Ingest v0.5.2 of @actions/artifact (#100)

* npm install --update @actions/artifact

* Update .licenses file

* npm run release

.gitattributes

@@ -1 +1,2 @@
-* text=auto eol=lf
+* text=auto eol=lf
+.licenses/** -diff linguist-generated=true

.github/CODEOWNERS

@@ -0,0 +1 @@
+ * @actions/artifacts-actions

.github/workflows/codeql-analysis.yml

@@ -2,6 +2,8 @@ name: "Code scanning - action"
 
 on:
   push:
+    branches-ignore: "dependabot/**"
+  pull_request:
     paths-ignore:
       - '**.md'
   schedule:

.github/workflows/licensed.yml

@@ -0,0 +1,20 @@
+name: Licensed
+
+on:
+  push: {branches: main}
+  pull_request: {branches: main}
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Check licenses
+    steps:
+      - uses: actions/checkout@v2
+      - run: npm ci
+      - name: Install licensed
+        run: |
+          cd $RUNNER_TEMP
+          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
+          sudo tar -xzf licensed.tar.gz
+          sudo mv licensed /usr/local/bin/licensed
+      - run: licensed status

.github/workflows/test.yml

@@ -68,16 +68,24 @@ jobs:
         name: 'Artifact-A'
         path: some/new/path
 
+    # Test downloading an artifact using tilde expansion
+    - name: Download artifact A
+      uses: ./
+      with:
+        name: 'Artifact-A'
+        path: ~/some/path/with/a/tilde
+
     - name: Verify successful download
       run: |
-        $file = "some/new/path/file-A.txt"
-        if(!(Test-Path -path $file))
+        $file1 = "some/new/path/file-A.txt"
+        $file2 = "~/some/path/with/a/tilde/file-A.txt"
+        if(!(Test-Path -path $file1) -or !(Test-Path -path $file2))
         {
-            Write-Error "Expected file does not exist"
+            Write-Error "Expected files do not exist"
         }
-        if(!((Get-Content $file) -ceq "Lorem ipsum dolor sit amet"))
+        if(!((Get-Content $file1) -ceq "Lorem ipsum dolor sit amet") -or !((Get-Content $file2) -ceq "Lorem ipsum dolor sit amet"))
         {
-            Write-Error "File contents of downloaded artifact are incorrect"
+            Write-Error "File contents of downloaded artifacts are incorrect"
         }
       shell: pwsh
 

.licensed.yml

@@ -0,0 +1,15 @@
+sources:
+  npm: true
+
+allowed:
+  - apache-2.0
+  - bsd-2-clause
+  - bsd-3-clause
+  - isc
+  - mit
+  - cc0-1.0
+  - unlicense
+
+reviewed:
+  npm:
+  - fs.realpath

CONTRIBUTING.md

@@ -14,7 +14,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c
 ## Found a bug?
 
 - **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/actions/download-artifact/issues).
-- If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/actions/download-artifact/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or a **reproducable test case** demonstrating the expected behavior that is not occurring.
+- If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/actions/download-artifact/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or a **reproducible test case** demonstrating the expected behavior that is not occurring.
 - If possible, use the relevant bug report templates to create the issue.
 
 ## What should I know before submitting a pull request or issue
@@ -33,7 +33,7 @@ Artifact related issues will be tracked in this repository so please do not open
 7. Make sure your code passes linting: `npm run lint`
 8. Update `dist/index.js` using `npm run release`. This creates a single javascript file that is used as an entry-point for the action
 7. Push to your fork and [submit a pull request][pr]
-8. Pat your self on the back and wait for your pull request to be reviewed and merged.
+8. Pat yourself on the back and wait for your pull request to be reviewed and merged.
 
 Here are a few things you can do that will increase the likelihood of your pull request being accepted:
 
@@ -41,6 +41,10 @@ Here are a few things you can do that will increase the likelihood of your pull
 - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
 - Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
 
+## Licensed
+
+This repository uses a tool called [Licensed](https://github.com/github/licensed) to verify third party dependencies. You may need to locally install licensed and run `licensed cache` to update the dependency cache if you install or update a production dependency. If licensed cache is unable to determine the dependency, you may need to modify the cache file yourself to put the correct license. You should still verify the dependency, licensed is a tool to help, but is not a substitute for human review of dependencies.
+
 ## Resources
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)

README.md

@@ -46,6 +46,14 @@ steps:
   working-directory: path/to/artifact
 ```
 
+Basic tilde expansion is supported for the `path` input:
+```yaml
+  - uses: actions/download-artifact@v2
+    with:
+      name: my-artifact
+      path: ~/download/path
+```
+
 ## Compatibility between `v1` and `v2`
 
 When using `download-artifact@v1`, a directory denoted by the name of the artifact would be created if the `path` input was not provided. All of the contents would be downloaded to this directory.
@@ -55,7 +63,7 @@ When using `download-artifact@v1`, a directory denoted by the name of the artifa
           ... contents of my-artifact
 ```
 
