Bump actions/upload-artifact from 5 to 6

[dependabot]

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates the actions/upload-artifact GitHub Action from v5 to v6 across multiple workflow files. This is a straightforward dependency update with no code logic changes.

---

Code Quality

✅ Code follows style guide - N/A for workflow YAML files. The changes maintain consistent formatting with the existing files.

✅ No commented-out code - No commented code present in the diff.

✅ Meaningful variable names - N/A, no new variables introduced.

✅ DRY principle followed - The change is consistently applied across all workflow files.

✅ Defects Analysis - No bugs, logic errors, or security vulnerabilities introduced. However, important consideration: GitHub Actions v6 of upload-artifact has breaking changes from v5:

• Artifacts are now immutable (cannot overwrite existing artifact names)
• Different artifact retention behavior
• Changes to how artifacts are downloaded with download-artifact

Potential Issue: The workflows use matrix strategies that create artifacts with the same naming pattern:

• .github/workflows/pytest-darwin.yaml:119 - name: "coverage-${{ matrix.python-version }}-${{ matrix.senzingsdk-version }}"
• .github/workflows/pytest-linux.yaml:138 - name: "coverage-${{ matrix.python-version }}-${{ matrix.senzingsdk-version }}"
• .github/workflows/pytest-windows.yaml:88 - name: "coverage-${{ matrix.python-version }}-${{ matrix.senzingsdk-version }}"

These should be unique across jobs, which they appear to be due to matrix values being different. ✅

✅ Project memory configuration - No .claude/CLAUDE.md file found in the repository, so this check is N/A.

---

Testing

⚠️ Testing Considerations - This is an infrastructure change. The PR should be tested by:

1. Verifying workflows execute successfully
2. Confirming artifacts are uploaded correctly
3. Ensuring artifact download (if applicable) works with the new version

The actual testing happens at the CI/CD level when workflows run.

---

Documentation

❌ CHANGELOG.md not updated - Based on the diff, there's no update to CHANGELOG.md documenting this dependency upgrade. While this is a minor infrastructure change, dependency updates should typically be documented.

✅ README update - N/A, no user-facing changes requiring README updates.

✅ API docs - N/A, no API changes.

✅ Inline comments - N/A, workflow YAML files are self-documenting.

✅ Markdown formatting - N/A, no markdown files modified.

---

Security

✅ No hardcoded credentials - No credentials present in changes.

✅ Input validation - N/A for this change.

✅ Proper error handling - GitHub Actions handles errors at the workflow level.

✅ No sensitive data in logs - No changes affect logging behavior.

✅ No license files - No .lic files or AQAAAD strings in the diff.

---

Overall Assessment

Verdict: ✅ Approved with minor suggestions

Strengths:

• Consistent update across all workflow files
• Keeps dependencies up to date
• No security concerns

Recommendations:

1. Document the change: Add an entry to CHANGELOG.md:

   ### Changed
   - Updated GitHub Actions upload-artifact from v5 to v6 in CI/CD workflows

2. Verify compatibility: Ensure any corresponding actions/download-artifact actions in the repository (if they exist) are also updated to v6, as v6 upload/download must be used together.

3. Test thoroughly: Since v6 has breaking changes, ensure all workflows run successfully after this merge, particularly around artifact uploads and any subsequent downloads.

---

Automated code review analyzing defects and coding standards

[github-actions]

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
src/senzing_core
_helpers.py
Project Total

This report was generated by python-coverage-comment-action

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Executive Summary

This PR updates the GitHub Actions actions/upload-artifact from v5 to v6 across multiple workflow files. This is a straightforward dependency update with no code changes.

---

Detailed Checklist Review

Code Quality

✅ Code follows style guide

• No code style issues - this PR only modifies YAML configuration files
• YAML formatting is consistent across all files

✅ No commented-out code

• No commented-out code present

✅ Meaningful variable names

• N/A - no new variables introduced

✅ DRY principle followed

• N/A - this is a dependency version update

✅ No defects identified

• The changes are consistent and correct
• All instances of actions/upload-artifact@v5 have been updated to @v6
• No logic errors, edge cases, or security vulnerabilities introduced
• The artifact names and paths remain unchanged, ensuring compatibility

⚠️ Project memory check

• No .claude/CLAUDE.md file found in the repository to consider

Testing

⚠️ Unit tests for new functions

• N/A - No new functions added

⚠️ Integration tests for new endpoints

• N/A - No new endpoints added

⚠️ Edge cases covered

• N/A - No new logic to test

❌ Test coverage > 80%

• Cannot verify from diff alone, but this change should not impact test coverage
• The workflow changes themselves are tested implicitly when they run

Note: While tests aren't directly applicable to this workflow update, the updated workflows will be validated when they execute on CI/CD.

Documentation

❌ Readme updated if needed

• .github/workflows/build-distribution.yaml:46
• .github/workflows/publish-to-pypi.yaml:44
• .github/workflows/pytest-darwin.yaml:117
• .github/workflows/pytest-linux.yaml:136
• .github/workflows/pytest-windows.yaml:86

Feedback: No README or documentation updates found. While updating a GitHub Action version may not always require documentation, consider whether your project documents:

• CI/CD workflow dependencies
• Breaking changes in actions/upload-artifact@v6 (if any)

Typical breaking changes in v6 might include artifact upload/download behavior changes that could affect users or contributors.

