Update actions/upload-artifact action to v7

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/upload-artifact	action	major	v6 → v7

---

Release Notes

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

• Update the readme with direct upload details by @​danwkennedy in #​795
• Readme: bump all the example versions to v7 by @​danwkennedy in #​796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in #​797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in #​754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in #​762
• Support direct file uploads by @​danwkennedy in #​764

New Contributors

• @​Link- made their first contribution in #​754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v7

Compare Source

---

Configuration

📅 Schedule: (in timezone America/Los_Angeles)

• Branch creation
  • "before 9am every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

PR Review: Update actions/upload-artifact to v7

This is a dependency update from Renovate that upgrades the actions/upload-artifact GitHub Action from v6 to v7.

✅ Code Quality & Best Practices

Good:

• Uses commit SHA pinning (bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) with version comment for security and reproducibility
• Change is minimal and focused (single line update)
• Maintains consistent version comment pattern with other actions in the workflow

🔍 Compatibility Analysis

Current usage (.github/workflows/integration.yml:30-36):

- name: Upload logs
  if: always()
  uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
  with:
    name: integration-test-logs
    path: test-logs/
    retention-days: 7

Assessment:

• The usage is straightforward with basic parameters (name, path, retention-days)
• These are core parameters that should remain stable across major versions
• The if: always() condition ensures logs are uploaded even on test failure (good practice)

⚠️ Recommendations

Before merging:

1. Verify CI passes: Ensure the integration tests run successfully with v7
2. Check artifact upload: After CI completes, verify that the integration-test-logs artifact is properly uploaded and downloadable
3. Review breaking changes: Although basic usage should be compatible, review the v7 release notes for any behavioral changes

Action items:

• Confirm integration test workflow completes successfully
• Verify artifact appears in Actions run artifacts
• Check artifact contents match expected log files from test/integration/run.sh:29-47

🎯 Specific Considerations for This Repo

From CLAUDE.md, this project values:

• Explicit error handling: The artifact upload is correctly wrapped with if: always() to capture failure scenarios
• Debugging workflow: Artifact upload is critical for debugging integration test failures in CI

The test script (test/integration/run.sh:29-47) exports:

• Plugin logs from /var/lib/docker-plugins/tailscale/
• Plugin state (plugin-inspect.json)
• Docker compose logs
• Debug logs from Tailscale daemons

These logs are essential for diagnosing failures, so ensuring the artifact upload works correctly with v7 is important.

✅ Overall Assessment

This is a low-risk dependency update with no code changes to the actual project. The upgrade appears safe given:

• Simple, stable API usage
• GitHub Actions maintains backward compatibility for basic features
• SHA-pinned for security

Recommendation: ✅ Approve and merge once CI passes and artifact upload is verified.

---

Review conducted per CLAUDE.md guidelines

[claude]

Code Review - PR #30: Update actions/upload-artifact to v7

Summary

This is an automated dependency update by Renovate that upgrades actions/upload-artifact from v6 to v7 in the integration workflow. The change is minimal and focused.

Review

✅ Positive Aspects

1. Security: Using commit SHA pins (043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) follows security best practices to prevent supply chain attacks
2. Scope: The change only affects one workflow file and maintains backward compatibility with existing parameters
3. Minimal Risk: The workflow configuration remains unchanged - same name, path, and retention-days parameters
4. CI Safety: The if: always() condition ensures logs are uploaded even on test failures, which is preserved

🔍 Verification Needed

Since this is a major version bump (v6 → v7), I recommend:

1. Review Release Notes: Check the actions/upload-artifact v7 release notes for:

   • Breaking changes that might affect artifact upload/download behavior
   • Changes to artifact retention or storage
   • New features or deprecations

2. Test Integration: Before merging, verify that:

   • The integration tests still run successfully
   • Logs are properly uploaded to GitHub Actions artifacts
   • No warnings appear in the workflow run about deprecated features

📝 Current Usage Analysis

Looking at the integration test setup (.github/workflows/integration.yml:30-36):

• Logs are uploaded from test-logs/ directory
• Configured with 7-day retention
• Upload happens on both success and failure (if: always())

The test script (test/integration/run.sh) exports:

• Plugin logs from /var/lib/docker-plugins/tailscale
• Plugin inspection JSON
• Docker compose logs
• All with proper permissions (chown)

This configuration should work with v7, but validation is recommended.

⚠️ Considerations

1. Artifact Naming: If v7 changes how artifact names are handled (especially for matrix builds), this could affect log retrieval. Current setup uses a simple static name integration-test-logs
2. Concurrency: The workflow has concurrency.cancel-in-progress: false, so multiple runs won't cancel each other - ensure v7 handles artifact overwrites correctly
3. Permissions: Verify the workflow still has appropriate permissions for artifact uploads (usually automatic, but worth checking if v7 has new requirements)

Recommendation

Conditional Approval - This change appears safe, but I recommend:

1. Reviewing the v7 changelog before merging
2. Running the integration tests at least once to verify artifact upload works
3. Checking that artifacts are accessible and downloadable after the test run

If the integration tests pass with v7 and no warnings appear, this PR should be safe to merge.

---

Review performed by Claude Code following the tslink development guide and Go best practices