fix: use unique artifact names to avoid collisions in matrix builds

[thomhurst]

Summary

• Appends a short job backend ID suffix (first 8 chars of workflowJobRunBackendId) to the HTML report artifact name, ensuring each matrix job uploads a distinct artifact
• Tracks the accepted artifact name from CreateArtifact and uses it in FinalizeArtifact, fixing a bug where a conflict-deduped name (e.g. -2) was not carried forward to finalization

Test plan

• Verify artifact uploads succeed in a matrix pipeline without "CreateArtifact failed" warnings
• Confirm artifacts appear with unique names (e.g. MyProject-linux-net10.0-report-a1b2c3d4.html)
• Confirm FinalizeArtifact uses the correct name when a 409 conflict triggers a name change

[claude]

Code Review

This PR fixes two real issues with the GitHub artifact uploader:

1. Matrix collision fix — appending the first 8 chars of workflowJobRunBackendId to the artifact name ensures each matrix job produces a unique name upfront, rather than relying solely on the 409 conflict retry loop.
2. FinalizeArtifact name sync bug — correctly tracks acceptedArtifactName within the loop and uses it for finalization, instead of always passing the original fileName (which could differ if a conflict-deduplicated name like -2 was used).

Both fixes are clean and well-reasoned. The logic is correct and the invariant around acceptedArtifactName! is properly upheld: the signedUploadUrl is null guard on line 80 ensures we never reach the finalize step unless acceptedArtifactName was set in the same branch.

Minor nit

BuildUniqueArtifactName uses Substring, but per the project's LangVersion: preview convention, the range/slice syntax is preferred:

// Current
var shortId = jobRunBackendId.Length > 8
    ? jobRunBackendId.Substring(0, 8)
    : jobRunBackendId;

// Preferred (modern C#)
var shortId = jobRunBackendId.Length > 8
    ? jobRunBackendId[..8]
    : jobRunBackendId;

Observation on the conflict retry loop

Now that baseFileName is already unique per job (via the backend ID suffix), the 3-attempt name-conflict loop will almost never trigger in practice. It's harmless to keep as a safety net, but if you wanted to simplify, you could remove or reduce it without meaningful risk. That's a judgement call, not a blocker.

Overall: solid fix, the two-issue solution is well-scoped and the code reads clearly.

[claude]

Updated Code Review

The previous review nit about using Substring vs slice syntax has been addressed — GetShortJobId now correctly uses jobRunBackendId[..8]. Good.

Remaining Concern: Unnecessary 409s in Matrix Builds

The naming strategy still uses the raw fileName for the first attempt (nameAttempt == 0):

var artifactName = nameAttempt switch
{
    0 => fileName,                          // base name — will collide in matrix!
    1 => $"{nameWithoutExt}-{GetShortJobId(workflowJobRunBackendId)}{ext}",
    _ => $"{nameWithoutExt}-{GetShortJobId(workflowJobRunBackendId)}-{nameAttempt}{ext}",
};

In a matrix build, every job will start by requesting the same base name, guaranteeing a 409 before falling back to the unique name. The fix is correct but opts into a predictable failure on every matrix run. The 409 round-trip is harmless but wasteful.

Suggested alternative: include the job ID from attempt 0, and keep the numeric fallback for the astronomically-unlikely case of an 8-char prefix collision:

var artifactName = nameAttempt switch
{
    0 => $"{nameWithoutExt}-{GetShortJobId(workflowJobRunBackendId)}{ext}",
    _ => $"{nameWithoutExt}-{GetShortJobId(workflowJobRunBackendId)}-{nameAttempt}{ext}",
};

This avoids the guaranteed first-attempt conflict in matrix builds while keeping the retry fallback.

Minor: Truncating to First 8 Chars May Not Be Unique Enough

GitHub Actions backend IDs are opaque strings, but if they share a common prefix (e.g., a timestamp or run-scoped prefix), taking [..8] could produce collisions between matrix jobs. Taking the last 8 chars or using a short hash (e.g., GetHashCode() mod hex) would be more robust:

private static string GetShortJobId(string jobRunBackendId) =>
    jobRunBackendId.Length > 8 ? jobRunBackendId[^8..] : jobRunBackendId;

Or even just drop the length guard since GitHub backend IDs are always long:

private static string GetShortJobId(string jobRunBackendId) =>
    jobRunBackendId[^Math.Min(8, jobRunBackendId.Length)..];

What's Good

• The FinalizeArtifact name sync bug is correctly fixed: acceptedArtifactName is set inside the success branch and used for finalization, with the null-forgiving operator ! being safe since signedUploadUrl is null returns early before finalization.
• The GetShortJobId helper is clean and now uses modern slice syntax.
• The switch expression is more readable than the ternary it replaced.

