Bump actions/upload-artifact from 5 to 6

[dependabot]

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

---

Resolves #745
Resolves #744
Resolves actions/upload-artifact#719
Resolves actions/upload-artifact#744
Resolves actions/upload-artifact#745

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide: The change is a simple version bump in a YAML workflow file. The formatting and structure follow standard GitHub Actions YAML conventions. (.github/workflows/python-coverage-comment.yaml:44)

✅ No commented-out code: No commented code present in the diff.

✅ Meaningful variable names: N/A - This is a configuration change, not code with variables.

✅ DRY principle followed: N/A - Single line change updating a version number.

✅ No defects identified: The change from actions/upload-artifact@v5 to actions/upload-artifact@v6 is a straightforward version bump. Note that this change is consistent with the existing codebase - I can see that line 26 already uses actions/download-artifact@v6 and line 22 uses actions/checkout@v6, so this update aligns all artifact actions to v6.

✅ Project memory configuration: Considered - this is part of the shared build resources repository's workflow templates.

Testing

⚠️ Testing considerations:

• N/A for unit/integration tests (this is a workflow configuration)
• This change should be tested by triggering the workflow to ensure actions/upload-artifact@v6 works as expected
• The upgrade from v5 to v6 is a major version change and should be verified in a real workflow run

Documentation

❌ CHANGELOG.md not updated: The CHANGELOG.md file exists but has not been updated to reflect this dependency version bump. This should be documented under the [Unreleased] section. (CHANGELOG.md:8-11)

✅ README: No README update needed for this internal workflow change.

✅ API docs: N/A - workflow configuration change.

✅ Inline comments: N/A - self-documenting configuration change.

✅ Markdown formatting: The YAML file structure is clean and properly formatted.

Security

✅ No hardcoded credentials: Uses ${{ secrets.GITHUB_TOKEN }} appropriately.

✅ Input validation: N/A - configuration change only.

✅ Proper error handling: The conditional if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true' is maintained.

✅ No sensitive data in logs: No logging changes.

✅ No license files or AQAAAD strings: None detected.

---

Summary

Overall Assessment: ✅ APPROVE with minor change required

The code change itself is good and maintains consistency with other actions in the workflow (all now using v6). However:

Required Action:

• Update CHANGELOG.md to document this dependency version bump under the [Unreleased] section

Recommendation:

• Ensure the workflow is tested after merging to verify actions/upload-artifact@v6 compatibility

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

I'll perform a code review of this pull request diff against the checklist.

Code Review Analysis

Code Quality ✅

• Style Guide Compliance: ✅ The change follows standard YAML formatting conventions
• No Commented-Out Code: ✅ No commented code present
• Meaningful Variable Names: ✅ N/A - This is a dependency version bump
• DRY Principle: ✅ N/A - Single line change
• Defects: ✅ No bugs, logic errors, or security vulnerabilities introduced. This is a straightforward dependency upgrade from actions/upload-artifact@v5 to v6 at .github/workflows/python-coverage-comment.yaml:44
• Project Memory Configuration: ✅ The change aligns with the repository's purpose of providing reusable GitHub Actions workflow templates

Testing ⚠️

• Unit Tests: ⚠️ N/A - This is a GitHub Actions workflow change, not application code
• Integration Tests: ⚠️ The workflow itself serves as an integration test. Recommend verifying that the workflow runs successfully with actions/upload-artifact@v6 in a test PR
• Edge Cases: ✅ The artifact upload step has a conditional check (if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true') which handles the edge case appropriately
• Test Coverage: ⚠️ N/A - Not applicable to workflow files

Documentation ✅

• README Updated: ✅ N/A - This is a minor dependency bump that doesn't require README changes
• API Docs: ✅ N/A - No API changes
• Inline Comments: ✅ The workflow has clear step names that document intent
• CHANGELOG.md: ❌ Should be updated - Per the repository standards, CHANGELOG.md should be updated to document this dependency upgrade
• Markdown Formatting: ✅ N/A - No markdown files modified

Security ✅

• No Hardcoded Credentials: ✅ Uses ${{ secrets.GITHUB_TOKEN }} appropriately
• Input Validation: ✅ N/A - No user inputs in this change
• Error Handling: ✅ Conditional execution is properly configured
• No Sensitive Data in Logs: ✅ No sensitive data exposed
• License Files: ✅ No .lic files or AQAAAD strings present

---

Summary

Overall Assessment: ✅ Approved with minor recommendation

This is a clean dependency update from actions/upload-artifact@v5 to v6. The change is minimal, safe, and aligns with keeping dependencies current.

Required Action:

• ❌ CHANGELOG.md should be updated to document this dependency upgrade following keepachangelog.com format

Recommendations:

1. Verify the workflow runs successfully with v6 (check for any breaking changes in the upload-artifact v6 release notes)
2. Consider updating other workflows in this repository that may still use v5

Files Affected:

• .github/workflows/python-coverage-comment.yaml:44

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Results

Pull Request Summary

This PR bumps actions/upload-artifact from v5 to v6 in the python-coverage-comment.yaml workflow file.

