Merge pull request #609 from actions/joshmgross/fix-include-hidden-files-input-node16

Ensure hidden files input is used

.devcontainer/devcontainer.json

@@ -0,0 +1,6 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/typescript-node
+{
+	"name": "@actions/upload-artifact",
+	"image": "mcr.microsoft.com/devcontainers/typescript-node:0-16"
+}

.eslintrc.json

@@ -4,13 +4,10 @@
     "parserOptions": { "ecmaVersion": 9, "sourceType": "module" },
     "extends": [
       "eslint:recommended",
-      "plugin:@typescript-eslint/eslint-recommended",
-      "plugin:@typescript-eslint/recommended",
       "plugin:import/errors",
       "plugin:import/warnings",
       "plugin:import/typescript",
-      "plugin:prettier/recommended",
-      "prettier/@typescript-eslint"
+      "plugin:prettier/recommended"
     ],
     "rules": {
        "@typescript-eslint/no-empty-function": "off"

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -0,0 +1,63 @@
+name: "🐛 Bug report"
+description: Let us know about a bug!
+labels: ['bug']
+title: '[bug]'
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: What happened?
+      description: |
+        Please provide a clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem.
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: What did you expect to happen?
+    validations:
+      required: true
+
+  - type: textarea
+    id: repro
+    attributes:
+      label: How can we reproduce it?
+      description: |
+        Please be minimal and precise as possible. If your repo/run is public, please include a URL so it is easier for us to investigate.
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Anything else we need to know?
+
+  - type: input
+    id: version
+    attributes:
+      label: What version of the action are you using?
+      placeholder: vX.Y.Z
+      description: |
+        Please check the documentation first since different major versions can have different behaviors.
+    validations:
+      required: true
+
+  - type: dropdown
+    id: environment
+    attributes:
+      label: What are your runner environments?
+      multiple: true
+      options:
+        - self-hosted
+        - linux
+        - window
+        - macos
+    validations:
+      required: true
+
+  - type: input
+    id: ghes
+    attributes:
+      label: Are you on GitHub Enterprise Server? If so, what version?
+      placeholder: vX.Y

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,33 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: bug
-assignees: ''
-
----
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**Version**
-- [ ] V1
-- [ ] V2
-
-**Environment**
-- [ ] self-hosted
-- [ ] Linux
-- [ ] Windows
-- [ ] Mac
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Run/Repo Url**
-If applicable, and if your repo/run is public, please include a URL so it is easier for us to investigate.
-
-**How to reproduce**
-If applicable, add information on how to reproduce the problem.
-
-**Additional context**
-Add any other context about the problem here.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 🙋 Ask a question
+    url: https://github.community/c/code-to-cloud/52
+    about: Please ask and answer questions on GitHub Support Community.

.github/ISSUE_TEMPLATE/documentation-issues.yml

@@ -0,0 +1,28 @@
+name: "📚 Documentation issues"
+description: Make a suggestion to improve the documentation!
+labels: ['documentation']
+title: '[docs]'
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ❗ This is only for documentation updates for files in this repo, ie: `README.md`.
+
+        If you want to suggest changes for the [GitHub Docs](https://docs.github.com/), please [open an issue there](https://github.com/github/docs/issues/new/choose).
+  - type: textarea
+    id: affected
+    attributes:
+      label: What files would you like to change?
+      description: |
+        Please provide permalinks to the specified files and line numbers.
+    validations:
+      required: true
+
+  - type: textarea
+    id: suggested
+    attributes:
+      label: What are your suggested changes?
+      description: |
+        Give as much detail as you can to help us understand the changes you want to see.
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -0,0 +1,20 @@
+name: "🎁 Feature request"
+description: Suggest a new feature/enhancement!
+labels: ['enhancement']
+title: '[feat req]'
+body:
+  - type: textarea
+    id: feature
+    attributes:
+      label: What would you like to be added?
+      description: |
+        Please check existing issues to avoid making duplicates. Any duplicate issue will be closed immediately.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reasoning
+    attributes:
+      label: Why is this needed?
+    validations:
+      required: true

.github/workflows/check-dist.yml

@@ -20,19 +20,23 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
-      - name: Set Node.js 12.x
-        uses: actions/setup-node@v1
+      - name: Setup Node 16
+        uses: actions/setup-node@v3
         with:
-          node-version: 12.x
-
+          node-version: 16.x
+          cache: 'npm'
+  
       - name: Install dependencies
         run: npm ci
 
