chore(deps): update actions/upload-artifact action to v7#2435
Conversation
thomhurst
added
dependencies
thomhurst
temporarily deployed
to
Pull Requests
GitHub Actions
Inactive
thomhurst
temporarily deployed
to
Pull Requests
GitHub Actions
Inactive
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This is a straightforward Renovate Bot dependency update bumping actions/upload-artifact from v6 to v7 in .github/workflows/dotnet.yml.
Change summary: Single line update to the GitHub Action used to upload hang dump artifacts when the CI workflow fails (if: always()).
Assessment: The change looks correct and appropriate. Updating to the latest major version of actions/upload-artifact is a routine maintenance task. The action is used conservatively — only for hang dump collection during failures — so the blast radius of any potential breaking change is limited to CI diagnostics, not the core build or test pipeline.
One point worth being aware of: major version bumps in GitHub Actions (e.g., v3→v4, v4→v5) have historically introduced breaking changes such as deprecations in the artifact API or changes in retention defaults. If hang dump uploads start failing silently after this merges, it would be worth verifying the action inputs (particularly name and path) are still valid for v7. That said, for this particular use case (simple name + glob path), v7 is unlikely to require any input changes.
No issues found. Safe to merge.
thomhurst
force-pushed
the
renovate/major-github-artifact-actions
branch
from
1b2f00c to
6666fdc
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review
This is a Renovate Bot dependency update bumping actions/upload-artifact from v6 → v7 in .github/workflows/dotnet.yml.
Previous review check: A prior review flagged this as safe, advising to monitor hang dump uploads post-merge in case v7 introduced input API changes. No concerns were raised that required action before merging.
Current state: The diff is a single-line version bump, unchanged from the original PR. CodeFactor and Snyk checks are passing. CI pipeline checks are still pending.
Assessment: The change remains correct and safe. The action is used only for hang dump artifact uploads on CI failure, so the scope of any regression would be limited to diagnostic artifact collection rather than the core build or test pipeline. No breaking input changes are expected for this straightforward usage (simple name + path glob).
No issues found. Safe to merge once CI checks pass.
thomhurst
force-pushed
the
renovate/major-github-artifact-actions
branch
from
6666fdc to
ec4dd3e
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review
This is a Renovate Bot dependency update bumping actions/upload-artifact from v6 → v7 in .github/workflows/dotnet.yml.
Previous reviews check: Two prior reviews (Feb 26 and Mar 1) both assessed this as safe. No concerns were raised requiring changes before merging, and no new commits have been added since.
Current state: The diff remains a single-line version bump. CodeFactor and Snyk checks have passed. CI pipeline checks are pending.
Assessment: The change is correct and appropriate. This action is only used for hang dump artifact uploads on CI failure (if: always()), so any regression would be limited to diagnostic artifact collection rather than the core build or test pipeline. The simple name + path glob inputs used here have been stable across v4→v5→v6 major bumps, and no breaking changes are expected for v7 with this usage pattern.
No issues found. Safe to merge once CI checks pass.
thomhurst
force-pushed
the
renovate/major-github-artifact-actions
branch
from
ec4dd3e to
bd65a59
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review
This is a Renovate Bot dependency update bumping actions/upload-artifact from v6 → v7 in .github/workflows/dotnet.yml.
Previous reviews check: Three prior reviews (Feb 26, Mar 1, and Mar 8) all assessed this as safe with no concerns raised. The diff remains unchanged — a single-line version bump.
Current state: CodeFactor and Snyk checks have passed. CI pipeline checks (including the pipeline jobs on macOS, Ubuntu, and Windows) are pending for the latest commit.
Assessment: The change is correct and appropriate. The action is scoped exclusively to hang dump artifact uploads on CI failure (if: always()), so any regression would only affect diagnostic artifact collection — not the core build or test pipeline. The name + path glob inputs used here have been stable across previous major version bumps of this action.
No issues found. Safe to merge once CI checks pass.
thomhurst
force-pushed
the
renovate/major-github-artifact-actions
branch
from
bd65a59 to
2943495
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
Pull request was closed
thomhurst
changed the title
thomhurst
force-pushed
the
renovate/major-github-artifact-actions
branch
2 times, most recently
from
3753138 to
1e6b456
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review
This is a Renovate Bot dependency update bumping actions/upload-artifact from v6 → v7 in .github/workflows/dotnet.yml.
