Merge pull request #609 from actions/joshmgross/fix-include-hidden-files-input-node16

Ensure hidden files input is used

.devcontainer/devcontainer.json

@@ -0,0 +1,6 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/typescript-node
+{
+	"name": "@actions/upload-artifact",
+	"image": "mcr.microsoft.com/devcontainers/typescript-node:0-16"
+}

.eslintrc.json

@@ -4,13 +4,10 @@
     "parserOptions": { "ecmaVersion": 9, "sourceType": "module" },
     "extends": [
       "eslint:recommended",
-      "plugin:@typescript-eslint/eslint-recommended",
-      "plugin:@typescript-eslint/recommended",
       "plugin:import/errors",
       "plugin:import/warnings",
       "plugin:import/typescript",
-      "plugin:prettier/recommended",
-      "prettier/@typescript-eslint"
+      "plugin:prettier/recommended"
     ],
     "rules": {
        "@typescript-eslint/no-empty-function": "off"

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -0,0 +1,63 @@
+name: "🐛 Bug report"
+description: Let us know about a bug!
+labels: ['bug']
+title: '[bug]'
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: What happened?
+      description: |
+        Please provide a clear and concise description of what the bug is. If applicable, add screenshots to help explain your problem.
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: What did you expect to happen?
+    validations:
+      required: true
+
+  - type: textarea
+    id: repro
+    attributes:
+      label: How can we reproduce it?
+      description: |
+        Please be minimal and precise as possible. If your repo/run is public, please include a URL so it is easier for us to investigate.
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Anything else we need to know?
+
+  - type: input
+    id: version
+    attributes:
+      label: What version of the action are you using?
+      placeholder: vX.Y.Z
+      description: |
+        Please check the documentation first since different major versions can have different behaviors.
+    validations:
+      required: true
+
+  - type: dropdown
+    id: environment
+    attributes:
+      label: What are your runner environments?
+      multiple: true
+      options:
+        - self-hosted
+        - linux
+        - window
+        - macos
+    validations:
+      required: true
+
+  - type: input
+    id: ghes
+    attributes:
+      label: Are you on GitHub Enterprise Server? If so, what version?
+      placeholder: vX.Y

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,33 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: bug
-assignees: ''
-
----
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**Version**
-- [ ] V1
-- [ ] V2
-
-**Environment**
-- [ ] self-hosted
-- [ ] Linux
-- [ ] Windows
-- [ ] Mac
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Run/Repo Url**
-If applicable, and if your repo/run is public, please include a URL so it is easier for us to investigate.
-
-**How to reproduce**
-If applicable, add information on how to reproduce the problem.
-
-**Additional context**
-Add any other context about the problem here.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 🙋 Ask a question
+    url: https://github.community/c/code-to-cloud/52
+    about: Please ask and answer questions on GitHub Support Community.

.github/ISSUE_TEMPLATE/documentation-issues.yml

@@ -0,0 +1,28 @@
+name: "📚 Documentation issues"
+description: Make a suggestion to improve the documentation!
+labels: ['documentation']
+title: '[docs]'
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ❗ This is only for documentation updates for files in this repo, ie: `README.md`.
+
+        If you want to suggest changes for the [GitHub Docs](https://docs.github.com/), please [open an issue there](https://github.com/github/docs/issues/new/choose).
+  - type: textarea
+    id: affected
+    attributes:
+      label: What files would you like to change?
+      description: |
+        Please provide permalinks to the specified files and line numbers.
+    validations:
+      required: true
+
+  - type: textarea
+    id: suggested
+    attributes:
+      label: What are your suggested changes?
+      description: |
+        Give as much detail as you can to help us understand the changes you want to see.
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -0,0 +1,20 @@
+name: "🎁 Feature request"
+description: Suggest a new feature/enhancement!
+labels: ['enhancement']
+title: '[feat req]'
+body:
+  - type: textarea
+    id: feature
+    attributes:
+      label: What would you like to be added?
+      description: |
+        Please check existing issues to avoid making duplicates. Any duplicate issue will be closed immediately.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reasoning
+    attributes:
+      label: Why is this needed?
+    validations:
+      required: true

