update download and upload action to v4 (#79)

Author: saisatishkarra

code-check-actions/lua-lint/action.yml

@@ -23,7 +23,7 @@ runs:
 
     - name: Upload results to workflow
       if: always()
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: luacheck_results.zip
         path: |

security-actions/scan-docker-image/README.md

@@ -195,7 +195,7 @@
             version: ${{ env.RELEASE_TAG }}
             publish: true
             commitish: ${{ github.sha }}
-        - uses: actions/download-artifact@v3
+        - uses: actions/download-artifact@v4
           with:
             path: ${{ github.workspace }}/sbom-artifacts
         - uses: AButler/upload-release-assets@v2.0
@@ -217,7 +217,7 @@
   ```
 
 - Using action to scan single platform docker image as a job within a workflow
-  - Uses *actions/upload-artifact@v3* and *actions/download-artifact@v3* to share docker archives across jobs
+  - Uses *actions/upload-artifact@v4* and *actions/download-artifact@v4* to share docker archives across jobs
   - On successful workflow completion, delete the Docker Archive workflow artifact at the end; otherwise retain for a 1 day at most
   - Better visualization using separate scan job in the pipeline
 
@@ -274,7 +274,7 @@
               tags: ${{ steps.meta.outputs.tags }}
               outputs: "type=docker,dest=${{ env.DOCKER_OCI_ARCHIVE }}.tar" # Supports only single platform images
           - name: Upload Docker OCI layout TAR Artifact
-          uses: actions/upload-artifact@v3
+          uses: actions/upload-artifact@v4
           with:
             name: ${{ env.DOCKER_OCI_ARCHIVE }}
             path: ${{ env.DOCKER_OCI_ARCHIVE }}.tar
@@ -294,7 +294,7 @@
             buildx-tags: ${{ needs.docker-build.outputs.buildx-tags }}
           steps:
             - name: Download OCI docker TAR artifact
-              uses: actions/download-artifact@v3
+              uses: actions/download-artifact@v4
               with:
                 name: ${{ env.DOCKER_OCI_ARCHIVE }}
                 path: ${{ github.workspace }}/${{ env.DOCKER_OCI_ARCHIVE }}
@@ -323,7 +323,7 @@
                   version: ${{ env.RELEASE_TAG }}
                   publish: true
                   commitish: ${{ github.sha }}
-              - uses: actions/download-artifact@v3
+              - uses: actions/download-artifact@v4
                 with:
                   path: ${{ github.workspace }}/sbom-artifacts
               - run: |
@@ -460,7 +460,7 @@
               version: ${{ env.RELEASE_TAG }}
               publish: true
               commitish: ${{ github.sha }}
-          - uses: actions/download-artifact@v3
+          - uses: actions/download-artifact@v4
             with:
               path: ${{ github.workspace }}/sbom-artifacts
           - run: |

security-actions/scan-rust/action.yml

@@ -76,7 +76,7 @@ runs:
 
     - name: Publish SARIF to github workflow artifact
       if: always()
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: ${{ steps.meta.outputs.grype_sarif_file }}
         path: |

security-actions/semgrep/action.yml

@@ -36,7 +36,7 @@ runs:
     # Upload grype cve reports
     - name: Upload Semgrep SARIF to Workflow
       if: always()
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: semgrep_sast.zip
         path: |

security-actions/sign-docker-image/action.yml

@@ -96,11 +96,12 @@ runs:
         done
 
      # Upload Cosign Artifacts (public cert and signatures)
+     # Uploaded artifact name must be unique across each workflow run / job
     - name: Upload Cosign Artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       if: ${{ inputs.local_save_cosign_assets == 'true' && inputs.cosign_output_prefix != '' }}
       with:
-        name: signed-image-assets
+        name: signed-image-assets-${{inputs.cosign_output_prefix}}
         path: |
           ${{inputs.cosign_output_prefix}}*.crt
           ${{inputs.cosign_output_prefix}}.sig*