       - name: Move the committed index.js file
         run: mv dist/index.js /tmp
 
+      - name: Rebuild with tsc
+        run: npm run build
+
       - name: Rebuild the index.js file
         run: npm run release
 
@@ -41,7 +45,7 @@ jobs:
         id: diff
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: index.js

.github/workflows/codeql-analysis.yml

@@ -17,11 +17,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
@@ -29,7 +29,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -43,4 +43,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/release-new-action-version.yml

@@ -0,0 +1,28 @@
+name: Release new action version
+on:
+  release:
+    types: [released]
+  workflow_dispatch:
+    inputs:
+      TAG_NAME:
+        description: 'Tag name that the major tag will point to'
+        required: true
+
+env:
+  TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
+permissions:
+  contents: write
+
+jobs:
+  update_tag:
+    name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
+    environment:
+      name: releaseNewActionVersion
+    runs-on: ubuntu-latest
+    steps:
+    - name: Update the ${{ env.TAG_NAME }} tag
+      id: update-major-tag
+      uses: actions/publish-action@v0.2.1
+      with:
+        source-tag: ${{ env.TAG_NAME }}
+        slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/test.yml

@@ -23,12 +23,13 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
-    - name: Set Node.js 12.x
-      uses: actions/setup-node@v1
+    - name: Setup Node 16
+      uses: actions/setup-node@v3
       with:
-        node-version: 12.x
+        node-version: 16.x
+        cache: 'npm'
 
     - name: Install dependencies
       run: npm ci
@@ -36,21 +37,21 @@ jobs:
     - name: Compile
       run: npm run build
 
-    - name: npm test
-      run: npm test
-
     - name: Lint
       run: npm run lint
 
     - name: Format
       run: npm run format-check
 
+    - name: Test
+      run: npm run test
+
     # Test end-to-end by uploading two artifacts and then downloading them
     - name: Create artifact files
       run: |
         mkdir -p path/to/dir-1
         mkdir -p path/to/dir-2
-        mkdir -p path/to/dir-3    
+        mkdir -p path/to/dir-3
         echo "Lorem ipsum dolor sit amet" > path/to/dir-1/file1.txt
         echo "Hello world from file #2" > path/to/dir-2/file2.txt
         echo "This is a going to be a test for a large enough file that should get compressed with GZip. The @actions/artifact package uses GZip to upload files. This text should have a compression ratio greater than 100% so it should get uploaded using GZip" > path/to/dir-3/gzip.txt
@@ -85,11 +86,9 @@ jobs:
           path/to/dir-[23]/*
           !path/to/dir-3/*.txt
 
-    # Verify artifacts. Switch to download-artifact@v2 once it's out of preview
-
     # Download Artifact #1 and verify the correctness of the content
     - name: 'Download artifact #1'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v3
       with:
         name: 'Artifact-A'
         path: some/new/path
@@ -109,7 +108,7 @@ jobs:
 
     # Download Artifact #2 and verify the correctness of the content
     - name: 'Download artifact #2'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v3
       with:
         name: 'artifact'
         path: some/other/path
@@ -127,10 +126,10 @@ jobs:
             Write-Error "File contents of downloaded artifacts are incorrect"
         }
       shell: pwsh
-    
+
     # Download Artifact #3 and verify the correctness of the content
     - name: 'Download artifact #3'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v3
       with:
         name: 'GZip-Artifact'
         path: gzip/artifact/path
@@ -150,7 +149,7 @@ jobs:
       shell: pwsh
 
     - name: 'Download artifact #4'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v3
       with:
         name: 'Multi-Path-Artifact'
         path: multi/artifact

.licenses/npm/@actions/artifact.dep.yml

@@ -1,30 +1,20 @@
 ---
 name: "@actions/artifact"
-version: 0.5.2
+version: 1.1.2
 type: npm
-summary: 
-homepage: 
+summary: Actions artifact lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/artifact
 license: mit
 licenses:
-- sources: Auto-generated MIT license text
-  text: |
-    MIT License
+- sources: LICENSE.md
+  text: |-
+    The MIT License (MIT)
 
