Downgrade the artifact upload/download actions to v3 since none of the
v4 versions seem to address the "Not a valid zip file" issue.
Modified the codesign job to additionally run on PRs, so that when
Renovate upgrades the upload/download artifacts, we can tell from the PR
if the ZIP file issue is fixed.
For more info, see:
- https://github.com/actions/download-artifact/issues/328
- https://github.com/docker/build-push-action/issues/1167
The Apple Signing step grabs an existing artifact, signs the binaries,
and then re-uploads the artifact, replacing the original one. The
upgrade to v4 of the `actions/upload-artifact` action broke this
behavior due to a breaking change documented in [the release notes][1]:
> Due to how Artifacts are created in this new version, it is no longer
> possible to upload to the same named Artifact multiple times. You must
> either split the uploads into multiple Artifacts with different names,
> or only upload once. Otherwise you will encounter an error.
The fix is to use the `overwrite: true` setting to force the old
behavior of replacing the previous (unsigned) artifact.
[1]: https://github.com/actions/upload-artifact/blob/main/README.md#breaking-changes
Due to [an issue][1] with the `actions/upload-artifact` action, when
binaries are uploaded they lose permission bits and `xattr` properties.
Composite actions `upload-tar` and `download-tar` have been added that
tarball the artifacts before uploading them to retain those properties.
[1]: https://github.com/actions/upload-artifact/issues/38
Robert Dailey
Robert Dailey