.github/workflows/check-dist.yml

@@ -0,0 +1,52 @@
+# `dist/index.js` is a special file in Actions.
+# When you reference an action with `uses:` in a workflow,
+# `index.js` is the code that will run.
+# For our project, we generate this file through a build process
+# from other source files.
+# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
+name: Check dist/
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  check-dist:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Node 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16.x
+          cache: 'npm'
+  
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Move the committed index.js file
+        run: mv dist/index.js /tmp
+
+      - name: Rebuild with tsc
+        run: npm run build
+
+      - name: Rebuild the index.js file
+        run: npm run release
+
+      - name: Compare the expected and actual index.js files
+        run: git diff --ignore-all-space dist/index.js /tmp/index.js
+        id: diff
+
+      # If index.js was different than expected, upload the expected version as an artifact
+      - uses: actions/upload-artifact@v3
+        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
+        with:
+          name: index.js
+          path: dist/index.js

.github/workflows/codeql-analysis.yml

@@ -2,6 +2,8 @@ name: "Code scanning - action"
 
 on:
   push:
+    branches-ignore: "dependabot/**"
+  pull_request:
     paths-ignore:
       - '**.md'
   schedule:
@@ -15,11 +17,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
@@ -27,7 +29,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -41,4 +43,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/licensed.yml

@@ -1,8 +1,12 @@
 name: Licensed
 
 on:
-  push: {branches: main}
-  pull_request: {branches: main}
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
 
 jobs:
   test:

.github/workflows/release-new-action-version.yml

@@ -0,0 +1,28 @@
+name: Release new action version
+on:
+  release:
+    types: [released]
+  workflow_dispatch:
+    inputs:
+      TAG_NAME:
+        description: 'Tag name that the major tag will point to'
+        required: true
+
+env:
+  TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }}
+permissions:
+  contents: write
+
+jobs:
+  update_tag:
+    name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.event.release.tag_name }} changes
+    environment:
+      name: releaseNewActionVersion
+    runs-on: ubuntu-latest
+    steps:
+    - name: Update the ${{ env.TAG_NAME }} tag
+      id: update-major-tag
+      uses: actions/publish-action@v0.2.1
+      with:
+        source-tag: ${{ env.TAG_NAME }}
+        slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/test.yml

@@ -23,28 +23,29 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
-    - name: Set Node.js 12.x
-      uses: actions/setup-node@v1
+    - name: Setup Node 16
+      uses: actions/setup-node@v3
       with:
-        node-version: 12.x
+        node-version: 16.x
+        cache: 'npm'
 
-    - name: npm install
-      run: npm install
+    - name: Install dependencies
+      run: npm ci
 
     - name: Compile
       run: npm run build
 
-    - name: npm test
-      run: npm test
-
     - name: Lint
       run: npm run lint
 
     - name: Format
       run: npm run format-check
 
+    - name: Test
+      run: npm run test
+
     # Test end-to-end by uploading two artifacts and then downloading them
     - name: Create artifact files
       run: |
@@ -85,11 +86,9 @@ jobs:
           path/to/dir-[23]/*
           !path/to/dir-3/*.txt
 
-    # Verify artifacts. Switch to download-artifact@v2 once it's out of preview
-
     # Download Artifact #1 and verify the correctness of the content
     - name: 'Download artifact #1'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v3
       with:
         name: 'Artifact-A'
         path: some/new/path
@@ -109,7 +108,7 @@ jobs:
 
     # Download Artifact #2 and verify the correctness of the content
     - name: 'Download artifact #2'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v3
       with:
         name: 'artifact'
         path: some/other/path
@@ -130,7 +129,7 @@ jobs:
 
     # Download Artifact #3 and verify the correctness of the content
     - name: 'Download artifact #3'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v3
       with:
         name: 'GZip-Artifact'
         path: gzip/artifact/path
@@ -150,7 +149,7 @@ jobs:
       shell: pwsh
 
     - name: 'Download artifact #4'
-      uses: actions/download-artifact@v1
+      uses: actions/download-artifact@v3
       with:
         name: 'Multi-Path-Artifact'
         path: multi/artifact

.licenses/npm/@actions/artifact.dep.yml

@@ -1,30 +1,20 @@
 ---
 name: "@actions/artifact"
-version: 0.5.0
+version: 1.1.2
 type: npm
-summary: 
-homepage: 
+summary: Actions artifact lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/artifact
 license: mit
 licenses:
-- sources: Auto-generated MIT license text
-  text: |
-    MIT License
+- sources: LICENSE.md
+  text: |-
+    The MIT License (MIT)
 
