ci(deps): Bump actions/upload-artifact from 4 to 7

.github/workflows/argus-phase-27-deep-analysis.yml

@@ -77,7 +77,7 @@ jobs:
           upload-reports: true
 
       - name: Upload Deep Analysis Report
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         if: always()
         with:
           name: phase-27-conservative-report
@@ -114,7 +114,7 @@ jobs:
           enable-remediation: true
 
       - name: Upload Full Analysis Report
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         if: always()
         with:
           name: phase-27-full-weekly-report-${{ github.run_number }}
@@ -169,7 +169,7 @@ jobs:
           upload-reports: true
 
       - name: Upload Manual Analysis Report
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         if: always()
         with:
           name: phase-27-manual-analysis-${{ github.run_number }}
@@ -215,7 +215,7 @@ jobs:
           cp -r .argus/reviews/* benchmarks/conservative/
 
       - name: Upload Benchmark Comparison
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: phase-27-benchmark-comparison-${{ github.run_number }}
           path: benchmarks/

.github/workflows/automated-audit.yml

@@ -104,7 +104,7 @@ jobs:
             security
 
       - name: Upload Audit Reports
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: audit-report-${{ matrix.repository }}
           path: target-repo/audit-reports/

.github/workflows/code-review.yml

@@ -299,7 +299,7 @@ jobs:
         echo "review_type=$REVIEW_TYPE" >> $GITHUB_OUTPUT
 
     - name: Upload Review Reports
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
       with:
         name: code-review-reports-${{ github.run_number }}
         path: .argus/reviews/

.github/workflows/dependency-review.yml

@@ -90,7 +90,7 @@ jobs:
 
       - name: Upload pip-audit results
         if: always()
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: pip-audit-results
           path: pip-audit.json

.github/workflows/health-check.yml

@@ -169,7 +169,7 @@ jobs:
 
       - name: Upload health check report
         if: always() && inputs.save-report
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: health-check-report-py${{ inputs.python-version }}
           path: health-report.json

.github/workflows/hotfix-ci.yml

@@ -167,7 +167,7 @@ jobs:
           echo "✅ Hotfix SBOM generated"
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: hotfix-artifacts
           path: |

.github/workflows/hybrid-security-scan.yml

@@ -186,7 +186,7 @@ jobs:
 
       - name: Upload Results as Artifacts
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: hybrid-security-results-${{ github.run_id }}
           path: .argus/hybrid-results/

.github/workflows/integration-tests.yml

@@ -107,7 +107,7 @@ jobs:
 
       - name: Upload test results
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: integration-test-results-${{ matrix.python-version }}
           path: |
@@ -205,7 +205,7 @@ jobs:
 
       - name: Upload regression test results
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: regression-test-results
           path: regression-test-results.xml

.github/workflows/post-deploy-scan.yml

@@ -93,7 +93,7 @@ jobs:
 
       - name: Upload results
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: post-deploy-scan-results
           path: |

.github/workflows/publish-container.yml

@@ -80,7 +80,7 @@ jobs:
           output-file: sbom.spdx.json
 
       - name: Upload SBOM artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: container-sbom
           path: sbom.spdx.json

.github/workflows/release-ci.yml

@@ -203,7 +203,7 @@ jobs:
           echo "✅ SBOM signed with keyless OIDC (verifiable via Rekor transparency log)"
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: release-artifacts
           path: |

.github/workflows/release-day60.yml

@@ -85,7 +85,7 @@ jobs:
           python3 scripts/argus gate --stage release --input findings_scored.json
 
       - name: Upload findings artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: security-findings
           path: findings_scored.json
@@ -122,7 +122,7 @@ jobs:
           echo "path=sbom-${VERSION}.json" >> $GITHUB_OUTPUT
 
       - name: Upload SBOM artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: sbom
           path: sbom-*.json
@@ -171,7 +171,7 @@ jobs:
             $SBOM_FILE
 
       - name: Upload signed artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: signed-release
           path: |
@@ -249,7 +249,7 @@ jobs:
           cat release-report-${VERSION}.md
 
       - name: Upload report
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: release-report
           path: release-report-*.md

.github/workflows/scorecard.yml

@@ -54,7 +54,7 @@ jobs:
 
     # Upload results as artifact for review
     - name: Upload Scorecard Results
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
       with:
         name: scorecard-results
         path: results.sarif

.github/workflows/security-regression.yml

@@ -68,7 +68,7 @@ jobs:
 
       - name: Upload test results
         if: always() && steps.check_tests.outputs.has_tests == 'true'
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: regression-test-results
           path: tests/security_regression/latest_results.json

.github/workflows/semgrep.yml

@@ -84,7 +84,7 @@ jobs:
     # Upload results as artifact
     - name: Upload Semgrep Results
       if: always()
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
       with:
         name: semgrep-results
         path: semgrep-results.sarif

.github/workflows/smoke-test.yml

@@ -224,7 +224,7 @@ jobs:
 
       - name: Upload Smoke Test Artifacts
         if: always()
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: smoke-test-reports-${{ matrix.mode }}-${{ matrix.provider }}
           path: test-repo/.argus/reviews/

.github/workflows/test.yml

@@ -66,7 +66,7 @@ jobs:
 
       - name: Upload coverage report
         if: matrix.python-version == '3.12' && always()
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: coverage-report
           path: htmlcov/

.github/workflows/tests.yml

@@ -55,7 +55,7 @@ jobs:
 
       - name: Upload coverage to artifacts
         if: matrix.python-version == '3.10'
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
         with:
           name: coverage-report
           path: htmlcov/

action.yml

@@ -851,15 +851,15 @@ runs:
     # Upload artifacts - pinned by SHA
     - name: Upload Review Reports (Fast Mode)
       if: ${{ inputs.upload-reports == 'true' && inputs.pipeline-mode == 'fast' }}
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
       with:
         name: code-review-reports-${{ github.run_id }}-${{ github.run_attempt }}
         path: ${{ inputs.project-path }}/.argus/reviews/
         retention-days: 30
 
     - name: Upload Pipeline Reports (Full Mode)
       if: ${{ inputs.upload-reports == 'true' && inputs.pipeline-mode == 'full' }}
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f  # v7.0.0
       with:
         name: full-pipeline-reports-${{ github.run_id }}-${{ github.run_attempt }}
         path: ${{ inputs.project-path }}/.argus/hybrid-results/