-With `v2`, there is no longer an extra directory that is created if the `path` input is not provided. All the contents are downloaded to the current working directory.
+With `v2`, when an artifact is specified by the `name` input, there is no longer an extra directory that is created if the `path` input is not provided. All the contents are downloaded to the current working directory.
 ```
    current/working/directory/
       ... contents of my-artifact
@@ -127,10 +135,34 @@ steps:
 
 > Note: The `id` defined in the `download/artifact` step must match the `id` defined in the `echo` step (i.e `steps.[ID].outputs.download-path`)
 
+# Limitations
+
+### Permission Loss
+
+:exclamation: File permissions are not maintained during artifact upload :exclamation: For example, if you make a file executable using `chmod` and then upload that file, post-download the file is no longer guaranteed to be set as an executable.
+
+### Case Insensitive Uploads
+
+:exclamation: File uploads are case insensitive :exclamation: If you upload `A.txt` and `a.txt` with the same root path, only a single file will be saved and available during download.
+
+### Maintaining file permissions and case sensitive files
+
+If file permissions and case sensitivity are required, you can `tar` all of your files together before artifact upload. Post download, the `tar` file will maintain file permissions and case sensitivity.
+
+```yaml
+  - name: 'Tar files'
+    run: tar -cvf my_files.tar /path/to/my/directory
+
+  - name: 'Upload Artifact'
+    uses: actions/upload-artifact@v2
+    with:
+      name: my-artifact
+      path: my_files.tar    
+```
+
 # @actions/artifact package
 
-Internally the [@actions/artifact](https://github.com/actions/toolkit/tree/master/packages/artifact) NPM package is used to interact with artifacts. You can find additional documentation there along with all the source code related to artifact download.
-
+Internally the [@actions/artifact](https://github.com/actions/toolkit/tree/main/packages/artifact) NPM package is used to interact with artifacts. You can find additional documentation there along with all the source code related to artifact download.
 
 # License
 

package.json

@@ -27,15 +27,17 @@
     "url": "https://github.com/actions/download-artifact/issues"
   },
   "homepage": "https://github.com/actions/download-artifact#readme",
+  "dependencies": {
+    "@actions/artifact": "^0.5.2",
+    "@actions/core": "^1.2.6"
+  },
   "devDependencies": {
-    "@actions/artifact": "^0.3.1",
-    "@actions/core": "^1.2.4",
     "@types/node": "^12.12.6",
     "@typescript-eslint/parser": "^2.30.0",
     "@zeit/ncc": "^0.22.1",
     "concurrently": "^5.2.0",
     "eslint": "^7.4.0",
-    "eslint-plugin-github": "^3.4.1",
+    "eslint-plugin-github": "^4.1.1",
     "prettier": "^2.0.5",
     "typescript": "^3.8.3"
   }

src/download-artifact.ts

@@ -1,5 +1,6 @@
 import * as core from '@actions/core'
 import * as artifact from '@actions/artifact'
+import * as os from 'os'
 import {resolve} from 'path'
 import {Inputs, Outputs} from './constants'
 
@@ -8,6 +9,15 @@ async function run(): Promise<void> {
     const name = core.getInput(Inputs.Name, {required: false})
     const path = core.getInput(Inputs.Path, {required: false})
 
+    let resolvedPath
+    // resolve tilde expansions, path.replace only replaces the first occurrence of a pattern
+    if (path.startsWith(`~`)) {
+      resolvedPath = resolve(path.replace('~', os.homedir()))
+    } else {
+      resolvedPath = resolve(path)
+    }
+    core.debug(`Resolved path is ${resolvedPath}`)
+
     const artifactClient = artifact.create()
     if (!name) {
       // download all artifacts
@@ -15,7 +25,9 @@ async function run(): Promise<void> {
       core.info(
         'Creating an extra directory for each artifact that is being downloaded'
       )
-      const downloadResponse = await artifactClient.downloadAllArtifacts(path)
+      const downloadResponse = await artifactClient.downloadAllArtifacts(
+        resolvedPath
+      )
       core.info(`There were ${downloadResponse.length} artifacts downloaded`)
       for (const artifact of downloadResponse) {
         core.info(
@@ -30,7 +42,7 @@ async function run(): Promise<void> {
       }
       const downloadResponse = await artifactClient.downloadArtifact(
         name,
-        path,
+        resolvedPath,
         downloadOptions
       )
       core.info(
@@ -39,7 +51,7 @@ async function run(): Promise<void> {
     }
     // output the directory that the artifact(s) was/were downloaded to
     // if no path is provided, an empty string resolves to the current working directory
-    core.setOutput(Outputs.DownloadPath, resolve(path))
+    core.setOutput(Outputs.DownloadPath, resolvedPath)
     core.info('Artifact download has finished successfully')
   } catch (err) {
     core.setFailed(err.message)