chore(ci): bump actions/upload-artifact from 4.6.2 to 7.0.1

[dependabot]

Bumps actions/upload-artifact from 4.6.2 to 7.0.1.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

... (truncated)

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Jerry-Xin]

Summary: This PR is relevant to the project and safely updates the pinned actions/upload-artifact version in the Docker publish workflow.

✅ Highlights

• Project relevance gate: passes. The change affects .github/workflows/docker-publish.yml, which is part of this repository’s release pipeline.
• .github/workflows/docker-publish.yml:207: The action remains pinned to an exact commit SHA, matching the repository’s existing supply-chain hardening pattern.
• .github/workflows/docker-publish.yml:209-212: Existing inputs (name, path, if-no-files-found, retention-days) remain valid for upload-artifact@v7.0.1.
• .github/workflows/docker-publish.yml:165-169: The upload runs on GitHub-hosted runners, so the new Node 24 runtime requirement for v7 should not block this workflow.
• .github/workflows/docker-publish.yml:222-227: The downstream download-artifact usage is still compatible with the uploaded digest artifacts.

No 🔴 Critical issues found. No test changes are required for this dependency-only workflow pin update; validation will come from the next Docker publish workflow run.

[lml2468]

[APPROVE — COMMENT due to self-review restriction] Independent cross-review.

Verified:

1. SHA pin integrity — 043fb46d1a93c77aae656e7c1c64a875d1fc6a0a matches actions/upload-artifact tag v7.0.1 exactly (lightweight tag, direct commit ref). ✅
2. Usage compatibility — The with parameters used (name, path, if-no-files-found, retention-days) are stable across v4→v7. The Artifacts v2 wire format is unchanged. ✅
3. Paired action — download-artifact at line 223 is still pinned to v4.3.0. PR #38 (bump download-artifact from 4.3.0 to 8.0.1) is already open to handle this. Both should merge for consistency, but v4 download is wire-compatible with v7 upload so merging this first is safe. ✅
4. CI — All checks green including welcome / welcome (PR #34 fix took effect). ✅

No blocking issues. Standard Dependabot version bump, SHA verified.

[lml2468]

[APPROVE — self-review, posting as COMMENT] Correct SHA-pinned bump.

✅ upload-artifact 4.6.2 → 7.0.1: SHA updated from ea165f8 → 043fb46, version comment updated.

⚠️ Coordination required with PR #38 (download-artifact 4→8): upload-artifact and download-artifact must use a compatible artifact storage backend. v4 upload/download share the same backend; v7 upload introduces direct-upload support. Recommend merging #36 and #38 together in the same batch, or verifying cross-version compatibility in the release notes before merging individually.

No other issues. Ready to merge alongside #38.