Bump @actions/artifact to version 0.5.1 (#189)

* Bump @actions/artifact to version 0.5.1

* Update license versions

.gitattributes

@@ -1 +1,2 @@
-* text=auto eol=lf
+* text=auto eol=lf
+.licenses/** -diff linguist-generated=true

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @actions/artifacts-actions

.github/workflows/codeql-analysis.yml

@@ -2,6 +2,7 @@ name: "Code scanning - action"
 
 on:
   push:
+  pull_request:
     paths-ignore:
       - '**.md'
   schedule:

.github/workflows/licensed.yml

@@ -0,0 +1,20 @@
+name: Licensed
+
+on:
+  push: {branches: main}
+  pull_request: {branches: main}
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Check licenses
+    steps:
+      - uses: actions/checkout@v2
+      - run: npm ci
+      - name: Install licensed
+        run: |
+          cd $RUNNER_TEMP
+          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
+          sudo tar -xzf licensed.tar.gz
+          sudo mv licensed /usr/local/bin/licensed
+      - run: licensed status

.licensed.yml

@@ -0,0 +1,15 @@
+sources:
+  npm: true
+
+allowed:
+  - apache-2.0
+  - bsd-2-clause
+  - bsd-3-clause
+  - isc
+  - mit
+  - cc0-1.0
+  - unlicense
+
+reviewed:
+  npm:
+  - fs.realpath

CONTRIBUTING.md

@@ -41,6 +41,10 @@ Here are a few things you can do that will increase the likelihood of your pull
 - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
 - Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
 
+## Licensed
+
+This repository uses a tool called [Licensed](https://github.com/github/licensed) to verify third party dependencies. You may need to locally install licensed and run `licensed cache` to update the dependency cache if you install or update a production dependency. If licensed cache is unable to determine the dependency, you may need to modify the cache file yourself to put the correct license. You should still verify the dependency, licensed is a tool to help, but is not a substitute for human review of dependencies.
+
 ## Resources
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)

README.md

@@ -199,14 +199,41 @@ Environment variables along with context expressions can also be used for input.
         path: ${{ github.workspace }}/artifact/**/*
 ```
 
+### Retention Period
+
+Artifacts are retained for 90 days by default. You can specify a shorter retention period using the `retention-days` input:
+
+```yaml
+  - name: 'Create a file'
+    run: echo "I won't live long" > my_file.txt
+
+  - name: 'Upload Artifact'
+    uses: actions/upload-artifact@v2
+    with:
+      name: my-artifact
+      path: my_file.txt
+      retention-days: 5
+
+```
+
+The retention period must be between 1 and 90 inclusive. For more information see [artifact and log retention policies](https://docs.github.com/en/free-pro-team@latest/actions/reference/usage-limits-billing-and-administration#artifact-and-log-retention-policy).
+
 ## Where does the upload go?
-In the top right corner of a workflow run, once the run is over, if you used this action, there will be a `Artifacts` dropdown which you can download items from. Here's a screenshot of what it looks like<br/>
-<img src="https://user-images.githubusercontent.com/16109154/72556687-20235a80-386d-11ea-9e2a-b534faa77083.png" width="375" height="140">
+
+At the bottom of the workflow summary page, there is a dedicated section for artifacts. Here's a screenshot of something you might see:
+
+<img src="https://user-images.githubusercontent.com/16109154/103645952-223c6880-4f59-11eb-8268-8dca6937b5f9.png" width="700" height="300">
 
 There is a trashcan icon that can be used to delete the artifact. This icon will only appear for users who have write permissions to the repository.
 
+The size of the artifact is denoted in bytes. The displayed artifact size denotes the raw uploaded artifact size (the sum of all the individual files uploaded during the workflow run for the artifact), not the compressed size. When you click to download an artifact from the summary page, a compressed zip is created with all the contents of the artifact and the size of the zip that you download may differ significantly from the displayed size. Billing is based on the raw uploaded size and not the size of the zip.
+
 # Limitations
 
+### Zipped Artifact Downloads
+
+During a workflow run, files are uploaded and downloaded individually using the `upload-artifact` and `download-artifact` actions. However, when a workflow run finishes and an artifact is downloaded from either the UI or through the [download api](https://developer.github.com/v3/actions/artifacts/#download-an-artifact), a zip is dynamically created with all the file contents that were uploaded. There is currently no way to download artifacts after a workflow run finishes in a format other than a zip or to download artifact contents individually. One of the consequences of this limitation is that if a zip is uploaded during a workflow run and then downloaded from the UI, there will be a double zip created. 
+
 ### Permission Loss
 
 :exclamation: File permissions are not maintained during artifact upload :exclamation: For example, if you make a file executable using `chmod` and then upload that file, post-download the file is no longer guaranteed to be set as an executable.
@@ -229,6 +256,11 @@ If file permissions and case sensitivity are required, you can `tar` all of your
       name: my-artifact
       path: my_files.tar    
 ```
+### Too many uploads resulting in 429 responses
+
+A very minute subset of users who upload a very very large amount of artifacts in a short period of time may see their uploads throttled or fail because of `Request was blocked due to exceeding usage of resource 'DBCPU' in namespace` or `Unable to copy file to server StatusCode=TooManyRequests`.
+
+To reduce the chance of this happening, you can reduce the number of HTTP calls made during artifact upload by zipping or archiving the contents of your artifact before an upload starts. As an example, imagine an artifact with 1000 files (each 10 Kb in size). Without any modification, there would be around 1000 HTTP calls made to upload the artifact. If you zip or archive the artifact beforehand, the number of HTTP calls can be dropped to single digit territory. Measures like this will significantly speed up your upload and prevent uploads from being throttled or in some cases fail.
 