❌ API docs updated

• N/A - No API changes

❌ Inline comments for complex logic

• N/A - No complex logic added

❌ CHANGELOG.md updated

• No CHANGELOG.md update detected in this diff

Feedback: This change should be documented in CHANGELOG.md as it affects the build infrastructure. Example entry:

### Changed
- Updated actions/upload-artifact from v5 to v6 in GitHub Actions workflows

✅ Markdown formatting

• No markdown files modified in this PR

Security

✅ No hardcoded credentials

• No credentials present

✅ Input validation implemented

• N/A - No new inputs

✅ Proper error handling

• N/A - No new error handling needed

✅ No sensitive data in logs

• No sensitive data exposure

✅ No license files checked in

• No .lic files or AQAAAD strings in the diff

---

Summary

Overall Assessment: ✅ APPROVED with minor recommendations

Strengths

• Consistent update across all workflow files
• No breaking changes to artifact names or paths
• Clean, focused change

Required Actions

None (blocking issues)

Recommended Actions

1. Add CHANGELOG.md entry documenting the dependency update
2. Verify compatibility: Ensure actions/upload-artifact@v6 doesn't introduce breaking changes affecting your workflows (check the official migration guide)
3. Consider documentation: If your project documents CI/CD dependencies, update accordingly

Files Modified

• .github/workflows/build-distribution.yaml:46
• .github/workflows/publish-to-pypi.yaml:44
• .github/workflows/pytest-darwin.yaml:117
• .github/workflows/pytest-linux.yaml:136
• .github/workflows/pytest-windows.yaml:86

Risk Level: Low - This is a standard dependency update with minimal risk.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Let me analyze this pull request against the provided checklist.

Overview

This PR updates GitHub Actions workflow files to use actions/upload-artifact@v6 (from v5) and updates a documentation URL. These are maintenance updates for dependency versions and documentation links.

---

Code Quality

✅ Code follows style guide

The changes are to YAML workflow files and a Markdown document. The YAML formatting is consistent with existing style (proper indentation, spacing). No code style violations detected.

✅ No commented-out code

No commented-out code found in the diff.

✅ Meaningful variable names

No variable naming changes in this PR. N/A

✅ DRY principle followed

The change consistently updates all instances of upload-artifact@v5 to v6 across all workflow files. This is good DRY practice - the same pattern is applied everywhere it occurs.

✅ Identify Defects

No bugs, logic errors, or security vulnerabilities detected. The changes are:

1. Dependency updates: Upgrading GitHub Actions from v5→v6 is a standard maintenance task
2. URL update: The documentation link change appears intentional (beta docs → release docs)

Note: I should verify the URL is valid:

• Old: https://senzing.com/docs/4_beta/4_0_breaking_changes/index.html
• New: https://www.senzing.com/docs/release/4/4_0_breaking_changes/

The new URL follows a cleaner structure (www subdomain, /release/ path instead of /4_beta/).

✅ Project memory configuration

No .claude/CLAUDE.md file exists in this repository based on git status, so this check is N/A.

---

Testing

⚠️ Unit tests for new functions

N/A - No new functions added. This is a workflow configuration update.

⚠️ Integration tests for new endpoints

N/A - No new endpoints.

⚠️ Edge cases covered

N/A - These are configuration changes.

⚠️ Test coverage > 80%

N/A - No code changes that would affect test coverage. The workflow changes themselves will be validated when they run in GitHub Actions.

Recommendation: After merging, verify that the updated workflows execute successfully with upload-artifact@v6.

---

Documentation

✅ Readme updated if needed

No README changes needed. This PR updates workflow files and migration documentation.

✅ API docs updated

N/A - No API changes.

✅ Inline comments for complex logic

N/A - Workflow YAML files don't require additional comments for these simple version bumps.

❌ CHANGELOG.md updated

File: CHANGELOG.md (expected location based on checklist)

Issue: The PR updates GitHub Actions dependencies and documentation URLs but doesn't update CHANGELOG.md. While these are minor maintenance changes, dependency updates should typically be logged.

Recommendation: Add an entry like:

### Changed
- Updated GitHub Actions `upload-artifact` from v5 to v6 in all workflows
- Updated breaking changes documentation URL to new release documentation path

✅ Markdown files follow CommonMark specification

File: Migration.md:525

The markdown changes are minimal (single URL update). The file appears to follow CommonMark spec - it's a simple table entry with a reference-style link. No extra whitespace issues detected in the diff.

---

Security

✅ No hardcoded credentials

No credentials found in the changes.

✅ Input validation implemented

N/A - These are workflow configuration changes with no input handling.

✅ Proper error handling

N/A - GitHub Actions handles errors for these standard actions.

✅ No sensitive data in logs

No sensitive data in the changes.

✅ No license files (.lic) or AQAAAD strings

No license files or suspicious license strings detected in the diff.

---

Summary

Overall Assessment: ✅ APPROVE with minor recommendation

Issues Found:

1. Minor: CHANGELOG.md not updated (consider adding entry for these maintenance changes)

Positive Aspects:

• ✅ Consistent updates across all workflow files
• ✅ No breaking changes introduced
• ✅ Documentation URL updated to production path
• ✅ No security concerns
• ✅ Follows existing code style

Recommendations:

1. Update CHANGELOG.md to document the workflow dependency bump and URL change
2. Verify after merge that all workflows execute successfully with upload-artifact@v6
3. Verify the new documentation URL is accessible and returns the correct content

Files Changed:

• .github/workflows/build-distribution.yaml:46
• .github/workflows/publish-to-pypi.yaml:44
• .github/workflows/pytest-darwin.yaml:117
• .github/workflows/pytest-linux.yaml:136
• .github/workflows/pytest-windows.yaml:86
• Migration.md:525

This is a clean maintenance PR that safely updates dependencies and documentation references.

Automated code review analyzing defects and coding standards