Merge pull request #656 from bdehamer/bdehamer/artifact-digest

Add new `artifact-digest` output

.github/workflows/codeql-analysis.yml

@@ -17,11 +17,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
@@ -29,7 +29,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -43,4 +43,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.licenses/npm/@actions/artifact.dep.yml

@@ -1,9 +1,9 @@
 ---
 name: "@actions/artifact"
-version: 2.1.11
+version: 2.2.0
 type: npm
-summary: 
-homepage: 
+summary: Actions artifact lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/artifact
 license: mit
 licenses:
 - sources: LICENSE.md

README.md

@@ -122,6 +122,7 @@ For assistance with breaking changes, see [MIGRATION.md](docs/MIGRATION.md).
 | - | - | - |
 | `artifact-id` | GitHub ID of an Artifact, can be used by the REST API | `1234` |
 | `artifact-url` | URL to download an Artifact. Can be used in many scenarios such as linking to artifacts in issues or pull requests. Users must be logged-in in order for this URL to work. This URL is valid as long as the artifact has not expired or the artifact, run or repository have not been deleted | `https://github.com/example-org/example-repo/actions/runs/1/artifacts/1234` |
+| `artifact-digest` | SHA-256 digest of an Artifact | 0fde654d4c6e659b45783a725dc92f1bfb0baa6c2de64b34e814dc206ff4aaaf |
 
 ## Examples
 

__tests__/upload.test.ts

@@ -60,7 +60,8 @@ describe('upload', () => {
 
     jest.spyOn(artifact, 'uploadArtifact').mockResolvedValue({
       size: 123,
-      id: 1337
+      id: 1337,
+      digest: 'facefeed'
     })
   })
 
@@ -95,6 +96,7 @@ describe('upload', () => {
     await run()
 
     expect(core.setOutput).toHaveBeenCalledWith('artifact-id', 1337)
+    expect(core.setOutput).toHaveBeenCalledWith('artifact-digest', 'facefeed')
     expect(core.setOutput).toHaveBeenCalledWith(
       'artifact-url',
       `${github.context.serverUrl}/${github.context.repo.owner}/${

action.yml

@@ -61,6 +61,9 @@ outputs:
 
       This URL will be valid for as long as the artifact exists and the workflow run and repository exists. Once an artifact has expired this URL will no longer work.
       Common uses cases for such a download URL can be adding download links to artifacts in descriptions or comments on pull requests or issues.
+  artifact-digest:
+    description: >
+      SHA-256 digest for the artifact that was just uploaded. Empty if the artifact upload failed.
 runs:
   using: 'node20'
   main: 'dist/upload/index.js'

merge/README.md

@@ -65,6 +65,7 @@ For most cases, this may not be the most efficient solution. See [the migration
 | - | - | - |
 | `artifact-id` | GitHub ID of an Artifact, can be used by the REST API | `1234` |
 | `artifact-url` | URL to download an Artifact. Can be used in many scenarios such as linking to artifacts in issues or pull requests. Users must be logged-in in order for this URL to work. This URL is valid as long as the artifact has not expired or the artifact, run or repository have not been deleted | `https://github.com/example-org/example-repo/actions/runs/1/artifacts/1234` |
+| `artifact-digest` | SHA-256 digest of an Artifact | 0fde654d4c6e659b45783a725dc92f1bfb0baa6c2de64b34e814dc206ff4aaaf |
 
 ## Examples
 

merge/action.yml

@@ -57,6 +57,9 @@ outputs:
 
       This URL will be valid for as long as the artifact exists and the workflow run and repository exists. Once an artifact has expired this URL will no longer work.
       Common uses cases for such a download URL can be adding download links to artifacts in descriptions or comments on pull requests or issues.
+  artifact-digest:
+    description: >
+      SHA-256 digest for the artifact that was just uploaded. Empty if the artifact upload failed.
 runs:
   using: 'node20'
   main: '../dist/merge/index.js'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "upload-artifact",
-  "version": "4.4.2",
+  "version": "4.5.0",
   "description": "Upload an Actions Artifact in a workflow run",
   "main": "dist/upload/index.js",
   "scripts": {
@@ -29,7 +29,7 @@
   },
   "homepage": "https://github.com/actions/upload-artifact#readme",
   "dependencies": {
-    "@actions/artifact": "^2.1.11",
+    "@actions/artifact": "^2.2.0",
     "@actions/core": "^1.11.1",
     "@actions/github": "^6.0.0",
     "@actions/glob": "^0.5.0",

src/shared/upload-artifact.ts

@@ -19,6 +19,7 @@ export async function uploadArtifact(
     `Artifact ${artifactName} has been successfully uploaded! Final size is ${uploadResponse.size} bytes. Artifact ID is ${uploadResponse.id}`
   )
   core.setOutput('artifact-id', uploadResponse.id)
+  core.setOutput('artifact-digest', uploadResponse.digest)
 
   const repository = github.context.repo
   const artifactURL = `${github.context.serverUrl}/${repository.owner}/${repository.repo}/actions/runs/${github.context.runId}/artifacts/${uploadResponse.id}`