chore(ci): Bump actions/upload-artifact from 4 to 7#4
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
ImPanick
pushed a commit
that referenced
this pull request
May 30, 2026
Final bootstrap sync on main before development moves to `dev`. - docs/IMPLEMENTATION-PLAN.md: turns master doc §16 into dependency-ordered, PR-sized work packages (WP-0 … WP-34). Marks the critical path to the v0.1 MVP (WP-0 fixtures → WP-1 safe I/O → WP-2 Profile → WP-3 Characters → WP-5 discovery → WP-12 LazyMax → WP-13 Home → WP-14 Apply → WP-15 MVP test), multi-agent parallelization windows, the per-WP governance loop, and the v1.0 "final product" exit criteria. Says exactly where to start. - Branch model: `dev` is the integration trunk (feature branches PR into dev); `main` is release/stable (dev → main at release points; tags trigger release.yml). Updated .agent/HANDOFF_PROTOCOL.md §1 (v1.1.0) and docs/CICD.md §4 (protect both branches). Documented the one-time bootstrap exception. - Cross-refs: README doc index + master doc §16 pointer; master doc → 1.3.1. Verified: governance-lint clean (101 files). No code changed. Agent: claude-code/2.1.149 Consulted: AGENTS.md, .agent/CONSTITUTION.md#I, .agent/HANDOFF_PROTOCOL.md#1,#4, .agent/AMENDMENT_PROCESS.md#4, .agent/AGENT_WORKFLOW.md, docs/IUUT-PROJECT-DOCUMENTATION.md#16,#24 Co-Authored-By: Claude <noreply@anthropic.com>
ImPanick
pushed a commit
that referenced
this pull request
May 30, 2026
First fixtures for the test suite (IMPLEMENTATION-PLAN WP-0): - profiles/profile-basic.json: happy-path shape (all 7 MetaRow keys incl Exotic_Uranium, 12 UnlockedFlags, Workshop_/Prospect_ talents, DataVersion 4). - profiles/profile-with-unknowns.json: forward-compat shape (unknown MetaRow, unknown talent, future DataVersion 5, unknown top-level object) for the CONSTITUTION VI round-trip test. Each has a provenance .md per TESTING_CONTRACT §3. UserID scrubbed to the sentinel; no real Steam IDs / names / paths (SECURITY_PROTOCOL §3). Removed the folder's .gitkeep now that it holds real files. Agent: claude-code/2.1.149 Consulted: AGENTS.md, .agent/CONSTITUTION.md#VI,#VII, .agent/SECURITY_PROTOCOL.md#3, .agent/TESTING_CONTRACT.md#3,#4, Icarus-Analysis.md#3 Co-Authored-By: Claude <noreply@anthropic.com>
ImPanick
pushed a commit
that referenced
this pull request
May 30, 2026
…on (WP-1) The two non-negotiable primitives every save mutator rests on (IMPLEMENTATION-PLAN WP-1): - Abstractions/: IClock + SystemClock, IGuidProvider + SystemGuidProvider — deterministic seams for time/GUIDs (CODE_STYLE §9). - Io/IcarusJson: shared JsonSerializerOptions (indented, relaxed escaping) + Serialize/Deserialize. Unknown members ride through via the models' [JsonExtensionData] (CONSTITUTION VI). - Io/BackupManager: <File>.iuut-backup-<yyyyMMdd-HHmmss> copies with -N collision disambiguation (CONSTITUTION III, master §7.6). - Io/SafeSaveWriter (+ SafeSaveResult): the mandatory backup -> write (UTF-8 no BOM) -> re-read -> validate -> restore-on-failure protocol (CONSTITUTION III). Written via new UTF8Encoding(false) — no BOM. Tests (xUnit + FluentAssertions, 11 total, all green): - IcarusJsonTests: round-trip, relaxed-& escaping, unknown-field preservation, null-deserialize throws. - BackupManagerTests: naming, same-second collision suffix, missing-file throws. - SafeSaveWriterTests: success+backup, no-BOM bytes, restore-on-validation- failure, new-file cleanup on failure. - TestDoubles: FixedClock + self-cleaning TempDir (no %LOCALAPPDATA% access, TESTING_CONTRACT §5). Removed the scaffold smoke test. CODE_STYLE §1 (v1.1.0): documented the new Abstractions/ and Io/ folders. Verified: dotnet build -c Release 0/0 (warnings-as-errors), dotnet test 11/11, dotnet format clean, governance-lint clean. Agent: claude-code/2.1.149 Consulted: AGENTS.md, .agent/CONSTITUTION.md#III,#VI, .agent/CODE_STYLE.md#1,#4,#5,#9, .agent/TESTING_CONTRACT.md#2,#5, .agent/DEFINITION_OF_DONE.md#5, Icarus-Analysis.md#10, docs/IUUT-PROJECT-DOCUMENTATION.md#7.6 Co-Authored-By: Claude <noreply@anthropic.com>
ImPanick
pushed a commit
that referenced
this pull request