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
+    Copyright 2019 GitHub
 
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE.
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 1.2.6
+version: 1.10.0
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/glob.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/glob"
-version: 0.1.0
+version: 0.3.0
 type: npm
 summary: Actions glob lib
 homepage: https://github.com/actions/toolkit/tree/master/packages/glob

.licenses/npm/@actions/http-client.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@actions/http-client"
-version: 1.0.9
+version: 2.0.1
 type: npm
 summary: Actions Http Client
-homepage: https://github.com/actions/http-client#readme
+homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
 license: mit
 licenses:
 - sources: LICENSE

.licenses/npm/@actions/io.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/io"
-version: 1.0.2
+version: 1.1.2
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/master/packages/io

.licenses/npm/@types/tmp.dep.yml

@@ -1,26 +0,0 @@
----
-name: "@types/tmp"
-version: 0.1.0
-type: npm
-summary: TypeScript definitions for tmp
-homepage: https://github.com/DefinitelyTyped/DefinitelyTyped#readme
-license: mit
-licenses:
-- sources: LICENSE
-  text: "    MIT License\r\n\r\n    Copyright (c) Microsoft Corporation. All rights
-    reserved.\r\n\r\n    Permission is hereby granted, free of charge, to any person
-    obtaining a copy\r\n    of this software and associated documentation files (the
-    \"Software\"), to deal\r\n    in the Software without restriction, including without
-    limitation the rights\r\n    to use, copy, modify, merge, publish, distribute,
-    sublicense, and/or sell\r\n    copies of the Software, and to permit persons to
-    whom the Software is\r\n    furnished to do so, subject to the following conditions:\r\n\r\n
-    \   The above copyright notice and this permission notice shall be included in
-    all\r\n    copies or substantial portions of the Software.\r\n\r\n    THE SOFTWARE
-    IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r\n    IMPLIED,
-    INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r\n    FITNESS
-    FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r\n    AUTHORS
-    OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r\n    LIABILITY,
-    WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r\n    OUT
-    OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\r\n
-    \   SOFTWARE\r\n"
-notices: []

.licenses/npm/glob.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: glob
-version: 7.1.6
+version: 7.2.3
 type: npm
 summary: a little globber
-homepage: https://github.com/isaacs/node-glob#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/minimatch.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: minimatch
-version: 3.0.4
+version: 3.1.2
 type: npm
 summary: a glob matcher in javascript
-homepage: https://github.com/isaacs/minimatch#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/rimraf.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: rimraf
-version: 2.6.3
+version: 3.0.2
 type: npm
 summary: A deep deletion module for node (like `rm -rf`)
-homepage: https://github.com/isaacs/rimraf#readme
+homepage: 
 license: isc
 licenses:
 - sources: LICENSE

.licenses/npm/tmp-promise.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: tmp-promise
-version: 2.1.1
+version: 3.0.3
 type: npm
 summary: The tmp package with promises support and disposers.
-homepage: https://github.com/benjamingr/tmp-promise#readme
+homepage: 
 license: mit
 licenses:
 - sources: Auto-generated MIT license text

.licenses/npm/tmp.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: tmp
-version: 0.1.0
+version: 0.2.1
 type: npm
 summary: Temporary file and directory creator
 homepage: http://github.com/raszi/node-tmp

.licenses/npm/uuid.dep.yml

@@ -0,0 +1,20 @@
+---
+name: uuid
+version: 8.3.2
+type: npm
+summary: RFC4122 (v1, v4, and v5) UUIDs
+homepage: 
+license: mit
+licenses:
+- sources: LICENSE.md
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2010-2020 Robert Kieffer and other contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

README.md

@@ -1,4 +1,4 @@
-# Upload-Artifact v2
+# Upload-Artifact v3
 
 This uploads artifacts from your workflow allowing you to share data between jobs and store data once a workflow is complete.
 
