From b81a61586207613b76f83657fad9407c74296ad4 Mon Sep 17 00:00:00 2001 From: Ryan Ghadimi <114221941+GhadimiR@users.noreply.github.com> Date: Wed, 12 Mar 2025 13:47:20 +0000 Subject: [PATCH] Bump artifact version, do digest check --- .licenses/npm/@actions/artifact.dep.yml | 2 +- package-lock.json | 16 ++++++++-------- package.json | 4 ++-- src/download-artifact.ts | 12 +++++++++++- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/.licenses/npm/@actions/artifact.dep.yml b/.licenses/npm/@actions/artifact.dep.yml index 33a2153..0305b13 100644 --- a/.licenses/npm/@actions/artifact.dep.yml +++ b/.licenses/npm/@actions/artifact.dep.yml @@ -1,6 +1,6 @@ --- name: "@actions/artifact" -version: 2.2.2 +version: 2.3.1 type: npm summary: Actions artifact lib homepage: https://github.com/actions/toolkit/tree/main/packages/artifact diff --git a/package-lock.json b/package-lock.json index d038224..46995c6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "download-artifact", - "version": "4.1.9", + "version": "4.2.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "download-artifact", - "version": "4.1.9", + "version": "4.2.0", "license": "MIT", "dependencies": { "@actions/artifact": "^2.2.2", @@ -36,9 +36,9 @@ } }, "node_modules/@actions/artifact": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.2.2.tgz", - "integrity": "sha512-UtS1kcINiPRkI3/hDKkO/XdrtKo89kn8s81J67QNBU6RRMWSSXrrfCCbQVThuxcdW2boOLv51NVCEKyo954A2A==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.3.1.tgz", + "integrity": "sha512-3uW25BNAqbMBcasNK+DX4I0Vl8aQdo65K6DRufJiNYjqfhSMfeRE4YGjWLaKmF+H+7bp1ADlQ5NksC61fpvYbQ==", "dependencies": { "@actions/core": "^1.10.0", "@actions/github": "^5.1.1", @@ -6032,9 +6032,9 @@ "dev": true }, "@actions/artifact": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.2.2.tgz", - "integrity": "sha512-UtS1kcINiPRkI3/hDKkO/XdrtKo89kn8s81J67QNBU6RRMWSSXrrfCCbQVThuxcdW2boOLv51NVCEKyo954A2A==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.3.1.tgz", + "integrity": "sha512-3uW25BNAqbMBcasNK+DX4I0Vl8aQdo65K6DRufJiNYjqfhSMfeRE4YGjWLaKmF+H+7bp1ADlQ5NksC61fpvYbQ==", "requires": { "@actions/core": "^1.10.0", "@actions/github": "^5.1.1", diff --git a/package.json b/package.json index 3b19587..1a7cbb5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "download-artifact", - "version": "4.1.9", + "version": "4.2.0", "description": "Download an Actions Artifact from a workflow run", "main": "dist/index.js", "scripts": { @@ -28,7 +28,7 @@ }, "homepage": "https://github.com/actions/download-artifact#readme", "dependencies": { - "@actions/artifact": "^2.2.2", + "@actions/artifact": "^2.3.1", "@actions/core": "^1.10.1", "@actions/github": "^5.1.1", "minimatch": "^9.0.3" diff --git a/src/download-artifact.ts b/src/download-artifact.ts index aedfe12..71852f3 100644 --- a/src/download-artifact.ts +++ b/src/download-artifact.ts @@ -117,7 +117,8 @@ async function run(): Promise { path: isSingleArtifactDownload || inputs.mergeMultiple ? resolvedPath - : path.join(resolvedPath, artifact.name) + : path.join(resolvedPath, artifact.name), + expectedHash: artifact.digest }) ) @@ -126,6 +127,15 @@ async function run(): Promise { await Promise.all(chunk) } + for (const dlPromise of downloadPromises) { + const outcome = await dlPromise + if (outcome.digestMismatch) { + core.warning( + `Artifact digest validation failed. Please verify the integrity of the artifact.` + ) + } + } + core.info(`Total of ${artifacts.length} artifact(s) downloaded`) core.setOutput(Outputs.DownloadPath, resolvedPath) core.info('Download artifact has finished successfully')