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
+    Copyright 2019 GitHub
 
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE.
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 1.2.6
+version: 1.10.0
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/glob.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/glob"
-version: 0.1.0
+version: 0.3.0
 type: npm
 summary: Actions glob lib
 homepage: https://github.com/actions/toolkit/tree/master/packages/glob

.licenses/npm/@actions/http-client.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@actions/http-client"
-version: 1.0.11
+version: 2.0.1
 type: npm
 summary: Actions Http Client
-homepage: https://github.com/actions/http-client#readme
+homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@actions/io.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/io"
-version: 1.0.2
+version: 1.1.2
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/master/packages/io

.licenses/npm/@types/tmp.dep.yml

@@ -1,26 +0,0 @@
----
-name: "@types/tmp"
-version: 0.1.0
-type: npm
-summary: TypeScript definitions for tmp
-homepage: https://github.com/DefinitelyTyped/DefinitelyTyped#readme
-license: mit
-licenses:
-- sources: LICENSE
-  text: "    MIT License\r\n\r\n    Copyright (c) Microsoft Corporation. All rights
-    reserved.\r\n\r\n    Permission is hereby granted, free of charge, to any person
-    obtaining a copy\r\n    of this software and associated documentation files (the
-    \"Software\"), to deal\r\n    in the Software without restriction, including without
-    limitation the rights\r\n    to use, copy, modify, merge, publish, distribute,
-    sublicense, and/or sell\r\n    copies of the Software, and to permit persons to
-    whom the Software is\r\n    furnished to do so, subject to the following conditions:\r\n\r\n
-    \   The above copyright notice and this permission notice shall be included in
-    all\r\n    copies or substantial portions of the Software.\r\n\r\n    THE SOFTWARE
-    IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r\n    IMPLIED,
-    INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r\n    FITNESS
-    FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r\n    AUTHORS
-    OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r\n    LIABILITY,
-    WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r\n    OUT
-    OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\r\n
-    \   SOFTWARE\r\n"
-notices: []

.licenses/npm/glob.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: glob
-version: 7.1.6
+version: 7.2.3
 type: npm
 summary: a little globber
-homepage: https://github.com/isaacs/node-glob#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/minimatch.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: minimatch
-version: 3.0.4
+version: 3.1.2
 type: npm
 summary: a glob matcher in javascript
-homepage: https://github.com/isaacs/minimatch#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/rimraf.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: rimraf
-version: 2.6.3
+version: 3.0.2
 type: npm
 summary: A deep deletion module for node (like `rm -rf`)
-homepage: https://github.com/isaacs/rimraf#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/tmp-promise.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: tmp-promise
-version: 2.1.1
+version: 3.0.3
 type: npm
 summary: The tmp package with promises support and disposers.
-homepage: https://github.com/benjamingr/tmp-promise#readme
+homepage: 
 license: mit
 licenses:
 - sources: Auto-generated MIT license text

.licenses/npm/tmp.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: tmp
-version: 0.1.0
+version: 0.2.1
 type: npm
 summary: Temporary file and directory creator
 homepage: http://github.com/raszi/node-tmp

.licenses/npm/uuid.dep.yml

@@ -0,0 +1,20 @@
+---
+name: uuid
+version: 8.3.2
+type: npm
+summary: RFC4122 (v1, v4, and v5) UUIDs
+homepage: 
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2010-2020 Robert Kieffer and other contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

README.md

@@ -1,4 +1,4 @@
-# Upload-Artifact v2
+# Upload-Artifact v3
 
 This uploads artifacts from your workflow allowing you to share data between jobs and store data once a workflow is complete.
 
@@ -6,7 +6,7 @@ See also [download-artifact](https://github.com/actions/download-artifact).
 
 # What's new
 
-- Easier upload 
+- Easier upload
   - Specify a wildcard pattern
   - Specify an individual file
   - Specify a directory (previously you were limited to only this option)
@@ -25,15 +25,16 @@ Refer [here](https://github.com/actions/upload-artifact/tree/releases/v1) for th
 See [action.yml](action.yml)
 
 ### Upload an Individual File
+
 ```yaml
 steps:
-- uses: actions/checkout@v2
+- uses: actions/checkout@v3
 
 - run: mkdir -p path/to/artifact
 
 - run: echo hello > path/to/artifact/world.txt
 
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/world.txt
@@ -42,23 +43,25 @@ steps:
 ### Upload an Entire Directory
 
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/ # or path/to/artifact
 ```
 