@@ -25,15 +25,16 @@ Refer [here](https://github.com/actions/upload-artifact/tree/releases/v1) for th
 See [action.yml](action.yml)
 
 ### Upload an Individual File
+
 ```yaml
 steps:
-- uses: actions/checkout@v2
+- uses: actions/checkout@v3
 
 - run: mkdir -p path/to/artifact
 
 - run: echo hello > path/to/artifact/world.txt
 
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/world.txt
@@ -42,23 +43,25 @@ steps:
 ### Upload an Entire Directory
 
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/ # or path/to/artifact
 ```
 
 ### Upload using a Wildcard Pattern
+
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/**/[abc]rtifac?/*
 ```
 
 ### Upload using Multiple Paths and Exclusions
+
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: |
@@ -69,7 +72,7 @@ steps:
 
 For supported wildcards along with behavior and documentation, see [@actions/glob](https://github.com/actions/toolkit/tree/main/packages/glob) which is used internally to search for files.
 
-If a wildcard pattern is used, the path hierarchy will be preserved after the first wildcard pattern. 
+If a wildcard pattern is used, the path hierarchy will be preserved after the first wildcard pattern:
 
 ```
 path/to/*/directory/foo?.txt =>
@@ -82,7 +85,8 @@ If a wildcard pattern is used, the path hierarchy will be preserved after the fi
     ∟ some/directory/foo2.txt
     ∟ other/directory/foo1.txt
 ```
-If multiple paths are provided as input, the least common ancestor of all the search paths will be used as the root directory of the artifact. Exclude paths do not effect the directory structure.
+
+If multiple paths are provided as input, the least common ancestor of all the search paths will be used as the root directory of the artifact. Exclude paths do not affect the directory structure.
 
 Relative and absolute file paths are both allowed. Relative paths are rooted against the current working directory. Paths that begin with a wildcard character should be quoted to avoid being interpreted as YAML aliases.
 
@@ -90,10 +94,10 @@ The [@actions/artifact](https://github.com/actions/toolkit/tree/main/packages/ar
 
 ### Customization if no files are found
 
-If a path (or paths), result in no files being found for the artifact, the action will succeed but print out a warning. In certain scenarios it may be desirable to fail the action or suppress the warning. The `if-no-files-found` option allows you to customize the behavior of the action if no files are found.
+If a path (or paths), result in no files being found for the artifact, the action will succeed but print out a warning. In certain scenarios it may be desirable to fail the action or suppress the warning. The `if-no-files-found` option allows you to customize the behavior of the action if no files are found:
 
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     name: my-artifact
     path: path/to/artifact/
@@ -105,7 +109,7 @@ If a path (or paths), result in no files being found for the artifact, the actio
 To upload artifacts only when the previous step of a job failed, use [`if: failure()`](https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions#job-status-check-functions):
 
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   if: failure()
   with:
     name: my-artifact
@@ -115,8 +119,9 @@ To upload artifacts only when the previous step of a job failed, use [`if: failu
 ### Uploading without an artifact name
 
 You can upload an artifact without specifying a name
+
 ```yaml
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     path: path/to/artifact/world.txt
 ```
@@ -125,46 +130,47 @@ If not provided, `artifact` will be used as the default name which will manifest
 
 ### Uploading to the same artifact
 
-Each artifact behaves as a file share. Uploading to the same artifact multiple times in the same workflow can overwrite and append already uploaded files
+With the following example, the available artifact (named `artifact` by default if no name is provided) would contain both `world.txt` (`hello`) and `extra-file.txt` (`howdy`):
 
 ```yaml
 - run: echo hi > world.txt
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     path: world.txt
 
 - run: echo howdy > extra-file.txt
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     path: extra-file.txt
 
 - run: echo hello > world.txt
-- uses: actions/upload-artifact@v2
+- uses: actions/upload-artifact@v3
   with:
     path: world.txt
 ```
-With the following example, the available artifact (named `artifact` which is the default if no name is provided) would contain both `world.txt` (`hello`) and `extra-file.txt` (`howdy`).
 
-> **_Warning:_**  Be careful when uploading to the same artifact via multiple jobs as artifacts may become corrupted 
+Each artifact behaves as a file share. Uploading to the same artifact multiple times in the same workflow can overwrite and append already uploaded files:
 
