chore(deps): bump actions/upload-artifact from 6 to 7

[dependabot]

Bumps actions/upload-artifact from 6 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[fingertips18]

@coderabbitai Are there any breaking changes in this dependency update? Is it safe to merge?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

@fingertips18: Let me check how actions/upload-artifact is currently being used in your repository to determine if there are any breaking changes.

---

🏁 Script executed:

#!/bin/bash
# Find all workflow files
fd -e yml -e yaml . .github/workflows

# Search for upload-artifact usage in workflow files
rg -n "upload-artifact" .github/workflows/ -A 5 -B 2

Length of output: 711

---

Let me check if there are any documented breaking changes for v7:

---

🌐 Web query:

actions/upload-artifact v7 breaking changes migration guide

💡 Result:

actions/upload-artifact@v7 breaking changes / migration notes

1) New “direct (non-zipped) upload” mode has different semantics

v7 adds an archive input. Default is true (backwards compatible: still uploads a zipped artifact). If you set archive: false:

• Only a single file is allowed (the action fails if your path glob resolves to multiple files).
• The name: input is ignored; the artifact name becomes the uploaded file’s name.
• To download “unzipped” artifacts in workflows, you’ll need to upgrade to actions/download-artifact@v8. [1][2][3]

Example:

- uses: actions/upload-artifact@v7
  with:
    path: dist/app.zip        # must resolve to exactly ONE file
    archive: false            # upload as-is (not zipped by the action)
    # name: ignored in this mode

[1][2][3]

2) Internal packaging change (relevant if you consume the action as code)

v7 upgrades the project to ESM to support newer @actions/* packages. This typically doesn’t affect normal uses: actions/upload-artifact@v7 workflow consumers, but can matter if you import/execute the code directly in custom tooling. [1]

---

Sources: v7.0.0 release notes [1], GitHub Changelog announcement (non-zipped artifacts + archive: false, requires download-artifact v8) [2], v7 action.yml (documents archive behavior, single-file limitation, and name handling) [3].

---

@fingertips18: Good news! This update is safe to merge. ✅

Based on my analysis:

Current Usage

Your repository uses actions/upload-artifact in .github/workflows/frontend-pr-checks.yaml to upload a directory (apps/frontend/dist) with the name dist-artifact.

v7 Changes

1. New archive parameter - defaults to true (backwards compatible)

   • When set to false, it enables direct (non-zipped) uploads but only supports single files
   • Your workflow doesn't use this new parameter, so it defaults to the old behavior

2. ESM upgrade - internal change that doesn't affect workflow consumers

Impact on Your Repository

No breaking changes affect your current usage:

• The workflow will continue to work exactly as it did with v6
• The new features are opt-in via the archive: false parameter
• Since you're not specifying archive, it maintains the default v6 behavior (zipped uploads)

You can safely merge this PR! 🚀