 ### Upload using a Wildcard Pattern
+
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/**/[abc]rtifac?/*
 ```
 
 ### Upload using Multiple Paths and Exclusions
+
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: |
@@ -69,19 +72,20 @@ steps:
 
 For supported wildcards along with behavior and documentation, see [@actions/glob](https://github.com/actions/toolkit/tree/main/packages/glob) which is used internally to search for files.
 
-If a wildcard pattern is used, the path hierarchy will be preserved after the first wildcard pattern. 
+If a wildcard pattern is used, the path hierarchy will be preserved after the first wildcard pattern:
 
 ```
-    path/to/*/directory/foo?.txt =>
-        ∟ path/to/some/directory/foo1.txt
-        ∟ path/to/some/directory/foo2.txt
-        ∟ path/to/other/directory/foo1.txt
+path/to/*/directory/foo?.txt =>
+    ∟ path/to/some/directory/foo1.txt
+    ∟ path/to/some/directory/foo2.txt
+    ∟ path/to/other/directory/foo1.txt
 
-    would be flattened and uploaded as =>
-        ∟ some/directory/foo1.txt
-        ∟ some/directory/foo2.txt
-        ∟ other/directory/foo1.txt
+would be flattened and uploaded as =>
+    ∟ some/directory/foo1.txt
+    ∟ some/directory/foo2.txt
+    ∟ other/directory/foo1.txt
 ```
+
 If multiple paths are provided as input, the least common ancestor of all the search paths will be used as the root directory of the artifact. Exclude paths do not affect the directory structure.
 
 Relative and absolute file paths are both allowed. Relative paths are rooted against the current working directory. Paths that begin with a wildcard character should be quoted to avoid being interpreted as YAML aliases.
@@ -90,14 +94,14 @@ The [@actions/artifact](https://github.com/actions/toolkit/tree/main/packages/ar
 
 ### Customization if no files are found
 
-If a path (or paths), result in no files being found for the artifact, the action will succeed but print out a warning. In certain scenarios it may be desirable to fail the action or suppress the warning. The `if-no-files-found` option allows you to customize the behavior of the action if no files are found.
+If a path (or paths), result in no files being found for the artifact, the action will succeed but print out a warning. In certain scenarios it may be desirable to fail the action or suppress the warning. The `if-no-files-found` option allows you to customize the behavior of the action if no files are found:
 
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/
-    if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn` 
+    if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
 ```
 
 ### Conditional Artifact Upload
@@ -105,7 +109,7 @@ If a path (or paths), result in no files being found for the artifact, the actio
 To upload artifacts only when the previous step of a job failed, use [`if: failure()`](https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions#job-status-check-functions):
 
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   if: failure()
   with:
     name: my-artifact
@@ -115,8 +119,9 @@ To upload artifacts only when the previous step of a job failed, use [`if: failu
 ### Uploading without an artifact name
 
 You can upload an artifact without specifying a name
+
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     path: path/to/artifact/world.txt
 ```
@@ -125,47 +130,47 @@ If not provided, `artifact` will be used as the default name which will manifest
 
 ### Uploading to the same artifact
 
-With the following example, the available artifact (named `artifact` by default if no name is provided) would contain both `world.txt` (`hello`) and `extra-file.txt` (`howdy`).
+With the following example, the available artifact (named `artifact` by default if no name is provided) would contain both `world.txt` (`hello`) and `extra-file.txt` (`howdy`):
 
 ```yaml
 - run: echo hi > world.txt
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     path: world.txt
 
 - run: echo howdy > extra-file.txt
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     path: extra-file.txt
 
 - run: echo hello > world.txt
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     path: world.txt
 ```
 
-> **_Warning:_**  Be careful when uploading to the same artifact via multiple jobs as artifacts may become corrupted 
-
-Each artifact behaves as a file share. Uploading to the same artifact multiple times in the same workflow can overwrite and append already uploaded files
+Each artifact behaves as a file share. Uploading to the same artifact multiple times in the same workflow can overwrite and append already uploaded files:
 
