Bump actions/upload-pages-artifact from 3.0.1 to 5.0.0#102
Bump actions/upload-pages-artifact from 3.0.1 to 5.0.0#102dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3.0.1 to 5.0.0. - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@56afc60...fc324d3) --- updated-dependencies: - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
This PR updates the actions/upload-pages-artifact GitHub Action in the Jekyll deployment workflow from v3.0.1 to v5.0.0, pinned to a specific commit hash.
Changes
actions/upload-pages-artifactbumped from v3.0.1 (56afc609) to v5.0.0 (fc324d3547) in thedeployjob ofjekyll.yml
Impact
- The deployment pipeline's artifact upload step is updated to a new major version
- The companion
actions/deploy-pagesaction (which consumes the artifact produced byupload-pages-artifact) remains at v4.0.5 and is not updated alongside this change
|
|
||
| - name: Upload artifact | ||
| uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 | ||
| uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 |
There was a problem hiding this comment.
bug (high): The actions/upload-pages-artifact action is being bumped from v3.0.1 to v5.0.0 (skipping v4 entirely), while the companion actions/deploy-pages action remains at v4.0.5. These two actions are tightly coupled — upload-pages-artifact produces an artifact in a specific format that deploy-pages must be able to consume.
A two-major-version jump in upload-pages-artifact without a corresponding update to deploy-pages is a concrete compatibility risk. If the artifact schema or naming convention changed between v3 and v5, the deploy-pages@v4 step will fail to locate or process the artifact, breaking the entire deployment pipeline.
The fix is to also update actions/deploy-pages to its latest version (v5.x) to match:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@LATEST_V5_COMMIT_HASH # v5.x.xBoth actions should be kept in sync at compatible major versions.
Help us improve our suggestions - react with 👍 if it was helpful, 👎 if it needs work
Bumps actions/upload-pages-artifact from 3.0.1 to 5.0.0.
Release notes
Sourced from actions/upload-pages-artifact's releases.
Commits
fc324d3Merge pull request #139 from Tom-van-Woudenberg/patch-1fe9d4b7Merge branch 'main' into patch-10ca1617Merge pull request #137 from jonchurch/include-hidden-files57f0e84Update action.yml4a90348v7 --> hash56f665aUpdate upload-artifact action to version 7f7615f5Addinclude-hidden-filesinput7b1f4a7Merge pull request #127 from heavymachinery/pin-sha4cc19c7Pinactions/upload-artifactto SHA2d163beMerge pull request #107 from KittyChiu/mainDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)