Overall this is a solid fix for a real bug. The concerns above are improvements rather than blockers.

[claude]

Follow-up Review

Both items raised in the previous review have been addressed:

Previous feedback - addressed:

• Substring → [..8] range syntax: fixed in commit 61a49303 ✅
• Conflict retry loop observation: addressed in 709df332 — the first attempt now uses the original fileName (no suffix), so non-matrix builds retain clean names, and the job ID suffix only kicks in on a real 409 conflict ✅

---

Current code assessment

The logic is now well-structured. One subtle point worth noting:

RetryAsync + 409 interaction: When the inner lambda returns null on a 409, RetryAsync treats this as a successful-but-null result and doesn't retry — the outer nameAttempt loop advances instead. This is the correct behaviour. If a transient 5xx causes RetryAsync to exhaust its retries and also return null, the outer loop would advance to attempt 1 (with the job ID suffix) even though no name collision occurred. This is a pre-existing quirk and not a regression from this PR — just worth being aware of.

acceptedArtifactName! null-forgiving operator: Safe. The control flow guarantees that acceptedArtifactName is set whenever signedUploadUrl is not null, and the if (signedUploadUrl is null) { return null; } guard ensures we only reach FinalizeArtifact when both are set.

Overall

The three commits clean up the original fix nicely. The naming strategy (clean name → job-ID suffix on conflict → job-ID+numeric suffix) is pragmatic and correct. No further changes needed.

[claude]

Updated Code Review

The previous review nit about using Substring vs slice syntax has been addressed — GetShortJobId now correctly uses jobRunBackendId[..8]. Good.

Remaining Concern: Unnecessary 409s in Matrix Builds

The naming strategy still uses the raw fileName for the first attempt (nameAttempt == 0):

var artifactName = nameAttempt switch
{
    0 => fileName,                          // base name — will collide in matrix!
    1 => $"{nameWithoutExt}-{GetShortJobId(workflowJobRunBackendId)}{ext}",
    _ => $"{nameWithoutExt}-{GetShortJobId(workflowJobRunBackendId)}-{nameAttempt}{ext}",
};

In a matrix build, every job will start by requesting the same base name, guaranteeing a 409 before falling back to the unique name. The fix is correct but opts into a predictable failure on every matrix run. The 409 round-trip is harmless but wasteful.

Suggested alternative: include the job ID from attempt 0, and keep the numeric fallback for the rare case of an 8-char prefix collision:

var artifactName = nameAttempt switch
{
    0 => $"{nameWithoutExt}-{GetShortJobId(workflowJobRunBackendId)}{ext}",
    _ => $"{nameWithoutExt}-{GetShortJobId(workflowJobRunBackendId)}-{nameAttempt}{ext}",
};

This avoids the guaranteed first-attempt conflict in matrix builds while keeping the retry fallback.

Minor: Truncating to First 8 Chars May Not Be Unique Enough

If GitHub Actions backend IDs share a common prefix (e.g., a timestamp or run-scoped prefix), taking [..8] could produce collisions between matrix jobs. Taking the last 8 chars would be more robust since suffixes tend to diverge more:

private static string GetShortJobId(string jobRunBackendId) =>
    jobRunBackendId.Length > 8 ? jobRunBackendId[^8..] : jobRunBackendId;

Not a blocker if the backend IDs are known to be random/opaque, but worth noting.

What Is Good

• FinalizeArtifact name sync bug is correctly fixed: acceptedArtifactName is set inside the success branch and used for finalization. The null-forgiving operator ! is safe here since the signedUploadUrl is null guard returns early before finalization is reached.
• GetShortJobId now uses modern C# slice syntax [..8] — the previous review's nit has been addressed.
• The switch expression is cleaner and more readable than the original ternary.

Overall: solid fix for a real bug. The concerns above are improvements, not blockers.