Skip to content

Investigate CI failure: SCA job 400 error after download-artifact v7 upgrade #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 1 commit into from
Closed

Investigate CI failure: SCA job 400 error after download-artifact v7 upgrade #93

Copilot wants to merge 1 commit into from

Conversation

Copy link

Copilot AI commented Dec 15, 2025
edited
Loading

The SCA job fails with fatal: unable to access 'https://github.com/PossibleLlama/commit-check/': The requested URL returned error: 400 after bumping actions/download-artifact from v6 to v7.

Root Cause

actions/download-artifact@v7 introduced breaking changes in artifact access patterns:

  • v7 only downloads artifacts from the current workflow run by default
  • v6 allowed cross-workflow artifact downloads with simpler configuration
  • The 400 error indicates permission/authentication issues when the SCA job attempts to access artifacts

Analysis

The SCA workflow in .github/workflows/golang-security.yaml likely depends on artifacts from previous jobs or runs. The v7 upgrade broke this dependency chain without corresponding configuration updates.

Recommended Fixes

  1. Current workflow artifacts: Remove the name parameter to download all artifacts from the current run
  2. Cross-workflow artifacts: Add github-token and run-id parameters to v7 configuration
  3. Temporary workaround: Pin SCA workflow to actions/download-artifact@v6 until proper v7 migration is implemented

The workflow configuration needs updating to match v7's stricter artifact access model.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Dec 15, 2025
Merged
Copilot AI changed the title [WIP] Update gha-deps group with 5 updates Investigate CI failure: SCA job 400 error after download-artifact v7 upgrade Dec 15, 2025
Copilot AI requested a review from PossibleLlama December 15, 2025 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PossibleLlama PossibleLlama Awaiting requested review from PossibleLlama

Assignees

@PossibleLlama PossibleLlama

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PossibleLlama