 ```yaml
     strategy:
       matrix:
           node-version: [8.x, 10.x, 12.x, 13.x]
     steps:
-        - name: 'Create a file'
+        - name: Create a file
           run: echo ${{ matrix.node-version }} > my_file.txt
-        - name: 'Accidently upload to the same artifact via multiple jobs'
-          uses: 'actions/upload-artifact@v2'
+        - name: Accidentally upload to the same artifact via multiple jobs
+          uses: actions/upload-artifact@v3
           with:
               name: my-artifact
               path: ${{ github.workspace }}
 ```
 
-In the above example, four jobs will upload four different files to the same artifact but there will only be one file available when `my-artifact` is downloaded. Each job overwrites what was previously uploaded. To ensure that jobs don't overwrite existing artifacts, use a different name per job.
+> **_Warning:_** Be careful when uploading to the same artifact via multiple jobs as artifacts may become corrupted. When uploading a file with an identical name and path in multiple jobs, uploads may fail with 503 errors due to conflicting uploads happening at the same time. Ensure uploads to identical locations to not interfere with each other.
+
+In the above example, four jobs will upload four different files to the same artifact but there will only be one file available when `my-artifact` is downloaded. Each job overwrites what was previously uploaded. To ensure that jobs don't overwrite existing artifacts, use a different name per job:
 
 ```yaml
-          uses: 'actions/upload-artifact@v2'
+          uses: actions/upload-artifact@v3
           with:
               name: my-artifact ${{ matrix.node-version }}
               path: ${{ github.workspace }}
@@ -172,19 +178,19 @@ In the above example, four jobs will upload four different files to the same art
 
 ### Environment Variables and Tilde Expansion
 
-You can use `~` in the path input as a substitute for `$HOME`. Basic tilde expansion is supported.
+You can use `~` in the path input as a substitute for `$HOME`. Basic tilde expansion is supported:
 
 ```yaml
   - run: |
       mkdir -p ~/new/artifact
       echo hello > ~/new/artifact/world.txt
-  - uses: actions/upload-artifact@v2
+  - uses: actions/upload-artifact@v3
     with:
-      name: 'Artifacts-V2'	
-      path: '~/new/**/*'
+      name: Artifacts-V3
+      path: ~/new/**/*
 ```
 
-Environment variables along with context expressions can also be used for input. For documentation see [context and expression syntax](https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions).
+Environment variables along with context expressions can also be used for input. For documentation see [context and expression syntax](https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions):
 
 ```yaml
     env:
@@ -193,37 +199,77 @@ Environment variables along with context expressions can also be used for input.
     - run: |
         mkdir -p ${{ github.workspace }}/artifact
         echo hello > ${{ github.workspace }}/artifact/world.txt
-    - uses: actions/upload-artifact@v2
+    - uses: actions/upload-artifact@v3
       with:
         name: ${{ env.name }}-name
         path: ${{ github.workspace }}/artifact/**/*
 ```
 
+For environment variables created in other steps, make sure to use the `env` expression syntax
+
+```yaml
+    steps:
+    - run: | 
+        mkdir testing
+        echo "This is a file to upload" > testing/file.txt
+        echo "artifactPath=testing/file.txt" >> $GITHUB_ENV
+    - uses: actions/upload-artifact@v3
+      with:
+        name: artifact
+        path: ${{ env.artifactPath }} # this will resolve to testing/file.txt at runtime
+```
+
 ### Retention Period
 
 Artifacts are retained for 90 days by default. You can specify a shorter retention period using the `retention-days` input:
 
 ```yaml
-  - name: 'Create a file'
+  - name: Create a file
     run: echo "I won't live long" > my_file.txt
 
-  - name: 'Upload Artifact'
-    uses: actions/upload-artifact@v2
+  - name: Upload Artifact
+    uses: actions/upload-artifact@v3
     with:
       name: my-artifact
       path: my_file.txt
       retention-days: 5
-
 ```
 
 The retention period must be between 1 and 90 inclusive. For more information see [artifact and log retention policies](https://docs.github.com/en/free-pro-team@latest/actions/reference/usage-limits-billing-and-administration#artifact-and-log-retention-policy).
 
+
+### Hidden Files 
+
+By default, hidden files are ignored by this action to avoid unintentionally uploading sensitive information.
+
+In versions of this action before v3.2.0, these hidden files were included by default.
+
+If you need to upload hidden files, you can use the `include-hidden-files` input.
+
+```yaml
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create a Hidden File
+        run: echo "hello from a hidden file" > .hidden-file.txt
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          path: .hidden-file.txt
+          include-hidden-files: true
+```
+
 ## Where does the upload go?
-In the top right corner of a workflow run, once the run is over, if you used this action, there will be an `Artifacts` dropdown which you can download items from. Here's a screenshot of what it looks like<br/>
-<img src="https://user-images.githubusercontent.com/16109154/72556687-20235a80-386d-11ea-9e2a-b534faa77083.png" width="375" height="140">
+
+At the bottom of the workflow summary page, there is a dedicated section for artifacts. Here's a screenshot of something you might see:
+
+<img src="https://user-images.githubusercontent.com/16109154/103645952-223c6880-4f59-11eb-8268-8dca6937b5f9.png" width="700" height="300">
 
 There is a trashcan icon that can be used to delete the artifact. This icon will only appear for users who have write permissions to the repository.
 