---

Code Quality

✅ Code follows style guide

• This is a GitHub Actions workflow YAML file
• The change is a simple version bump following GitHub Actions best practices
• Syntax is correct and properly formatted

✅ No commented-out code

• No commented code present

✅ Meaningful variable names

• Not applicable - this is a version number change only

✅ DRY principle followed

• Not applicable - single line change

✅ No defects identified

• The change is straightforward and safe
• actions/upload-artifact@v6 is a valid and recommended version
• The action usage is consistent with v6 API (no breaking changes affecting this usage)
• Note: The file shows consistent action versioning - actions/checkout@v6 and actions/download-artifact@v6 are already using v6 (lines 22 and 26)

✅ Project memory configuration considered

• The .claude/CLAUDE.md file was reviewed
• This change aligns with the repository's purpose as a shared build resources repository
• The change maintains consistency across workflow action versions

---

Testing

✅ Unit tests for new functions

• Not applicable - infrastructure/workflow change only

✅ Integration tests for new endpoints

• Not applicable - no new endpoints

✅ Edge cases covered

• Not applicable - dependency version bump

✅ Test coverage > 80%

• Not applicable - workflow configuration change

---

Documentation

✅ Readme updated if needed

• Not applicable - this is a minor version bump that doesn't affect usage

✅ API docs updated

• Not applicable - no API changes

✅ Inline comments for complex logic

• Not applicable - no complex logic added

❌ CHANGELOG.md NOT updated

• File: /home/runner/work/build-resources/build-resources/CHANGELOG.md
• Issue: The CHANGELOG.md should document this dependency update
• Recommendation: Add an entry under [Unreleased] section:

  ### Changed
  - Bump actions/upload-artifact from 5 to 6 in python-coverage-comment workflow

✅ Markdown formatting

• The workflow YAML file is properly formatted
• Not applicable to YAML syntax

---

Security

✅ No hardcoded credentials

• No credentials present

✅ Input validation implemented

• Not applicable - workflow configuration

✅ Proper error handling

• Existing conditional logic preserved: if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true'

✅ No sensitive data in logs

• No sensitive data exposed

✅ No license files or AQAAAD strings

• No .lic files or suspicious strings detected

---

Summary

Overall Assessment: APPROVED with minor documentation requirement

This is a clean, safe dependency update that maintains version consistency across the workflow file. The only action item is updating the CHANGELOG.md file to document this change.

Action Required:

• Update CHANGELOG.md with an entry for this dependency bump

Additional Note:
This change achieves version consistency - all GitHub Actions in this workflow now use v6 (checkout@v6, download-artifact@v6, upload-artifact@v6).

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Results

Pull Request Summary

This PR bumps actions/upload-artifact from v5 to v6 in the python-coverage-comment.yaml workflow file.

---

Review Checklist Results

Code Quality

✅ Code follows style guide - This is a YAML workflow file. The change is a simple version bump with proper indentation maintained.

✅ No commented-out code - No commented code present.

✅ Meaningful variable names - N/A for this change (dependency version bump only).

✅ DRY principle followed - N/A for this change.

✅ Identify Defects - No bugs, logic errors, or security vulnerabilities introduced. The version bump is consistent with the rest of the file (line 26 already uses actions/download-artifact@v6), making the codebase more consistent.

✅ Project memory configuration - The .claude/CLAUDE.md file provides appropriate general guidance and doesn't contain environment-specific information.

Testing

✅ Unit tests for new functions - N/A (dependency version bump, no new code).

✅ Integration tests for new endpoints - N/A (workflow configuration change).

✅ Edge cases covered - N/A (GitHub Actions version bump).

✅ Test coverage > 80% - N/A (no testable code added).

Documentation

✅ Readme updated if needed - N/A (no readme changes needed for this dependency bump).

✅ API docs updated - N/A (no API changes).

✅ Inline comments for complex logic - N/A (no complex logic).

❌ CHANGELOG.md updated - The CHANGELOG.md at line 8-11 shows an [Unreleased] section, but this PR's dependency bump is not documented there. This change should be added to track the upgrade from actions/upload-artifact@v5 to v6.

✅ Markdown files formatted - N/A (no markdown files modified in this PR).

Security

✅ No hardcoded credentials - No credentials present.

✅ Input validation implemented - N/A for this change.

✅ Proper error handling - N/A for this change.

✅ No sensitive data in logs - No sensitive data introduced.

✅ No license files or AQAAAD strings - None detected.

---

Summary

Overall Assessment: ✅ APPROVED with minor documentation improvement needed

The code change is clean and appropriate. It updates actions/upload-artifact from v5 to v6 on line 44 of .github/workflows/python-coverage-comment.yaml, making it consistent with actions/download-artifact@v6 already used on line 26.

Action Required:

• Update CHANGELOG.md to document this dependency upgrade in the [Unreleased] section.

Positive Notes:

• This change improves consistency within the workflow file
• The commit message "Bump actions/upload-artifact from 5 to 6" is clear and follows good practices
• No breaking changes or security concerns introduced

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

I'll perform an immediate code review of this pull request against the Senzing checklist.

