Update actions/download-artifact action to v8 #12

Open

ochronus wants to merge 1 commit from renovate/actions-download-artifact-8.x into main

pull from: renovate/actions-download-artifact-8.x

merge into: ochronus:main

ochronus:main

ochronus:renovate/system.commandline-2.x

ochronus:renovate/microsoft.aspnetcore.mvc.testing-10.x

ochronus:renovate/microsoft.extensions.http.resilience-10.x

ochronus:renovate/fluentassertions-8.x

ochronus:renovate/serilog-4.x

ochronus:renovate/polly-8.x

ochronus:renovate/codecov-codecov-action-6.x

ochronus:renovate/actions-upload-artifact-7.x

ochronus:renovate/docker-setup-qemu-action-4.x

Conversation 0 Commits 1 Files changed 1 +1 -1

ochronus commented 2026-02-26 20:30:22 +01:00

Owner

Copy link

This PR contains the following updates:

Package	Type	Update	Change
actions/download-artifact	action	major	v7 → v8

---

Release Notes

actions/download-artifact (actions/download-artifact)

v8.0.1

Compare Source

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in #​471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in #​472

Full Changelog: https://github.com/actions/download-artifact/compare/v8...v8.0.1

v8.0.0

Compare Source

v8 - What's new

[!IMPORTANT]
actions/download-artifact@​v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT]
Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @​actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in #​460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in #​461

Full Changelog: https://github.com/actions/download-artifact/compare/v7...v8.0.0

v8

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/download-artifact](https://github.com/actions/download-artifact) | action | major | `v7` → `v8` | --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v8.0.1`](https://github.com/actions/download-artifact/releases/tag/v8.0.1) [Compare Source](https://github.com/actions/download-artifact/compare/v8...v8.0.1) #### What's Changed - Support for CJK characters in the artifact name by [@&#8203;danwkennedy](https://github.com/danwkennedy) in [#&#8203;471](https://github.com/actions/download-artifact/pull/471) - Add a regression test for artifact name + content-type mismatches by [@&#8203;danwkennedy](https://github.com/danwkennedy) in [#&#8203;472](https://github.com/actions/download-artifact/pull/472) **Full Changelog**: <https://github.com/actions/download-artifact/compare/v8...v8.0.1> ### [`v8.0.0`](https://github.com/actions/download-artifact/releases/tag/v8.0.0) [Compare Source](https://github.com/actions/download-artifact/compare/v8...v8) #### v8 - What's new > \[!IMPORTANT] > actions/download-artifact\@&#8203;v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes. > \[!IMPORTANT] > Hash mismatches will now error by default. Users can override this behavior with a setting change (see below). ##### Direct downloads To support direct uploads in `actions/upload-artifact`, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the `Content-Type` header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new `skip-decompress` parameter to `true`. ##### Enforced checks (breaking) A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the `digest-mismatch` parameter. To be secure by default, we are now defaulting the behavior to `error` which will fail the workflow run. ##### ESM To support new versions of the @&#8203;actions/\* packages, we've upgraded the package to ESM. #### What's Changed - Don't attempt to un-zip non-zipped downloads by [@&#8203;danwkennedy](https://github.com/danwkennedy) in [#&#8203;460](https://github.com/actions/download-artifact/pull/460) - Add a setting to specify what to do on hash mismatch and default it to `error` by [@&#8203;danwkennedy](https://github.com/danwkennedy) in [#&#8203;461](https://github.com/actions/download-artifact/pull/461) **Full Changelog**: <https://github.com/actions/download-artifact/compare/v7...v8.0.0> ### [`v8`](https://github.com/actions/download-artifact/compare/v7...v8) [Compare Source](https://github.com/actions/download-artifact/compare/v7.0.0...v8) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44MS44IiwidXBkYXRlZEluVmVyIjoiNDMuMTUwLjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

ochronus added 1 commit 2026-02-26 20:30:22 +01:00

chore(deps): update actions/download-artifact action to v8 06edff60a0

ochronus changed title from chore(deps): update actions/download-artifact action to v8 to Update actions/download-artifact action to v8 2026-04-28 19:51:51 +02:00

Commenting is not possible because the repository is archived.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ochronus/csharparr!12

No description provided.