Migrate actions/upload-artifact from v4 to v5

[Copilot]

Compiler was emitting warnings about being unable to resolve actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 dynamically, falling back to hardcoded v4 pin instead of the requested v4.4.0.

Changes

• action_pins.json: Updated actions/upload-artifact to v5 (SHA: 330a01c490aca151604b8cf639adc76d48f6c5d4)
• Workflow sources: Migrated 6 workflow files from @v4 / @50769540e7f4bd5e21e526ee35c689e35e0d6874 to @v5
• Test fixtures: Updated expected SHAs in test assertions to match v5
• Lock files: Recompiled all 68 workflows with updated action pins

Before:

uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0

After:

uses: actions/upload-artifact@v5

Compiled workflows now reference 330a01c490aca151604b8cf639adc76d48f6c5d4 consistently without resolution warnings.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v5.0.0
  • Triggering command: curl -s REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Investigate the warnings about upload-artifact not being resolved dynamically. There should not be warnings for these builtin custom actions.

• make sure all workflows use actions/upload-artifacts@v5, not v4

✓ .github/workflows/commit-changes-analyzer.md (197.0 KB)
⚠ Selected engine 'claude' does not support network firewalling; workflow specifies network restrictions (network.allowed). Network may not be sandboxed.
ℹ ✓ Repository githubnext/gh-aw has discussions enabled
✓ .github/workflows/copilot-agent-analysis.md (216.3 KB)
⚠ Unable to resolve actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 dynamically, using hardcoded pin for actions/upload-artifact@v4⚠ Unable to resolve actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 dynamically, using hardcoded pin for actions/upload-artifact@v4ℹ ✓ Repository githubnext/gh-aw has discussions enabled

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull Request Overview

This pull request updates the actions/upload-artifact action from v4 to v5 across the entire codebase. The update involves changing both the pinned SHA commit reference and the version tag in workflow files, test files, and documentation.

Key changes:

• Updated actions/upload-artifact from v4 (SHA: ea165f8d65b6e75b540449e92b4886f43607fa02) to v5 (SHA: 330a01c490aca151604b8cf639adc76d48f6c5d4)
• Updated action pins configuration file with new version metadata
• Updated test assertions to expect the new SHA reference
• Added schedule trigger to one workflow that previously had none

Reviewed Changes

Copilot reviewed 80 out of 80 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pkg/workflow/data/action_pins.json	Updated upload-artifact version from v4 to v5 with new SHA
pkg/workflow/*_test.go	Updated test expectations to match new v5 SHA reference
.github/workflows/*.lock.yml	Updated compiled workflow files with new upload-artifact v5 SHA
.github/workflows/*.md	Updated source workflow files from pinned v4 SHA to v5 tag
docs/src/content/docs/status.mdx	Added missing schedule information for repo-tree-map workflow

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Agentic Changeset Generator triggered by this pull request.