Fix artifacts v4 backend upload problems

[ChristopherHX]

• Use base64.RawURLEncoding to avoid equal sign
  • using the nodejs package they seem to get lost
• Support uploads with unspecified length
• Support uploads with a single named blockid
  • without requiring a blockmap

[ChristopherHX]

Caused upload issues here: https://gitea.com/actions-oss/act-cli/issues/18 in the snapshot job.

I haven't found any docs how a query value like ?sig=AAAAAAAAA=&... can cause this to get only AAAAAAAAA back, which is obviously http 403.

RawURLEncoding omits the padding = symbols and fixed this, while I have no idea how to write a test for this specific thing.

In go tests + for the actual action I used for testing the = symbol has not been dropped while I read any logs of it. However using the package I tried this many times and all had a 403 reliable.

Defect code

      - name: Setup Node
        continue-on-error: true
        uses: actions/setup-node@v6
        with:
          node-version: 20
      - name: Install @actions/artifact@2.1.0
        continue-on-error: true
        run: npm install @actions/artifact@2.1.0
      - name: Upload All
        uses: actions/github-script@v8
        continue-on-error: true
        with:
          script: |
            // We do not use features depending on GITHUB_API_URL so we can hardcode it to avoid the GHES no support error
            process.env["GITHUB_SERVER_URL"] = "https://github.com";
            const {DefaultArtifactClient} = require('@actions/artifact');
            const aartifact = new DefaultArtifactClient();
            var artifacts = JSON.parse(process.env.ARTIFACTS);
            for(var artifact of artifacts) {
              if(artifact.type === "Binary") {
                const {id, size} = await aartifact.uploadArtifact(
                  // name of the artifact
                  `${artifact.name}-${artifact.target}`,
                  // files to include (supports absolute and relative paths)
                  [artifact.path],
                  process.cwd(),
                  {
                    // optional: how long to retain the artifact
                    // if unspecified, defaults to repository/org retention settings (the limit of this value)
                    retentionDays: 10
                  }
                );
                console.log(`Created artifact with id: ${id} (bytes: ${size}`);
              }
            }
        env:
          ARTIFACTS: ${{ steps.goreleaser.outputs.artifacts }}

[Copilot]

Pull request overview

Addresses GitHub Actions artifacts v4 upload compatibility issues (notably around URL signatures, unknown-length uploads, and single-block blockid uploads) so more client implementations (eg Node) can upload reliably.

Changes:

• Switch artifact v4 signed URL sig encoding/decoding to base64.RawURLEncoding (no = padding).
• Extend chunk handling to support unknown/unspecified lengths and single blockid uploads without requiring a blocklist.
• Expand integration coverage for these upload variations and adjust artifact v4 download test comments.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.

File	Description
tests/integration/api_actions_artifact_v4_test.go	Adds a table-driven upload test matrix covering blockid and “no length” scenarios; minor comment fix in download test.
routers/api/actions/artifactsv4.go	Updates signature encoding, block upload handling, blocklist reading, and finalize logic for v4 artifacts.
routers/api/actions/artifacts_chunks.go	Adjusts chunk save/append and chunk discovery logic to tolerate missing lengths and blocklist-less single-block uploads.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ChristopherHX]

Marked as draft, to allow appended uploads of multiple unsized chunks including chunks with blockid (https://learn.microsoft.com/en-us/rest/api/storageservices/put-block told me, this cannot happen for a client)

[wxiaoguang]

The legacy "length" handling is quite tricky and unclear, I think we can clarify it to 6b0fe79

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[imkuang]

Hello,

I just noticed this PR. Could it possibly be related to my issue? #36829

[ChristopherHX]

Yes potentially partially related

• v6 upload problem could be is related, but this is not tested by me yet (verified the npm package, EDIT verified action v6 works in smoke test)
  • Since you wrote v5 works without GHES check, this version is more similar to the version I used during initial implementation
• v7 is more this one: Feature non-zipped actions artifacts (action v7 / nodejs / npm v6.2.0) #36786 they added the mimetype to the json and the error in your log complains about the unknown field
  • This feature PR needs proper content-type delivery from blob storage to be ready for review, the azureblob backend lacks code to do this

[ChristopherHX]

@wxiaoguang Just noticed you used the new new(<scalar>) syntax, removing backport label.

[wxiaoguang]

new() can be removed.

Feel free to merge and/or backport. Either is fine to me.

[ChristopherHX]

Merging and (1.25 backport (both verified) now)