 ```yaml
     strategy:
       matrix:
           node-version: [8.x, 10.x, 12.x, 13.x]
     steps:
-        - name: 'Create a file'
+        - name: Create a file
           run: echo ${{ matrix.node-version }} > my_file.txt
-        - name: 'Accidently upload to the same artifact via multiple jobs'
-          uses: 'actions/upload-artifact@v2'
+        - name: Accidentally upload to the same artifact via multiple jobs
+          uses: actions/upload-artifact@v3
           with:
               name: my-artifact
               path: ${{ github.workspace }}
 ```
 
-In the above example, four jobs will upload four different files to the same artifact but there will only be one file available when `my-artifact` is downloaded. Each job overwrites what was previously uploaded. To ensure that jobs don't overwrite existing artifacts, use a different name per job.
+> **_Warning:_** Be careful when uploading to the same artifact via multiple jobs as artifacts may become corrupted. When uploading a file with an identical name and path in multiple jobs, uploads may fail with 503 errors due to conflicting uploads happening at the same time. Ensure uploads to identical locations to not interfere with each other.
+
+In the above example, four jobs will upload four different files to the same artifact but there will only be one file available when `my-artifact` is downloaded. Each job overwrites what was previously uploaded. To ensure that jobs don't overwrite existing artifacts, use a different name per job:
 
 ```yaml
-          uses: 'actions/upload-artifact@v2'
+          uses: actions/upload-artifact@v3
           with:
               name: my-artifact ${{ matrix.node-version }}
               path: ${{ github.workspace }}
@@ -173,52 +178,88 @@ In the above example, four jobs will upload four different files to the same art
 
 ### Environment Variables and Tilde Expansion
 
-You can use `~` in the path input as a substitute for `$HOME`. Basic tilde expansion is supported.
+You can use `~` in the path input as a substitute for `$HOME`. Basic tilde expansion is supported:
 
 ```yaml
-  - run: |	
+  - run: |
       mkdir -p ~/new/artifact
       echo hello > ~/new/artifact/world.txt
-  - uses: actions/upload-artifact@v2
-    with:	
-      name: 'Artifacts-V2'	
-      path: '~/new/**/*'
+  - uses: actions/upload-artifact@v3
+    with:
+      name: Artifacts-V3
+      path: ~/new/**/*
 ```
 
-Environment variables along with context expressions can also be used for input. For documentation see [context and expression syntax](https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions).
+Environment variables along with context expressions can also be used for input. For documentation see [context and expression syntax](https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions):
 
 ```yaml
     env:
       name: my-artifact
     steps:
-    - run: |	
+    - run: |
         mkdir -p ${{ github.workspace }}/artifact
         echo hello > ${{ github.workspace }}/artifact/world.txt
-    - uses: actions/upload-artifact@v2
-      with:	
-        name: ${{ env.name }}-name	
+    - uses: actions/upload-artifact@v3
+      with:
+        name: ${{ env.name }}-name
         path: ${{ github.workspace }}/artifact/**/*
 ```
 
+For environment variables created in other steps, make sure to use the `env` expression syntax
+
+```yaml
+    steps:
+    - run: | 
+        mkdir testing
+        echo "This is a file to upload" > testing/file.txt
+        echo "artifactPath=testing/file.txt" >> $GITHUB_ENV
+    - uses: actions/upload-artifact@v3
+      with:
+        name: artifact
+        path: ${{ env.artifactPath }} # this will resolve to testing/file.txt at runtime
+```
+
 ### Retention Period
 
 Artifacts are retained for 90 days by default. You can specify a shorter retention period using the `retention-days` input:
 
 ```yaml
-  - name: 'Create a file'
+  - name: Create a file
     run: echo "I won't live long" > my_file.txt
 
-  - name: 'Upload Artifact'
-    uses: actions/upload-artifact@v2
+  - name: Upload Artifact
+    uses: actions/upload-artifact@v3
     with:
       name: my-artifact
       path: my_file.txt
       retention-days: 5
-
 ```
 
 The retention period must be between 1 and 90 inclusive. For more information see [artifact and log retention policies](https://docs.github.com/en/free-pro-team@latest/actions/reference/usage-limits-billing-and-administration#artifact-and-log-retention-policy).
 
+
+### Hidden Files 
+
+By default, hidden files are ignored by this action to avoid unintentionally uploading sensitive information.
+
+In versions of this action before v3.2.0, these hidden files were included by default.
+
+If you need to upload hidden files, you can use the `include-hidden-files` input.
+
+```yaml
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create a Hidden File
+        run: echo "hello from a hidden file" > .hidden-file.txt
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          path: .hidden-file.txt
+          include-hidden-files: true
+```
+
 ## Where does the upload go?
 