+The size of the artifact is denoted in bytes. The displayed artifact size denotes the raw uploaded artifact size (the sum of all the individual files uploaded during the workflow run for the artifact), not the compressed size. When you click to download an artifact from the summary page, a compressed zip is created with all the contents of the artifact and the size of the zip that you download may differ significantly from the displayed size. Billing is based on the raw uploaded size and not the size of the zip.
+
 # Limitations
 
 ### Zipped Artifact Downloads
@@ -240,26 +286,31 @@ During a workflow run, files are uploaded and downloaded individually using the
 
 ### Maintaining file permissions and case sensitive files
 
-If file permissions and case sensitivity are required, you can `tar` all of your files together before artifact upload. Post download, the `tar` file will maintain file permissions and case sensitivity.
+If file permissions and case sensitivity are required, you can `tar` all of your files together before artifact upload. Post download, the `tar` file will maintain file permissions and case sensitivity:
 
 ```yaml
-  - name: 'Tar files'
+  - name: Tar files
     run: tar -cvf my_files.tar /path/to/my/directory
 
-  - name: 'Upload Artifact'
-    uses: actions/upload-artifact@v2
+  - name: Upload Artifact
+    uses: actions/upload-artifact@v3
     with:
       name: my-artifact
       path: my_files.tar
 ```
 
+### Too many uploads resulting in 429 responses
+
+A very minute subset of users who upload a very very large amount of artifacts in a short period of time may see their uploads throttled or fail because of `Request was blocked due to exceeding usage of resource 'DBCPU' in namespace` or `Unable to copy file to server StatusCode=TooManyRequests`.
+
+To reduce the chance of this happening, you can reduce the number of HTTP calls made during artifact upload by zipping or archiving the contents of your artifact before an upload starts. As an example, imagine an artifact with 1000 files (each 10 Kb in size). Without any modification, there would be around 1000 HTTP calls made to upload the artifact. If you zip or archive the artifact beforehand, the number of HTTP calls can be dropped to single digit territory. Measures like this will significantly speed up your upload and prevent uploads from being throttled or in some cases fail.
 
 ## Additional Documentation
 
-See [persisting workflow data using artifacts](https://help.github.com/en/actions/configuring-and-managing-workflows/persisting-workflow-data-using-artifacts) for additional examples and tips.
+See [Storing workflow data as artifacts](https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts) for additional examples and tips.
 
-See extra documentation for the [@actions/artifact](https://github.com/actions/toolkit/blob/master/packages/artifact/docs/additional-information.md) package that is used internally regarding certain behaviors and limitations.
+See extra documentation for the [@actions/artifact](https://github.com/actions/toolkit/blob/main/packages/artifact/docs/additional-information.md) package that is used internally regarding certain behaviors and limitations.
 
 # License
 
-The scripts and documentation in this project are released under the [MIT License](LICENSE)
+The scripts and documentation in this project are released under the [MIT License](LICENSE).

__tests__/search.test.ts

@@ -61,6 +61,20 @@ const lonelyFilePath = path.join(
   'lonely-file.txt'
 )
 
+const hiddenFile = path.join(root, '.hidden-file.txt')
+const fileInHiddenFolderPath = path.join(
+  root,
+  '.hidden-folder',
+  'folder-in-hidden-folder',
+  'file.txt'
+)
+const fileInHiddenFolderInFolderA = path.join(
+  root,
+  'folder-a',
+  '.hidden-folder-in-folder-a',
+  'file.txt'
+)
+
 describe('Search', () => {
   beforeAll(async () => {
     // mock all output so that there is less noise when running tests
@@ -92,6 +106,13 @@ describe('Search', () => {
     await fs.mkdir(path.join(root, 'folder-h', 'folder-j', 'folder-k'), {
       recursive: true
     })
+    await fs.mkdir(
+      path.join(root, '.hidden-folder', 'folder-in-hidden-folder'),
+      {recursive: true}
+    )
+    await fs.mkdir(path.join(root, 'folder-a', '.hidden-folder-in-folder-a'), {
+      recursive: true
+    })
 
