ci(smoke): isolated upload-artifact@v7 smoke test (gates #149)

[axpnet]

Goal

Decide whether #149 (`actions/upload-artifact` v4 -> v7) is safe to merge into the main release pipeline.

CI green on #149 alone is not enough. v6 bumped runtime to Node 24, v7 switched to ESM. Three majors are skipped in one bump, and the actual upload at tag push time is not exercised on a regular push CI run.

What this PR does

Adds `.github/workflows/smoke-upload-artifact-v7.yml`, an isolated workflow that:

1. Generates a 1 MiB binary plus a text marker on each matrix runner
2. Uploads with `actions/upload-artifact@v7` and `if-no-files-found: error`
3. Downloads everything back in a verify job
4. Asserts presence and exact size of each artifact

Matrix runners covered:

• `ubuntu-22.04` (current pipeline OS for Linux release)
• `ubuntu-24.04` (target for the Snap rework tracked in ci(snap): Snap Store frozen at 3.6.10 - extract build to dedicated ubuntu-24.04 job #164)
• `windows-latest`
• `macos-latest`

Triggers: `pull_request` on the workflow file itself (so this PR runs it automatically) and `workflow_dispatch` for manual re-runs from the Actions UI.

Decision matrix

• All four matrix runners pass -> merge build(deps): bump actions/upload-artifact from 4 to 7 #149 with confidence, optionally keep this workflow in main as a regression guard for future `upload-artifact` major bumps
• One or more runners fail -> close build(deps): bump actions/upload-artifact from 4 to 7 #149, leave a comment with the failure mode, wait for upstream patch
• Pass on 22.04 only -> still merge build(deps): bump actions/upload-artifact from 4 to 7 #149 (current pipeline), but flag as warning for the ci(snap): Snap Store frozen at 3.6.10 - extract build to dedicated ubuntu-24.04 job #164 rework

Out of scope

• No change to the release pipeline itself
• No change to AeroFTP code
• No change to Dependabot config

Summary by CodeRabbit

• Tests
  • Added automated testing workflow to validate artifact upload and download functionality across multiple operating systems including Windows, macOS, and Linux variants.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow file for smoke-testing actions/upload-artifact@v7 is added. The workflow generates dummy artifacts on multiple OS platforms, uploads them using the new action version, then downloads and validates their contents to ensure correct functionality.

Changes

Artifact Upload v7 Smoke Test

Layer / File(s)	Summary
Workflow Triggers & Matrix .github/workflows/smoke-upload-artifact-v7.yml (lines 1–15)	Workflow activates on pull_request changes to this file and on workflow_dispatch; defines OS matrix spanning ubuntu-22.04, ubuntu-24.04, windows-latest, and macos-latest.
Upload Job .github/workflows/smoke-upload-artifact-v7.yml (lines 17–33)	Generates test payload (dummy.txt and 1 MiB binary.bin in out/ directory) and uploads using actions/upload-artifact@v7 with 1-day retention and strict error handling on missing files.
Verify Job .github/workflows/smoke-upload-artifact-v7.yml (lines 34–74)	Downloads all artifacts via actions/download-artifact@v4, iterates through per-OS artifact directories, validates presence of both files and exact binary size using platform-appropriate commands (stat/PowerShell), and fails the workflow if any artifact is invalid.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A workflow so neat, from old v4 we leap,
To v7's direct uploads, our test runs deep,
Across every OS, the artifacts fly,
Verify and validate—no files denied!
Our smoke test takes flight, a hop and a bound! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: adding an isolated smoke test workflow for upload-artifact@v7, directly referencing issue #149.
Linked Issues check	✅ Passed	The PR fully implements a smoke test workflow that validates actions/upload-artifact@v7 compatibility across multiple runners, directly supporting the decision gate for merging issue #149.
Out of Scope Changes check	✅ Passed	All changes are scoped to the new smoke test workflow file; no modifications to release pipeline, AeroFTP code, or other unrelated components.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/smoke-upload-artifact-v7

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/smoke-upload-artifact-v7.yml:
- Around line 47-74: The script currently iterates over existing
downloaded/smoke-* directories and may miss absent artifacts; add an explicit
presence check against the expected matrix artifacts before validating contents:
define an array (e.g., expected_runners) or expected count that lists the
expected downloaded/smoke-<name> directories, iterate that list and if any
expected directory does not exist set fail=1 and print "FAIL: missing artifact
<dir>"; only after confirming all expected directories exist proceed to the
per-artifact validation loop that uses the existing for d in downloaded/smoke-*
logic (or replace that loop to iterate the expected list directly) so missing
artifacts cannot be silently ignored.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: fbabab43-9720-4f53-b34b-3d296c4a2a2d

📥 Commits

Reviewing files that changed from the base of the PR and between d9f96c5 and a87e155.