 At the bottom of the workflow summary page, there is a dedicated section for artifacts. Here's a screenshot of something you might see:
@@ -233,7 +274,7 @@ The size of the artifact is denoted in bytes. The displayed artifact size denote
 
 ### Zipped Artifact Downloads
 
-During a workflow run, files are uploaded and downloaded individually using the `upload-artifact` and `download-artifact` actions. However, when a workflow run finishes and an artifact is downloaded from either the UI or through the [download api](https://developer.github.com/v3/actions/artifacts/#download-an-artifact), a zip is dynamically created with all the file contents that were uploaded. There is currently no way to download artifacts after a workflow run finishes in a format other than a zip or to download artifact contents individually. One of the consequences of this limitation is that if a zip is uploaded during a workflow run and then downloaded from the UI, there will be a double zip created. 
+During a workflow run, files are uploaded and downloaded individually using the `upload-artifact` and `download-artifact` actions. However, when a workflow run finishes and an artifact is downloaded from either the UI or through the [download api](https://developer.github.com/v3/actions/artifacts/#download-an-artifact), a zip is dynamically created with all the file contents that were uploaded. There is currently no way to download artifacts after a workflow run finishes in a format other than a zip or to download artifact contents individually. One of the consequences of this limitation is that if a zip is uploaded during a workflow run and then downloaded from the UI, there will be a double zip created.
 
 ### Permission Loss
 
@@ -245,18 +286,19 @@ During a workflow run, files are uploaded and downloaded individually using the
 
 ### Maintaining file permissions and case sensitive files
 
-If file permissions and case sensitivity are required, you can `tar` all of your files together before artifact upload. Post download, the `tar` file will maintain file permissions and case sensitivity.
+If file permissions and case sensitivity are required, you can `tar` all of your files together before artifact upload. Post download, the `tar` file will maintain file permissions and case sensitivity:
 
 ```yaml
-  - name: 'Tar files'
+  - name: Tar files
     run: tar -cvf my_files.tar /path/to/my/directory
 
-  - name: 'Upload Artifact'
-    uses: actions/upload-artifact@v2
+  - name: Upload Artifact
+    uses: actions/upload-artifact@v3
     with:
       name: my-artifact
-      path: my_files.tar    
+      path: my_files.tar
 ```
+
 ### Too many uploads resulting in 429 responses
 
 A very minute subset of users who upload a very very large amount of artifacts in a short period of time may see their uploads throttled or fail because of `Request was blocked due to exceeding usage of resource 'DBCPU' in namespace` or `Unable to copy file to server StatusCode=TooManyRequests`.
@@ -265,10 +307,10 @@ To reduce the chance of this happening, you can reduce the number of HTTP calls
 
 ## Additional Documentation
 
-See [persisting workflow data using artifacts](https://help.github.com/en/actions/configuring-and-managing-workflows/persisting-workflow-data-using-artifacts) for additional examples and tips.
+See [Storing workflow data as artifacts](https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts) for additional examples and tips.
 
-See extra documentation for the [@actions/artifact](https://github.com/actions/toolkit/blob/master/packages/artifact/docs/additional-information.md) package that is used internally regarding certain behaviors and limitations.
+See extra documentation for the [@actions/artifact](https://github.com/actions/toolkit/blob/main/packages/artifact/docs/additional-information.md) package that is used internally regarding certain behaviors and limitations.
 
 # License
 
-The scripts and documentation in this project are released under the [MIT License](LICENSE)
+The scripts and documentation in this project are released under the [MIT License](LICENSE).

