upload-plan-destination: github is using deprecated Artifact API scheduled for EOL on November 30, 2024

[minamijoyo]

I noticed the following deprecation warning when using upload-plan-destination: github.

Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "environments_dev_dir1", "environments_prod_dir2".
Please update your workflow to use v4 of the artifact actions.
Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

The minimum reproduction case is as follows:

name: Digger Workflow

on:
  pull_request:
    branches: [ main ]
    types: [ opened, synchronize ]
  issue_comment:
    types: [created]
  workflow_dispatch:

jobs:
  digger-job:
    runs-on: ubuntu-latest
    permissions:
      contents: write      # required to merge PRs
      actions: write       # required for plan persistence
      id-token: write      # required for workload-identity-federation
      pull-requests: write # required to post PR comments
      statuses: write      # required to validate combined PR status

    steps:
      - uses: diggerhq/digger@vLatest
        with:
          no-backend: true
          disable-locking: true
          upload-plan-destination: github
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

The current vLatest commit ID is b552ebd, but looking at action.yml it doesn't look like we are depending on actions/upload-artifact.
https://github.com/diggerhq/digger/blob/b552ebd7556eed0a297af16f44042177c6b755ba/action.yml

Curious, I read the source and found that the current implementation is calling Artifact's API directly.

digger/libs/storage/plan_storage.go

Line 32 in b552ebd

artifactBase := fmt.Sprintf("%s_apis/pipelines/workflows/%s/artifacts?api-version=6.0-preview", actionsRuntimeURL, githubRunID)

api-version=6.0-preview looked suspicious, so I went to read the actions/upload-artifact implementation and found that actions/upload-artifact@v4 uses npm's @actions/artifact v2.
actions/upload-artifact@0f57369

At a quick glance @actions/artifact v2 endpoints appear to be completely different from @actions/artifact v1.
https://github.com/actions/toolkit/blob/%40actions/artifact%401.1.1/packages/artifact/src/internal/utils.ts#L222
https://github.com/actions/toolkit/blob/%40actions/artifact%402.0.1/packages/artifact/src/internal/shared/artifact-twirp-client.ts#L57

As I understand it, even if we are not using actions/upload-artifact directly, this old Artifact API will also be likely to unavailable after November 30, 2024, so it looks like something needs to be done before EOL.
https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

[motatoes]

Hey @minamijoyo thanks for this investigation! You are right about your analysis. Since we want to upload multiple artefacts with digger step directly we could not use the upload-artefact official step (actually we tried to use this in earlier version by saving to folder and group uploading but it didn't work very well). So we have reversed the steps and converted into golang requests

So yes, we need to perform the same reversing again unless GH have started allowing invoking the upload via some official api