May 30, 2026
First feature PR on the new dev/main model (HANDOFF_PROTOCOL §1) — wires the integration branch into the enforcement stack before domain code starts. - build.yml + governance-check.yml: trigger on `dev` as well as `main`, so PRs into dev are gated by Build & Test + Governance Check. Strengthens coverage (no weakening of any gate — SCOPE_GUARDRAILS §2.11). - dependabot.yml: target-branch `dev` for both nuget and github-actions, so version bumps land on the integration branch instead of main. - docs/CICD.md §4: note updated to reflect dev is now in the triggers and Dependabot targets dev (removed the prior to-do). No code or domain behavior touched. governance-lint clean (4 files). Agent: claude-code/2.1.149 Consulted: AGENTS.md, .agent/CONSTITUTION.md, .agent/HANDOFF_PROTOCOL.md#1,#4, .agent/SCOPE_GUARDRAILS.md#2, docs/CICD.md#4 Co-Authored-By: Claude <noreply@anthropic.com>
ImPanick
pushed a commit
that referenced
this pull request
May 30, 2026
Implements the trickiest container shape (IMPLEMENTATION-PLAN WP-3; field guide §4), built and validated against the live save this session. - Io/NestedStringifiedJson: reusable reader/writer for the "outer object with a single key whose value is an array of JSON-STRINGIFIED objects" pattern. Parse validates the key/array/string-element shape; Serialize emits each item as a stringified element. Reused by AssociatedProspects_Slot_N later (WP-26). - Models/CharacterModel: full record in game field order, incl. XP_Debt and the TimeLastPlayed field discovered in the live-save verification pass. Shares the WP-2 Talent + MetaResource models. Extension data preserves unknowns (VI). - Models/CosmeticModel: the corrected 13-field block (all integer indices + IsMale) — no hex/RGBA colour strings (per the §8.3/§4.3 corrections). - Parsers/CharactersParser + Serializers/CharactersSerializer: typed entry points keyed on "Characters.json". - .editorconfig: CA1707 exempted for src/IUUT.Core/Models/*.cs — the DTOs mirror game JSON keys verbatim, which contain underscores (XP_Debt, Customization_*). Fixture: fixtures/characters/characters-basic.json — fully synthetic, anonymized (Char1/2/3, blanked prospect/location), 3 characters with the corrected cosmetic block, TimeLastPlayed, and an unknown member on Char3. Generated and validated through the compiled parser/serializer before commit. Tests (13 new, 34 total, all green): - NestedStringifiedJsonTests: wrap/unwrap round-trip, elements-are-strings, missing-key / non-array / non-string-element throw. - CharactersParserTests: core-field read, empty roster, unknown character & cosmetic member preservation (inline containers built via Dictionary so no hand-escaping). - CharactersRoundTripTests (fixture): 3 characters, corrected cosmetic, field + unknown-member round-trip, and a snapshot of the nested-stringified container shape (DoD §3). Verified: dotnet build -c Release 0/0, dotnet test 34/34, dotnet format clean, governance-lint clean. Agent: claude-code/2.1.149 Consulted: AGENTS.md, .agent/CONSTITUTION.md#VI, .agent/CODE_STYLE.md#1,#5, .agent/TESTING_CONTRACT.md#2,#3,#5, .agent/DEFINITION_OF_DONE.md#3,#4, docs/IUUT-PROJECT-DOCUMENTATION.md#8.3, Icarus-Analysis.md#4 Co-Authored-By: Claude <noreply@anthropic.com>
ImPanick
pushed a commit
that referenced
this pull request
May 31, 2026
The save-safety gate every mutator and Lazy Max runs through (master doc §13).
Returns a structured ValidationResult (CODE_STYLE §4), not exceptions: errors
block a write (§13.1), warnings are surfaced for the user to confirm (§13.2).
- Validation/ValidationEngine (static, pure functions over the models):
- §13.1 errors: Profile.UserID == folder name; unique ChrSlot; no duplicate
talent RowName per character; prospect blob SHA-1 matches (via
ProspectBlobVerifier); unique DatabaseGUID (reusable for MetaInventory WP-23).
- §13.2 warnings: over-ranked talents (coarse, Rank > 4 — the game clamps on
load; precise per-row max arrives with the catalog WP-11/21), duplicate
MetaRow, negative currency, ChrSlot >= NextChrSlot, and game-running
(never an error — CONSTITUTION IX).
