGtQjbdFWphkZhmgabA==",
+      "integrity": "sha512-1gLONA4xw3/Q/9vGxKwkFdV9u1LE2RWGx/IpAqg28ZjprCnJFjwn4pA7LtShqg5mg5WhMek2fjpyH1leCmOlQQ==",
       "dependencies": {
         "@actions/core": "^1.9.1",
         "@actions/http-client": "^2.0.1",
@@ -52,11 +52,11 @@
       }
     },
     "node_modules/@actions/glob": {
-      "version": "0.3.0",
+      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.5.0.tgz",
-      "integrity": "sha512-tJP1ZhF87fd6LBnaXWlahkyvdgvsLl7WnreW1EZaC8JWjpMXmzqWzQVe/IEYslrkT9ymibVrKyJN4UMD7uQM2w==",
+      "integrity": "sha512-tST2rjPvJLRZLuT9NMUtyBjvj9Yo0MiJS3ow004slMvm8GFM+Zv9HvMJ7HWzfUyJnGrJvDsYkWBaaG3YKXRtCw==",
       "dependencies": {
-        "@actions/core": "^1.2.6",
+        "@actions/core": "^1.9.1",
         "minimatch": "^3.0.4"
       }
     },
@@ -6148,9 +6148,9 @@
   },
   "dependencies": {
     "@actions/artifact": {
-      "version": "1.1.1",
+      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-1.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-1.1.2.tgz",
-      "integrity": "sha512-Vv4y0EW0ptEkU+Pjs5RGS/0EryTvI6s79LjSV9Gg/h+O3H/ddpjhuX/Bi/HZE4pbNPyjGtQjbdFWphkZhmgabA==",
+      "integrity": "sha512-1gLONA4xw3/Q/9vGxKwkFdV9u1LE2RWGx/IpAqg28ZjprCnJFjwn4pA7LtShqg5mg5WhMek2fjpyH1leCmOlQQ==",
       "requires": {
         "@actions/core": "^1.9.1",
         "@actions/http-client": "^2.0.1",
@@ -6168,11 +6168,11 @@
       }
     },
     "@actions/glob": {
-      "version": "0.3.0",
+      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.5.0.tgz",
-      "integrity": "sha512-tJP1ZhF87fd6LBnaXWlahkyvdgvsLl7WnreW1EZaC8JWjpMXmzqWzQVe/IEYslrkT9ymibVrKyJN4UMD7uQM2w==",
+      "integrity": "sha512-tST2rjPvJLRZLuT9NMUtyBjvj9Yo0MiJS3ow004slMvm8GFM+Zv9HvMJ7HWzfUyJnGrJvDsYkWBaaG3YKXRtCw==",
       "requires": {
-        "@actions/core": "^1.2.6",
+        "@actions/core": "^1.9.1",
         "minimatch": "^3.0.4"
       }
     },

package.json

@@ -5,7 +5,7 @@
   "main": "dist/index.js",
   "scripts": {
     "build": "tsc",
-    "release": "ncc build src/upload-artifact.ts && git add -f dist/index.js",
+    "release": "ncc build src/upload-artifact.ts && git add -f dist/",
     "check-all": "concurrently \"npm:format-check\" \"npm:lint\" \"npm:test\" \"npm:build\"",
     "format": "prettier --write **/*.ts",
     "format-check": "prettier --check **/*.ts",
@@ -29,9 +29,9 @@
   },
   "homepage": "https://github.com/actions/upload-artifact#readme",
   "dependencies": {
-    "@actions/artifact": "^2.0.0",
+    "@actions/artifact": "^1.1.2",
     "@actions/core": "^1.10.0",
-    "@actions/glob": "^0.3.0",
+    "@actions/glob": "^0.5.0",
     "@actions/io": "^1.1.2"
   },
   "devDependencies": {

src/constants.ts

@@ -4,7 +4,7 @@ export enum Inputs {
   Path = 'path',
   IfNoFilesFound = 'if-no-files-found',
   RetentionDays = 'retention-days',
-  CompressionLevel = 'compression-level'
+  IncludeHiddenFiles = 'include-hidden-files'
 }
 
 export enum NoFileOptions {

src/input-helper.ts

@@ -11,6 +11,7 @@ export function getInputs(): UploadInputs {
 
   const ifNoFilesFound = core.getInput(Inputs.IfNoFilesFound)
   const noFileBehavior: NoFileOptions = NoFileOptions[ifNoFilesFound]
+  const includeHiddenFiles = core.getBooleanInput(Inputs.IncludeHiddenFiles)
 
   if (!noFileBehavior) {
     core.setFailed(
@@ -25,7 +26,8 @@ export function getInputs(): UploadInputs {
   const inputs = {
     artifactName: name,
     searchPath: path,
-    ifNoFilesFound: noFileBehavior
+    ifNoFilesFound: noFileBehavior,
+    includeHiddenFiles
   } as UploadInputs
 
   const retentionDaysStr = core.getInput(Inputs.RetentionDays)
@@ -36,17 +38,5 @@ export function getInputs(): UploadInputs {
     }
   }
 