📒 Files selected for processing (1)

• .github/workflows/smoke-upload-artifact-v7.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Assert all expected matrix artifacts exist before per-artifact validation.

The current verification only checks directories that happen to exist. It should fail explicitly when any expected runner artifact is missing, otherwise this smoke test can produce a false green for partial downloads/uploads.

Proposed patch

       - name: Verify each artifact
         shell: bash
         run: |
           set -euo pipefail
+          expected=(
+            "downloaded/smoke-ubuntu-22.04"
+            "downloaded/smoke-ubuntu-24.04"
+            "downloaded/smoke-windows-latest"
+            "downloaded/smoke-macos-latest"
+          )
           fail=0
-          for d in downloaded/smoke-*; do
+          for d in "${expected[@]}"; do
+            if [ ! -d "$d" ]; then
+              echo "FAIL: missing artifact directory $d"
+              fail=1
+              continue
+            fi
             echo "=== $d ==="
             ls -la "$d"
             if [ ! -f "$d/dummy.txt" ]; then
               echo "FAIL: dummy.txt missing in $d"
               fail=1

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	set -euo pipefail
	fail=0
	for d in downloaded/smoke-*; do
	echo "=== $d ==="
	ls -la "$d"
	if [ ! -f "$d/dummy.txt" ]; then
	echo "FAIL: dummy.txt missing in $d"
	fail=1
	continue
	fi
	if [ ! -f "$d/binary.bin" ]; then
	echo "FAIL: binary.bin missing in $d"
	fail=1
	continue
	fi
	size=$(stat -c%s "$d/binary.bin" 2>/dev/null || stat -f%z "$d/binary.bin")
	if [ "$size" != "1048576" ]; then
	echo "FAIL: binary.bin size is $size, expected 1048576"
	fail=1
	continue
	fi
	echo "PASS: $d"
	done
	if [ "$fail" -ne 0 ]; then
	echo "Smoke test FAILED"
	exit 1
	fi
	echo "Smoke test PASSED on all matrix runners"
	set -euo pipefail
	expected=(
	"downloaded/smoke-ubuntu-22.04"
	"downloaded/smoke-ubuntu-24.04"
	"downloaded/smoke-windows-latest"
	"downloaded/smoke-macos-latest"
	)
	fail=0
	for d in "${expected[@]}"; do
	if [ ! -d "$d" ]; then
	echo "FAIL: missing artifact directory $d"
	fail=1
	continue
	fi
	echo "=== $d ==="
	ls -la "$d"
	if [ ! -f "$d/dummy.txt" ]; then
	echo "FAIL: dummy.txt missing in $d"
	fail=1
	continue
	fi
	if [ ! -f "$d/binary.bin" ]; then
	echo "FAIL: binary.bin missing in $d"
	fail=1
	continue
	fi
	size=$(stat -c%s "$d/binary.bin" 2>/dev/null || stat -f%z "$d/binary.bin")
	if [ "$size" != "1048576" ]; then
	echo "FAIL: binary.bin size is $size, expected 1048576"
	fail=1
	continue
	fi
	echo "PASS: $d"
	done
	if [ "$fail" -ne 0 ]; then
	echo "Smoke test FAILED"
	exit 1
	fi
	echo "Smoke test PASSED on all matrix runners"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/smoke-upload-artifact-v7.yml around lines 47 - 74, The
script currently iterates over existing downloaded/smoke-* directories and may
miss absent artifacts; add an explicit presence check against the expected
matrix artifacts before validating contents: define an array (e.g.,
expected_runners) or expected count that lists the expected
downloaded/smoke-<name> directories, iterate that list and if any expected
directory does not exist set fail=1 and print "FAIL: missing artifact <dir>";
only after confirming all expected directories exist proceed to the per-artifact
validation loop that uses the existing for d in downloaded/smoke-* logic (or
replace that loop to iterate the expected list directly) so missing artifacts
cannot be silently ignored.