     await fs.writeFile(searchItem1Path, 'search item1 file')
     await fs.writeFile(searchItem2Path, 'search item2 file')
@@ -110,10 +131,19 @@ describe('Search', () => {
     await fs.writeFile(amazingFileInFolderHPath, 'amazing file')
 
     await fs.writeFile(lonelyFilePath, 'all by itself')
+
+    await fs.writeFile(hiddenFile, 'hidden file')
+    await fs.writeFile(fileInHiddenFolderPath, 'file in hidden directory')
+    await fs.writeFile(fileInHiddenFolderInFolderA, 'file in hidden directory')
     /*
       Directory structure of files that get created:
       root/
+          .hidden-folder/
+            folder-in-hidden-folder/
+              file.txt
           folder-a/
+              .hidden-folder-in-folder-a/
+                file.txt
               folder-b/
                   folder-c/
                       search-item1.txt
@@ -136,6 +166,7 @@ describe('Search', () => {
               folder-j/
                   folder-k/
                       lonely-file.txt
+          .hidden-file.txt
           search-item5.txt
     */
   })
@@ -352,4 +383,24 @@ describe('Search', () => {
     )
     expect(searchResult.filesToUpload.includes(lonelyFilePath)).toEqual(true)
   })
+
+  it('Hidden files ignored by default', async () => {
+    const searchPath = path.join(root, '**/*')
+    const searchResult = await findFilesToUpload(searchPath)
+
+    expect(searchResult.filesToUpload).not.toContain(hiddenFile)
+    expect(searchResult.filesToUpload).not.toContain(fileInHiddenFolderPath)
+    expect(searchResult.filesToUpload).not.toContain(
+      fileInHiddenFolderInFolderA
+    )
+  })
+
+  it('Hidden files included', async () => {
+    const searchPath = path.join(root, '**/*')
+    const searchResult = await findFilesToUpload(searchPath, true)
+
+    expect(searchResult.filesToUpload).toContain(hiddenFile)
+    expect(searchResult.filesToUpload).toContain(fileInHiddenFolderPath)
+    expect(searchResult.filesToUpload).toContain(fileInHiddenFolderInFolderA)
+  })
 })

action.yml

@@ -23,6 +23,11 @@ inputs:
 
       Minimum 1 day.
       Maximum 90 days unless changed from the repository settings page.
+  include-hidden-files:
+    description: >
+      If true, hidden files will be included in the uploaded artifact.
+      If false, hidden files will be excluded from the uploaded artifact.
+    default: 'false'
 runs:
-  using: 'node12'
+  using: 'node16'
   main: 'dist/index.js'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "upload-artifact",
-  "version": "2.0.1",
+  "version": "3.0.0",
   "description": "Upload a build artifact that can be used by subsequent workflow steps",
   "main": "dist/index.js",
   "scripts": {
@@ -29,25 +29,25 @@
   },
   "homepage": "https://github.com/actions/upload-artifact#readme",
   "dependencies": {
-    "@actions/artifact": "^0.5.0",
-    "@actions/core": "^1.2.6",
-    "@actions/glob": "^0.1.0",
-    "@actions/io": "^1.0.2"
+    "@actions/artifact": "^1.1.2",
+    "@actions/core": "^1.10.0",
+    "@actions/glob": "^0.5.0",
+    "@actions/io": "^1.1.2"
   },
   "devDependencies": {
-    "@types/jest": "^25.2.1",
-    "@types/node": "^13.11.1",
-    "@typescript-eslint/parser": "^2.27.0",
-    "@zeit/ncc": "^0.22.1",
-    "concurrently": "^5.1.0",
-    "eslint": "^7.4.0",
-    "eslint-plugin-github": "^4.1.1",
-    "eslint-plugin-jest": "^23.8.2",
-    "glob": "^7.1.6",
-    "jest": "^26.6.3",
-    "jest-circus": "^26.1.0",
-    "prettier": "^2.0.4",
-    "ts-jest": "^25.3.1",
-    "typescript": "^3.8.3"
+    "@types/jest": "^29.2.5",
+    "@types/node": "^18.11.18",
+    "@typescript-eslint/parser": "^5.48.0",
+    "@vercel/ncc": "^0.36.0",
+    "concurrently": "^7.6.0",
+    "eslint": "^8.31.0",
+    "eslint-plugin-github": "^4.6.0",
+    "eslint-plugin-jest": "^27.2.0",
+    "glob": "^8.0.3",
+    "jest": "^29.3.1",
+    "jest-circus": "^29.3.1",
+    "prettier": "^2.8.1",
+    "ts-jest": "^29.0.3",
+    "typescript": "^4.9.4"
   }
 }