-  const compressionLevelStr = core.getInput(Inputs.CompressionLevel)
-  if (compressionLevelStr) {
-    inputs.compressionLevel = parseInt(compressionLevelStr)
-    if (isNaN(inputs.compressionLevel)) {
-      core.setFailed('Invalid compression-level')
-    }
-
-    if (inputs.compressionLevel < 0 || inputs.compressionLevel > 9) {
-      core.setFailed('Invalid compression-level. Valid values are 0-9')
-    }
-  }
-
   return inputs
 }

src/search.ts

@@ -11,11 +11,12 @@ export interface SearchResult {
   rootDirectory: string
 }
 
-function getDefaultGlobOptions(): glob.GlobOptions {
+function getDefaultGlobOptions(includeHiddenFiles: boolean): glob.GlobOptions {
   return {
     followSymbolicLinks: true,
     implicitDescendants: true,
-    omitBrokenSymbolicLinks: true
+    omitBrokenSymbolicLinks: true,
+    excludeHiddenFiles: !includeHiddenFiles
   }
 }
 
@@ -80,12 +81,12 @@ function getMultiPathLCA(searchPaths: string[]): string {
 
 export async function findFilesToUpload(
   searchPath: string,
-  globOptions?: glob.GlobOptions
+  includeHiddenFiles?: boolean
 ): Promise<SearchResult> {
   const searchResults: string[] = []
   const globber = await glob.create(
     searchPath,
-    globOptions || getDefaultGlobOptions()
+    getDefaultGlobOptions(includeHiddenFiles || false)
   )
   const rawSearchResults: string[] = await globber.glob()
 

src/upload-artifact.ts

@@ -1,7 +1,5 @@
-import * as core from '../node_modules/@actions/core/'
+import * as core from '@actions/core'
-import artifact, {
+import {create, UploadOptions} from '@actions/artifact'
-  UploadArtifactOptions
-} from '../node_modules/@actions/artifact/lib/artifact'
 import {findFilesToUpload} from './search'
 import {getInputs} from './input-helper'
 import {NoFileOptions} from './constants'
@@ -9,7 +7,10 @@ import {NoFileOptions} from './constants'
 async function run(): Promise<void> {
   try {
     const inputs = getInputs()
-    const searchResult = await findFilesToUpload(inputs.searchPath)
+    const searchResult = await findFilesToUpload(
+      inputs.searchPath,
+      inputs.includeHiddenFiles
+    )
     if (searchResult.filesToUpload.length === 0) {
       // No files were found, different use cases warrant different types of behavior if nothing is found
       switch (inputs.ifNoFilesFound) {
@@ -39,26 +40,36 @@ async function run(): Promise<void> {
       )
       core.debug(`Root artifact directory is ${searchResult.rootDirectory}`)
 
-      const options: UploadArtifactOptions = {}
+      if (searchResult.filesToUpload.length > 10000) {
+        core.warning(
+          `There are over 10,000 files in this artifact, consider creating an archive before upload to improve the upload performance.`
+        )
+      }
+
+      const artifactClient = create()
+      const options: UploadOptions = {
+        continueOnError: false
+      }
       if (inputs.retentionDays) {
         options.retentionDays = inputs.retentionDays
       }
 
-      if (typeof inputs.compressionLevel !== 'undefined') {
+      const uploadResponse = await artifactClient.uploadArtifact(
-        options.compressionLevel = inputs.compressionLevel
-      }
-
-      const uploadResponse = await artifact.uploadArtifact(
         inputs.artifactName,
         searchResult.filesToUpload,
         searchResult.rootDirectory,
         options
       )
 
-      core.info(
+      if (uploadResponse.failedItems.length > 0) {
-        `Artifact ${inputs.artifactName} has been successfully uploaded! Final size is ${uploadResponse.size} bytes. Artifact ID is ${uploadResponse.id}`
+        core.setFailed(
+          `An error was encountered when uploading ${uploadResponse.artifactName}. There were ${uploadResponse.failedItems.length} items that failed to upload.`
         )
-      core.setOutput('artifact-id', uploadResponse.id)
+      } else {
+        core.info(
+          `Artifact ${uploadResponse.artifactName} has been successfully uploaded!`
+        )
+      }
     }
   } catch (error) {
     core.setFailed((error as Error).message)

src/upload-inputs.ts

@@ -22,7 +22,7 @@ export interface UploadInputs {
   retentionDays: number
 
   /**
-   * The level of compression for Zlib to be applied to the artifact archive.
+   * Whether or not to include hidden files in the artifact
    */
-  compressionLevel?: number
+  includeHiddenFiles: boolean
 }