 ## Additional Documentation
 

action.yml

@@ -17,6 +17,12 @@ inputs:
         error: Fail the action with an error message
         ignore: Do not output any warnings or errors, the action does not fail
     default: 'warn'
+  retention-days:
+    description: >
+      Duration after which artifact will expire in days. 0 means using default retention.
+
+      Minimum 1 day.
+      Maximum 90 days unless changed from the repository settings page.
 runs:
   using: 'node12'
-  main: 'dist/index.js'
+  main: 'dist/index.js'

package.json

@@ -28,21 +28,23 @@
     "url": "https://github.com/actions/upload-artifact/issues"
   },
   "homepage": "https://github.com/actions/upload-artifact#readme",
-  "devDependencies": {
-    "@actions/artifact": "^0.3.3",
-    "@actions/core": "^1.2.3",
+  "dependencies": {
+    "@actions/artifact": "^0.5.1",
+    "@actions/core": "^1.2.6",
     "@actions/glob": "^0.1.0",
-    "@actions/io": "^1.0.2",
+    "@actions/io": "^1.0.2"
+  },
+  "devDependencies": {
     "@types/jest": "^25.2.1",
     "@types/node": "^13.11.1",
     "@typescript-eslint/parser": "^2.27.0",
     "@zeit/ncc": "^0.22.1",
     "concurrently": "^5.1.0",
     "eslint": "^7.4.0",
-    "eslint-plugin-github": "^3.4.1",
+    "eslint-plugin-github": "^4.1.1",
     "eslint-plugin-jest": "^23.8.2",
     "glob": "^7.1.6",
-    "jest": "^26.1.0",
+    "jest": "^26.6.3",
     "jest-circus": "^26.1.0",
     "prettier": "^2.0.4",
     "ts-jest": "^25.3.1",

src/constants.ts

@@ -1,7 +1,8 @@
 export enum Inputs {
   Name = 'name',
   Path = 'path',
-  IfNoFilesFound = 'if-no-files-found'
+  IfNoFilesFound = 'if-no-files-found',
+  RetentionDays = 'retention-days'
 }
 
 export enum NoFileOptions {

src/input-helper.ts

@@ -22,9 +22,19 @@ export function getInputs(): UploadInputs {
     )
   }
 
-  return {
+  const inputs = {
     artifactName: name,
     searchPath: path,
     ifNoFilesFound: noFileBehavior
+  } as UploadInputs
+
+  const retentionDaysStr = core.getInput(Inputs.RetentionDays)
+  if (retentionDaysStr) {
+    inputs.retentionDays = parseInt(retentionDaysStr)
+    if (isNaN(inputs.retentionDays)) {
+      core.setFailed('Invalid retention-days')
+    }
   }
+
+  return inputs
 }

src/upload-artifact.ts

@@ -31,15 +31,26 @@ async function run(): Promise<void> {
         }
       }
     } else {
+      const s = searchResult.filesToUpload.length === 1 ? '' : 's'
       core.info(
-        `With the provided path, there will be ${searchResult.filesToUpload.length} file(s) uploaded`
+        `With the provided path, there will be ${searchResult.filesToUpload.length} file${s} uploaded`
       )
       core.debug(`Root artifact directory is ${searchResult.rootDirectory}`)
 
+      if (searchResult.filesToUpload.length > 10000) {
+        core.warning(
+          `There are over 10,000 files in this artifact, consider create an archive before upload to improve the upload performance.`
+        )
+      }
+
       const artifactClient = create()
       const options: UploadOptions = {
         continueOnError: false
       }
+      if (inputs.retentionDays) {
+        options.retentionDays = inputs.retentionDays
+      }
+
       const uploadResponse = await artifactClient.uploadArtifact(
         inputs.artifactName,
         searchResult.filesToUpload,

src/upload-inputs.ts

@@ -15,4 +15,9 @@ export interface UploadInputs {
    * The desired behavior if no files are found with the provided search path
    */
   ifNoFilesFound: NoFileOptions
+
+  /**
+   * Duration after which artifact will expire in days
+   */
+  retentionDays: number
 }