Don't attempt to un-zip non-zipped downloads#460
Merged
danwkennedy merged 17 commits intomainfrom Feb 23, 2026
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request adds a new skip-decompress input parameter to allow users to download artifacts without automatic extraction, addressing scenarios where non-zipped artifacts should be handled as-is. Additionally, it performs a comprehensive migration from CommonJS to ES modules (ESM) and updates dependencies to newer versions.
Changes:
- Added
skip-decompressinput parameter to control automatic artifact decompression - Migrated codebase from CommonJS to ES modules, including TypeScript configuration and test setup
- Updated dependencies including @actions/artifact (^6.1.0), @actions/core (^3.0.0), and various dev dependencies
Reviewed changes
Copilot reviewed 10 out of 15 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tsconfig.json | Updated TypeScript compiler to use ES2022 target and NodeNext module resolution for ESM support |
| tsconfig.eslint.json | Added separate TypeScript config for ESLint with proper file inclusions |
| src/download-artifact.ts | Added skipDecompress input handling and passed it to downloadArtifact calls; updated import to use .js extension for ESM |
| src/constants.ts | Added SkipDecompress constant to the Inputs enum |
| package.json | Marked as ESM module, updated dependencies to newer versions, modified test script for ESM compatibility |
| jest.config.ts | Converted to ESM export, added ESM configuration including ts-jest useESM option and module name mapping |
| eslint.config.mjs | Replaced legacy .eslintrc.json with flat config format supporting ESM |
| dist/package.json | Added package.json to dist directory marking it as an ES module |
| action.yml | Added skip-decompress input with documentation |
| tests/download.test.ts | Migrated tests to use ESM dynamic imports and added comprehensive test coverage for skip-decompress feature |
| .gitignore | Added .DS_Store to ignored files |
| .eslintrc.json | Removed legacy ESLint configuration file |
| .eslintignore | Removed legacy ESLint ignore file |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
scutuatua-crypto
approved these changes
Feb 19, 2026
yacaovsnc
approved these changes
Feb 23, 2026
mergify Bot
added a commit
to ArcadeData/arcadedb
that referenced
this pull request
Mar 3, 2026
… ci] Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0. Release notes *Sourced from [actions/download-artifact's releases](https://github.com/actions/download-artifact/releases).* > v8.0.0 > ------ > > v8 - What's new > --------------- > > ### Direct downloads > > To support direct uploads in `actions/upload-artifact`, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the `Content-Type` header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new `skip-decompress` parameter to `false`. > > ### Enforced checks (breaking) > > A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the `digest-mismatch` parameter. To be secure by default, we are now defaulting the behavior to `error` which will fail the workflow run. > > ### ESM > > To support new versions of the @actions/\* packages, we've upgraded the package to ESM. > > What's Changed > -------------- > > * Don't attempt to un-zip non-zipped downloads by [`@danwkennedy`](https://github.com/danwkennedy) in [actions/download-artifact#460](https://redirect.github.com/actions/download-artifact/pull/460) > * Add a setting to specify what to do on hash mismatch and default it to `error` by [`@danwkennedy`](https://github.com/danwkennedy) in [actions/download-artifact#461](https://redirect.github.com/actions/download-artifact/pull/461) > > **Full Changelog**: <actions/download-artifact@v7...v8.0.0> Commits * [`70fc10c`](actions/download-artifact@70fc10c) Merge pull request [#461](https://redirect.github.com/actions/download-artifact/issues/461) from actions/danwkennedy/digest-mismatch-behavior * [`f258da9`](actions/download-artifact@f258da9) Add change docs * [`ccc058e`](actions/download-artifact@ccc058e) Fix linting issues * [`bd7976b`](actions/download-artifact@bd7976b) Add a setting to specify what to do on hash mismatch and default it to `error` * [`ac21fcf`](actions/download-artifact@ac21fcf) Merge pull request [#460](https://redirect.github.com/actions/download-artifact/issues/460) from actions/danwkennedy/download-no-unzip * [`15999bf`](actions/download-artifact@15999bf) Add note about package bumps * [`974686e`](actions/download-artifact@974686e) Bump the version to `v8` and add release notes * [`fbe48b1`](actions/download-artifact@fbe48b1) Update test names to make it clearer what they do * [`96bf374`](actions/download-artifact@96bf374) One more test fix * [`b8c4819`](actions/download-artifact@b8c4819) Fix skip decompress test * Additional commits viewable in [compare view](actions/download-artifact@37930b1...70fc10c) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This was referenced Mar 31, 2026
This was referenced Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The toolkit has been updated to check the
content-typeheader and URL for zipped files and intelligently decompress them if it detects a zip. This adds support for that flow to the action.If a caller wants to download a compressed zip as-is, they can pass the new
skip-decompressboolean.Breaking changes:
@actions/artifact