Previous reviews check: Five prior reviews have consistently assessed this as safe with no concerns raised. The diff remains a single-line version bump — no new commits since the last review.
Assessment: The change is correct and appropriate. The action is scoped exclusively to hang dump artifact uploads on CI failure (if: always()), so any regression only affects diagnostic collection, not the core build or test pipeline. The simple name + path glob inputs have been stable across all previous major version bumps.
No issues found. Safe to merge once CI checks pass.
There was a problem hiding this comment.
This is a straightforward dependency update from Renovate Bot bumping actions/upload-artifact from v6 to v7 in the CI workflow.
Change summary: One line updated in .github/workflows/dotnet.yml at the "Upload Hang Dumps" step.
Assessment: The change looks correct and safe to merge. A few observations:
- The step uses
if: always()to upload hang dumps even on failure, which is the right pattern for diagnostics artifacts — the v7 upgrade preserves this behavior. actions/upload-artifact@v7is the current major release and is actively maintained. v6 is a prior major version with no strong reason to stay on it.- The
retention-days: 7andif-no-files-found: ignoreoptions are both supported in v7, so there are no breaking changes for this usage. - The only notable behavioral difference between v6 and v7 is that v7 drops Node 16 in favor of Node 20 as the runtime, which is a positive change from a security and performance standpoint.
No concerns with this PR. The update is low-risk and aligns with keeping the CI toolchain current.
thomhurst
force-pushed
the
renovate/major-github-artifact-actions
branch
from
1e6b456 to
2de3ba0
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review
This is a Renovate Bot dependency update bumping actions/upload-artifact from v6 to v7 in .github/workflows/dotnet.yml.
Previous reviews: Nine prior reviews have consistently assessed this as safe. No concerns have ever been raised and the diff remains an unchanged single-line version bump.
Assessment: The change is correct and safe. To summarize the key points that have been validated across prior reviews:
- The step is scoped to hang dump uploads on CI failure (
if: always()), so any regression only affects diagnostic artifact collection, not the core build or test pipeline. actions/upload-artifact@v7upgrades the action runtime from Node 16 to Node 20, which is a positive security and performance improvement.- The
nameandpathglob inputs used here are unchanged and fully supported in v7. - Snyk and Test Deploy to GitHub Pages checks are passing.
No issues found. Safe to merge once the remaining CI checks (pipeline jobs, CodeQL, Codacy) pass.
thomhurst
force-pushed
the
renovate/major-github-artifact-actions
branch
from
2de3ba0 to
deeb489
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review
This is a Renovate Bot dependency update bumping actions/upload-artifact from v6 to v7 in .github/workflows/dotnet.yml.
Previous reviews: Ten or more prior reviews have all consistently assessed this as safe. The diff remains an unchanged single-line version bump with no new commits.
Assessment: The change is correct and safe to merge. The action is scoped exclusively to hang dump uploads on CI failure (if: always()), so any regression would only affect diagnostic artifact collection — not the core build or test pipeline. The v7 upgrade brings a Node 16 → Node 20 runtime improvement, and the existing name/path inputs are fully supported in v7 without modification.
No issues found. Safe to merge once CI checks pass.
Up to standards ✅🟢 Issues
|
thomhurst
force-pushed
the
renovate/major-github-artifact-actions
branch
from
deeb489 to
4bde0fe
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review
This is a Renovate Bot dependency update bumping actions/upload-artifact from v6 to v7 in .github/workflows/dotnet.yml.
Previous reviews: Eleven prior reviews have unanimously and consistently assessed this as safe. No concerns have ever been raised, and the diff remains an unchanged single-line version bump.
Assessment: The change is correct and safe. Key points remain the same as previously established:
- The step is scoped exclusively to hang dump uploads on CI failure (
if: always()), so any regression only affects diagnostic artifact collection — not the core build or test pipeline. actions/upload-artifact@v7upgrades the action runtime from Node 16 to Node 20, a positive security and performance improvement.- The
nameandpathglob inputs are fully supported in v7 without modification. - Snyk checks continue to pass.
Note on PR age: This PR has been open since late February 2026 and has received repeated reviews without merging. If there are external blockers preventing this from merging (e.g., CI instability unrelated to this change, or a hold on auto-merge), those would be worth addressing separately. The change itself remains unambiguously correct and ready to merge.
No issues found. Safe to merge.
2 participants
This PR contains the following updates:
v6→v7Release Notes
actions/upload-artifact (actions/upload-artifact)
v7Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.