Code Review Analysis

Code Quality ✅

• Style Guide Compliance: ✅ The change follows standard GitHub Actions syntax and formatting
• No Commented-Out Code: ✅ No commented code present
• Meaningful Variable Names: ✅ N/A for this change
• DRY Principle: ✅ N/A for this change
• Defects: ✅ No bugs, logic errors, or security vulnerabilities introduced. This is a dependency version bump from v5 to v6 of actions/upload-artifact, which is a standard maintenance update.
• Project Memory (.claude/CLAUDE.md): ✅ Compliant - This change aligns with the repository's purpose of maintaining reusable GitHub Actions workflows with up-to-date dependencies.

Testing ⚠️

• Unit Tests: ⚠️ Not applicable for GitHub Actions workflow changes, but manual verification should be performed
• Integration Tests: ⚠️ Should verify the workflow runs successfully with the new version
• Edge Cases: ✅ The upload-artifact v6 action maintains backward compatibility for this use case
• Test Coverage: N/A for workflow files

Documentation ✅

• README Updated: ✅ Not required for this minor version bump
• API Docs: ✅ Not applicable
• Inline Comments: ✅ Not required for this change
• CHANGELOG.md: ❌ Missing - According to Senzing standards, CHANGELOG.md should be updated for all changes, including dependency updates. This should be documented under an "Changed" section following keepachangelog.com format.
• Markdown Formatting: ✅ Not applicable (no markdown changes)

Security ✅

• No Hardcoded Credentials: ✅ None present (only references to secrets.GITHUB_TOKEN which is correct)
• Input Validation: ✅ Not applicable
• Proper Error Handling: ✅ Conditional execution is properly implemented
• No Sensitive Data in Logs: ✅ None present
• License Files (.lic) or AQAAAD Strings: ✅ None detected

Summary

Overall Assessment: ✅ Approved with minor documentation requirement

Required Changes:

1. CHANGELOG.md (./.github/workflows/python-coverage-comment.yaml:44): Update CHANGELOG.md to document this dependency version bump from actions/upload-artifact@v5 to actions/upload-artifact@v6

Recommendations:

• Verify the workflow runs successfully in CI/CD pipeline with the new artifact action version
• Consider reviewing GitHub's migration guide for actions/upload-artifact v6 to ensure no breaking changes affect this specific use case

The change itself is straightforward and safe - it's a minor version bump of a well-maintained GitHub Action. The only blocking issue is the missing CHANGELOG.md update per Senzing standards.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Pull Request Summary

This PR updates the actions/upload-artifact action from v5 to v6 in the Python coverage comment workflow.

---

Checklist Evaluation

Code Quality ✅

• ✅ Code follows style guide: N/A - This is a GitHub Actions workflow dependency version bump, not application code
• ✅ No commented-out code: Clean diff with no commented code
• ✅ Meaningful variable names: N/A - No new variables introduced
• ✅ DRY principle followed: N/A - Single line change
• ✅ Identify Defects: No bugs, logic errors, or security vulnerabilities introduced. This is a straightforward dependency update.
• ✅ Project memory consideration: The change aligns with the repository's purpose as a shared build resources repository providing reusable GitHub Actions workflow templates.

Testing ⚠️

• ⚠️ Unit tests for new functions: N/A - No new functions, but note that this workflow change should be tested in a real PR scenario
• ⚠️ Integration tests for new endpoints: N/A - No endpoints
• ⚠️ Edge cases covered: N/A - Workflow version bump
• ⚠️ Test coverage > 80%: N/A - Not applicable to workflow files

Note: While automated tests aren't applicable here, this change should be validated by ensuring the workflow runs successfully with v6 of the upload-artifact action.

Documentation ✅

• ✅ Readme updated if needed: No README update needed for internal workflow dependency bump
• ✅ API docs updated: N/A - No API changes
• ✅ Inline comments for complex logic: N/A - No complex logic
• ❌ CHANGELOG.md updated: .github/workflows/python-coverage-comment.yaml:43 - CHANGELOG.md should be updated to reflect this dependency version bump following keepachangelog.com standards
• ✅ Markdown formatting: N/A - No markdown files modified

Security ✅

• ✅ No hardcoded credentials: No credentials present
• ✅ Input validation implemented: N/A - No new inputs
• ✅ Proper error handling: Existing error handling preserved
• ✅ No sensitive data in logs: No logging changes
• ✅ No license files or AQAAAD strings: None detected

---

Summary

Overall Assessment: ✅ Approved with minor documentation suggestion

This is a clean dependency update from actions/upload-artifact@v5 to v6. The change is straightforward and low-risk.

Required Action:

• ❌ Update CHANGELOG.md to document this dependency upgrade

Recommendation:
The change looks good. According to GitHub Actions best practices, actions/upload-artifact@v6 is the latest major version and includes performance improvements. Ensure that this workflow is tested in an actual PR to confirm compatibility with the rest of the workflow chain (particularly the corresponding download-artifact action, which should also be at v6+ based on the git log showing a previous bump to v7).

Automated code review analyzing defects and coding standards