- Validation/ValidationResult (Issues, HasErrors, IsValid, Errors, Warnings,
Ok, FromIssues, Combine) + ValidationIssue + ValidationSeverity.
The post-write "JSON round-trips" hard check (§13.1) is enforced operationally by
SafeSaveWriter (re-parse after write); the engine covers the semantic rules a
re-parse can't catch.
Tests (16 new, 108 total, all green): every rule pass/fail (profile match/mismatch/
empty/dup-metarow/negative; characters unique/dup-slot/dup-talent/over-ranked/
slot-vs-next; prospect blob valid/bad via the synthetic blob factory; GUID
dup/unique; game running warns-not-errors) + ValidationResult.Combine.
Verified: dotnet build -c Release 0/0, dotnet test 108/108, dotnet format clean,
governance-lint clean.
Agent: claude-code/2.1.149
Consulted: AGENTS.md, .agent/CONSTITUTION.md#III,#IX, .agent/CODE_STYLE.md#1,#4, .agent/TESTING_CONTRACT.md#2, docs/IUUT-PROJECT-DOCUMENTATION.md#13.1,#13.2,#14
Co-Authored-By: Claude <noreply@anthropic.com>
Up to standards ✅🟢 Issues
|
14 tasks
ImPanick
pushed a commit
that referenced
this pull request
Jun 2, 2026
Re-applies the pending Dependabot version bumps as one governed commit, since the bot branches were based on a stale dev and carried no Agent/ Consulted trailers (failing governance-check). All changes verified locally on the fixed CI sequence: restore (Release) + build + test + `dotnet format --verify-no-changes` — 0 warnings, 0 errors, 312/312 tests passing. GitHub Actions: - actions/checkout v4 -> v6 (build, release, governance-check) - actions/setup-dotnet v4 -> v5 (build, release) - actions/upload-artifact v4 -> v7 (build) - actions/github-script v7 -> v9 (governance-check) NuGet: - Microsoft.Extensions.Hosting 8.0.0 -> 10.0.8 (IUUT.App) - Microsoft.Extensions.Logging 8.0.0 -> 10.0.8 (IUUT.App) - Microsoft.NET.Test.Sdk 17.10.0 -> 18.6.0 (tests) - xunit 2.9.0 -> 2.9.3 (tests) - xunit.runner.visualstudio 2.8.2 -> 3.1.5 (tests) - coverlet.collector 6.0.2 -> 10.0.1 (tests) Held back (not applied): - FluentAssertions 6.12.0 -> 8.10.0: v8 changed to a paid/commercial license model (free only for non-commercial/OSS). Per dependabot.yml's governance note and SCOPE_GUARDRAILS §2.6 (license review), this bump is left for explicit owner decision rather than taken silently. Supersedes PRs #1, #2, #3, #4, #5, #6 (closed as consolidated). PR #7 (CommunityToolkit.Mvvm 8.4.2) was already applied to dev. The stale agent/claude/wp-infra-ci-triggers branch is intentionally NOT merged — its CI intent is already in dev and merging it would revert ~37.8k lines. Agent: claude-code/2.1.149 Consulted: AGENTS.md, .agent/CONSTITUTION.md#VIII, .agent/SCOPE_GUARDRAILS.md#1,#2, .agent/SECURITY_PROTOCOL.md#8, .github/dependabot.yml, docs/CICD.md Co-Authored-By: Claude <noreply@anthropic.com> Handoff-State: ready-for-review Handoff-Notes: Done — bumps consolidated and verified green locally (312 tests). Next: push dev, close the superseded bot PRs, then open dev->main. Owner decisions pending: (1) add CODACY_PROJECT_TOKEN secret so coverage uploads; (2) whether to accept FluentAssertions 8's license to take that bump. Do not merge the wp-infra branch (stale, would delete the codebase).
Owner
|
Consolidated into |
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/github_actions/actions/upload-artifact-7
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/upload-artifact from 4 to 7.
Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
043fb46Merge pull request #797 from actions/yacaovsnc/update-dependency634250cInclude changes in typespec/ts-http-runtime 0.3.5e454baaReadme: bump all the example versions to v7 (#796)74fad66Update the readme with direct upload details (#795)bbbca2dSupport direct file uploads (#764)589182cUpgrade the module to ESM and bump dependencies (#762)47309c9Merge pull request #754 from actions/Link-/add-proxy-integration-tests02a8460Add proxy integration testb7c566aMerge pull request #745 from actions/upload-artifact-v6-releasee516bc8docs: correct description of Node.js 24 support in READMEDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)