__tests__/search.test.ts

@@ -61,6 +61,20 @@ const lonelyFilePath = path.join(
   'lonely-file.txt'
 )
 
+const hiddenFile = path.join(root, '.hidden-file.txt')
+const fileInHiddenFolderPath = path.join(
+  root,
+  '.hidden-folder',
+  'folder-in-hidden-folder',
+  'file.txt'
+)
+const fileInHiddenFolderInFolderA = path.join(
+  root,
+  'folder-a',
+  '.hidden-folder-in-folder-a',
+  'file.txt'
+)
+
 describe('Search', () => {
   beforeAll(async () => {
     // mock all output so that there is less noise when running tests
@@ -92,6 +106,13 @@ describe('Search', () => {
     await fs.mkdir(path.join(root, 'folder-h', 'folder-j', 'folder-k'), {
       recursive: true
     })
+    await fs.mkdir(
+      path.join(root, '.hidden-folder', 'folder-in-hidden-folder'),
+      {recursive: true}
+    )
+    await fs.mkdir(path.join(root, 'folder-a', '.hidden-folder-in-folder-a'), {
+      recursive: true
+    })
 
     await fs.writeFile(searchItem1Path, 'search item1 file')
     await fs.writeFile(searchItem2Path, 'search item2 file')
@@ -110,10 +131,19 @@ describe('Search', () => {
     await fs.writeFile(amazingFileInFolderHPath, 'amazing file')
 
     await fs.writeFile(lonelyFilePath, 'all by itself')
+
+    await fs.writeFile(hiddenFile, 'hidden file')
+    await fs.writeFile(fileInHiddenFolderPath, 'file in hidden directory')
+    await fs.writeFile(fileInHiddenFolderInFolderA, 'file in hidden directory')
     /*
       Directory structure of files that get created:
       root/
+          .hidden-folder/
+            folder-in-hidden-folder/
+              file.txt
           folder-a/
+              .hidden-folder-in-folder-a/
+                file.txt
               folder-b/
                   folder-c/
                       search-item1.txt
@@ -136,6 +166,7 @@ describe('Search', () => {
               folder-j/
                   folder-k/
                       lonely-file.txt
+          .hidden-file.txt
           search-item5.txt
     */
   })
@@ -352,4 +383,24 @@ describe('Search', () => {
     )
     expect(searchResult.filesToUpload.includes(lonelyFilePath)).toEqual(true)
   })
+
+  it('Hidden files ignored by default', async () => {
+    const searchPath = path.join(root, '**/*')
+    const searchResult = await findFilesToUpload(searchPath)
+
+    expect(searchResult.filesToUpload).not.toContain(hiddenFile)
+    expect(searchResult.filesToUpload).not.toContain(fileInHiddenFolderPath)
+    expect(searchResult.filesToUpload).not.toContain(
+      fileInHiddenFolderInFolderA
+    )
+  })
+
+  it('Hidden files included', async () => {
+    const searchPath = path.join(root, '**/*')
+    const searchResult = await findFilesToUpload(searchPath, true)
+
+    expect(searchResult.filesToUpload).toContain(hiddenFile)
+    expect(searchResult.filesToUpload).toContain(fileInHiddenFolderPath)
+    expect(searchResult.filesToUpload).toContain(fileInHiddenFolderInFolderA)
+  })
 })

action.yml

@@ -23,6 +23,11 @@ inputs:
 
       Minimum 1 day.
       Maximum 90 days unless changed from the repository settings page.
+  include-hidden-files:
+    description: >
+      If true, hidden files will be included in the uploaded artifact.
+      If false, hidden files will be excluded from the uploaded artifact.
+    default: 'false'
 runs:
-  using: 'node12'
+  using: 'node16'
   main: 'dist/index.js'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "upload-artifact",
-  "version": "2.0.1",
+  "version": "3.0.0",
   "description": "Upload a build artifact that can be used by subsequent workflow steps",
   "main": "dist/index.js",
   "scripts": {
@@ -29,25 +29,25 @@
   },
   "homepage": "https://github.com/actions/upload-artifact#readme",
   "dependencies": {
-    "@actions/artifact": "^0.5.2",
-    "@actions/core": "^1.2.6",
-    "@actions/glob": "^0.1.0",
-    "@actions/io": "^1.0.2"
+    "@actions/artifact": "^1.1.2",
+    "@actions/core": "^1.10.0",
+    "@actions/glob": "^0.5.0",
+    "@actions/io": "^1.1.2"
   },
   "devDependencies": {
-    "@types/jest": "^25.2.1",
-    "@types/node": "^13.11.1",
-    "@typescript-eslint/parser": "^2.27.0",
-    "@zeit/ncc": "^0.22.1",
-    "concurrently": "^5.1.0",
-    "eslint": "^7.4.0",
-    "eslint-plugin-github": "^4.1.1",
-    "eslint-plugin-jest": "^23.8.2",
-    "glob": "^7.1.6",
-    "jest": "^27.2.5",
-    "jest-circus": "^27.2.5",
-    "prettier": "^2.0.4",
-    "ts-jest": "^27.0.6",
-    "typescript": "^3.8.3"
+    "@types/jest": "^29.2.5",
+    "@types/node": "^18.11.18",
+    "@typescript-eslint/parser": "^5.48.0",
+    "@vercel/ncc": "^0.36.0",
+    "concurrently": "^7.6.0",
+    "eslint": "^8.31.0",
+    "eslint-plugin-github": "^4.6.0",
+    "eslint-plugin-jest": "^27.2.0",
+    "glob": "^8.0.3",
+    "jest": "^29.3.1",
+    "jest-circus": "^29.3.1",
+    "prettier": "^2.8.1",
+    "ts-jest": "^29.0.3",
+    "typescript": "^4.9.4"
   }
 }