src/constants.ts

@@ -1,8 +1,10 @@
+/* eslint-disable no-unused-vars */
 export enum Inputs {
   Name = 'name',
   Path = 'path',
   IfNoFilesFound = 'if-no-files-found',
-  RetentionDays = 'retention-days'
+  RetentionDays = 'retention-days',
+  IncludeHiddenFiles = 'include-hidden-files'
 }
 
 export enum NoFileOptions {

src/input-helper.ts

@@ -11,6 +11,7 @@ export function getInputs(): UploadInputs {
 
   const ifNoFilesFound = core.getInput(Inputs.IfNoFilesFound)
   const noFileBehavior: NoFileOptions = NoFileOptions[ifNoFilesFound]
+  const includeHiddenFiles = core.getBooleanInput(Inputs.IncludeHiddenFiles)
 
   if (!noFileBehavior) {
     core.setFailed(
@@ -25,7 +26,8 @@ export function getInputs(): UploadInputs {
   const inputs = {
     artifactName: name,
     searchPath: path,
-    ifNoFilesFound: noFileBehavior
+    ifNoFilesFound: noFileBehavior,
+    includeHiddenFiles
   } as UploadInputs
 
   const retentionDaysStr = core.getInput(Inputs.RetentionDays)

src/search.ts

@@ -11,11 +11,12 @@ export interface SearchResult {
   rootDirectory: string
 }
 
-function getDefaultGlobOptions(): glob.GlobOptions {
+function getDefaultGlobOptions(includeHiddenFiles: boolean): glob.GlobOptions {
   return {
     followSymbolicLinks: true,
     implicitDescendants: true,
-    omitBrokenSymbolicLinks: true
+    omitBrokenSymbolicLinks: true,
+    excludeHiddenFiles: !includeHiddenFiles
   }
 }
 
@@ -80,12 +81,12 @@ function getMultiPathLCA(searchPaths: string[]): string {
 
 export async function findFilesToUpload(
   searchPath: string,
-  globOptions?: glob.GlobOptions
+  includeHiddenFiles?: boolean
 ): Promise<SearchResult> {
   const searchResults: string[] = []
   const globber = await glob.create(
     searchPath,
-    globOptions || getDefaultGlobOptions()
+    getDefaultGlobOptions(includeHiddenFiles || false)
   )
   const rawSearchResults: string[] = await globber.glob()
 

src/upload-artifact.ts

@@ -7,7 +7,10 @@ import {NoFileOptions} from './constants'
 async function run(): Promise<void> {
   try {
     const inputs = getInputs()
-    const searchResult = await findFilesToUpload(inputs.searchPath)
+    const searchResult = await findFilesToUpload(
+      inputs.searchPath,
+      inputs.includeHiddenFiles
+    )
     if (searchResult.filesToUpload.length === 0) {
       // No files were found, different use cases warrant different types of behavior if nothing is found
       switch (inputs.ifNoFilesFound) {
@@ -37,6 +40,12 @@ async function run(): Promise<void> {
       )
       core.debug(`Root artifact directory is ${searchResult.rootDirectory}`)
 
+      if (searchResult.filesToUpload.length > 10000) {
+        core.warning(
+          `There are over 10,000 files in this artifact, consider creating an archive before upload to improve the upload performance.`
+        )
+      }
+
       const artifactClient = create()
       const options: UploadOptions = {
         continueOnError: false
@@ -62,8 +71,8 @@ async function run(): Promise<void> {
         )
       }
     }
-  } catch (err) {
-    core.setFailed(err.message)
+  } catch (error) {
+    core.setFailed((error as Error).message)
   }
 }
 

src/upload-inputs.ts

@@ -20,4 +20,9 @@ export interface UploadInputs {
    * Duration after which artifact will expire in days
    */
   retentionDays: number
+
+  /**
+   * Whether or not to include hidden files in the artifact
+   */
+  includeHiddenFiles: boolean
 }