src/constants.ts

@@ -1,8 +1,10 @@
+/* eslint-disable no-unused-vars */
 export enum Inputs {
   Name = 'name',
   Path = 'path',
   IfNoFilesFound = 'if-no-files-found',
-  RetentionDays = 'retention-days'
+  RetentionDays = 'retention-days',
+  IncludeHiddenFiles = 'include-hidden-files'
 }
 
 export enum NoFileOptions {

src/input-helper.ts

@@ -11,6 +11,7 @@ export function getInputs(): UploadInputs {
 
   const ifNoFilesFound = core.getInput(Inputs.IfNoFilesFound)
   const noFileBehavior: NoFileOptions = NoFileOptions[ifNoFilesFound]
+  const includeHiddenFiles = core.getBooleanInput(Inputs.IncludeHiddenFiles)
 
   if (!noFileBehavior) {
     core.setFailed(
@@ -25,7 +26,8 @@ export function getInputs(): UploadInputs {
   const inputs = {
     artifactName: name,
     searchPath: path,
-    ifNoFilesFound: noFileBehavior
+    ifNoFilesFound: noFileBehavior,
+    includeHiddenFiles
   } as UploadInputs
 
   const retentionDaysStr = core.getInput(Inputs.RetentionDays)

src/search.ts

@@ -11,11 +11,12 @@ export interface SearchResult {
   rootDirectory: string
 }
 
-function getDefaultGlobOptions(): glob.GlobOptions {
+function getDefaultGlobOptions(includeHiddenFiles: boolean): glob.GlobOptions {
   return {
     followSymbolicLinks: true,
     implicitDescendants: true,
-    omitBrokenSymbolicLinks: true
+    omitBrokenSymbolicLinks: true,
+    excludeHiddenFiles: !includeHiddenFiles
   }
 }
 
@@ -80,12 +81,12 @@ function getMultiPathLCA(searchPaths: string[]): string {
 
 export async function findFilesToUpload(
   searchPath: string,
-  globOptions?: glob.GlobOptions
+  includeHiddenFiles?: boolean
 ): Promise<SearchResult> {
   const searchResults: string[] = []
   const globber = await glob.create(
     searchPath,
-    globOptions || getDefaultGlobOptions()
+    getDefaultGlobOptions(includeHiddenFiles || false)
   )
   const rawSearchResults: string[] = await globber.glob()
 

src/upload-artifact.ts

@@ -7,7 +7,10 @@ import {NoFileOptions} from './constants'
 async function run(): Promise<void> {
   try {
     const inputs = getInputs()
-    const searchResult = await findFilesToUpload(inputs.searchPath)
+    const searchResult = await findFilesToUpload(
+      inputs.searchPath,
+      inputs.includeHiddenFiles
+    )
     if (searchResult.filesToUpload.length === 0) {
       // No files were found, different use cases warrant different types of behavior if nothing is found
       switch (inputs.ifNoFilesFound) {
@@ -68,8 +71,8 @@ async function run(): Promise<void> {
         )
       }
     }
-  } catch (err) {
-    core.setFailed(err.message)
+  } catch (error) {
+    core.setFailed((error as Error).message)
   }
 }
 

src/upload-inputs.ts

@@ -20,4 +20,9 @@ export interface UploadInputs {
    * Duration after which artifact will expire in days
    */
   retentionDays: number
+
+  /**
+   * Whether or not to include hidden files in the artifact
+   */
+  includeHiddenFiles: boolean
 }