ci: use official download-artifact everywhere (#2165)

* Use official download-artifact everywhere

* Testing skipping separate download/upload

And tweak permissions

* Do the same for site extension deploy and checksums

* Remove unused workflow

.github/workflows/deploy_agent.yml

@@ -161,14 +161,13 @@ jobs:
           egress-policy: audit
 
       - name: Download Deploy Artifacts
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
+        uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          workflow: all_solutions.yml
-          run_id: ${{ needs.get-release-info.outputs.workflow_run_id }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ needs.get-release-info.outputs.workflow_run_id }}
           name: deploy-artifacts
           path: ${{ github.workspace }}
-          repo: ${{ github.repository }}
+          repository: ${{ github.repository }}
 
       - name: Upload Deploy Artifacts Locally
         uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0

.github/workflows/deploy_awslambda.yml

@@ -15,68 +15,41 @@ env:
   DOTNET_NOLOGO: true
 
 permissions:
+  actions: read
   contents: read
 
 jobs:
-
-  get-external-artifacts:
-    permissions:
-      actions: read  # for dawidd6/action-download-artifact to query and download artifacts
-      pull-requests: read  # for dawidd6/action-download-artifact to query commit hash
-    name: Get and Publish Deploy Artifacts Locally
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
-        with:
-          egress-policy: audit 
-
-      - name: Download Deploy Artifacts
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          workflow: awslambda_release.yml
-          run_id: ${{ github.event.inputs.run_id }}
-          name: deploy-artifacts
-          path: ${{ github.workspace }}
-          repo: ${{ github.repository }}
-
-      - name: Upload Deploy Artifacts Locally
-        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
-        with:
-          name: deploy-artifacts
-          path: ${{ github.workspace }}
-          if-no-files-found: error
-
-  deploy-nuget:
-    needs: get-external-artifacts
-    name: Deploy to NuGet
-    runs-on: windows-2019
-
-    env:
-      nuget_source: https://www.nuget.org
-
-    steps:
-      - name: Download Deploy Artifacts
-        uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
-        with:
-          name: deploy-artifacts
-          path: ${{ github.workspace }}\working_dir
-
-      - name: Setup NuGet API Key
-        run: |
-          nuget.exe setApiKey ${{ secrets.NUGET_APIKEY }} -Source ${{ env.nuget_source }}
-        shell: pwsh
-
-      - name: Deploy .NET New Relic Lambda Tracer to Nuget
-        run: |
-          $packageName = Get-ChildItem ${{ github.workspace }}\working_dir\NugetAwsLambdaOpenTracer\NewRelic.OpenTracing.AmazonLambda.Tracer.*.nupkg -Name
-          $packagePath = Convert-Path ${{ github.workspace }}\working_dir\NugetAwsLambdaOpenTracer\$packageName
-          if ("${{ github.event.inputs.deploy }}" -eq "true") {
-            nuget.exe push $packagePath -Source ${{ env.nuget_source }}
-          }
-          else {
-            Write-Host "Input:deploy was not true (${{ github.event.inputs.deploy }}).  The following deploy command was not run:"
-            Write-Host "nuget.exe push $packagePath -Source ${{ env.nuget_source }}"
-          }
-        shell: powershell
+    deploy-nuget:
+      name: Deploy to NuGet
+      runs-on: windows-2019
+
+      env:
+        nuget_source: https://www.nuget.org
+
+      steps:
+        - name: Download Deploy Artifacts
+          uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
+          with:
+            github-token: ${{ secrets.GITHUB_TOKEN }}
+            run-id: ${{ github.event.inputs.run_id }}
+            name: deploy-artifacts
+            path: ${{ github.workspace }}
+            repository: ${{ github.repository }}
+
+        - name: Setup NuGet API Key
+          run: |
+            nuget.exe setApiKey ${{ secrets.NUGET_APIKEY }} -Source ${{ env.nuget_source }}
+          shell: pwsh
+
+        - name: Deploy .NET New Relic Lambda Tracer to Nuget
+          run: |
+            $packageName = Get-ChildItem ${{ github.workspace }}\NugetAwsLambdaOpenTracer\NewRelic.OpenTracing.AmazonLambda.Tracer.*.nupkg -Name
+            $packagePath = Convert-Path ${{ github.workspace }}\NugetAwsLambdaOpenTracer\$packageName
+            if ("${{ github.event.inputs.deploy }}" -eq "true") {
+              nuget.exe push $packagePath -Source ${{ env.nuget_source }}
+            }
+            else {
+              Write-Host "Input:deploy was not true (${{ github.event.inputs.deploy }}).  The following deploy command was not run:"
+              Write-Host "nuget.exe push $packagePath -Source ${{ env.nuget_source }}"
+            }
+          shell: powershell

.github/workflows/deploy_siteextension.yml

@@ -15,41 +15,12 @@ env:
   DOTNET_NOLOGO: true
 
 permissions:
+  actions: read
   contents: read
 
 jobs:
 
-  get-external-artifacts:
-    permissions:
-      actions: read  # for dawidd6/action-download-artifact to query and download artifacts
-      pull-requests: read  # for dawidd6/action-download-artifact to query commit hash
-    name: Get and Publish Deploy Artifacts Locally
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
-        with:
-          egress-policy: audit 
-
-      - name: Download Deploy Artifacts
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          workflow: siteextension_release.yml
-          run_id: ${{ github.event.inputs.run_id }}
-          name: deploy-artifacts
-          path: ${{ github.workspace }}
-          repo: ${{ github.repository }}
-
-      - name: Upload Deploy Artifacts Locally
-        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
-        with:
-          name: deploy-artifacts
-          path: ${{ github.workspace }}
-          if-no-files-found: error
-
   deploy-nuget:
-    needs: get-external-artifacts
     name: Deploy to NuGet
     runs-on: windows-2019
 
@@ -60,8 +31,11 @@ jobs:
       - name: Download Deploy Artifacts
         uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
         with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.inputs.run_id }}
           name: deploy-artifacts
-          path: ${{ github.workspace }}\working_dir
+          path: ${{ github.workspace }}
+          repository: ${{ github.repository }}
 
       - name: Setup NuGet API Key
         run: |
@@ -70,8 +44,8 @@ jobs:
 
       - name: Deploy New Relic Azure Site Extension to Nuget
         run: |
-          $packageName = Get-ChildItem ${{ github.workspace }}\working_dir\AzureSiteExtension\NewRelic.Azure.WebSites.Extension.*.nupkg -Name
-          $packagePath = Convert-Path ${{ github.workspace }}\working_dir\AzureSiteExtension\$packageName
+          $packageName = Get-ChildItem ${{ github.workspace }}\AzureSiteExtension\NewRelic.Azure.WebSites.Extension.*.nupkg -Name
+          $packagePath = Convert-Path ${{ github.workspace }}\AzureSiteExtension\$packageName
           if ("${{ github.event.inputs.deploy }}" -eq "true") {
             nuget.exe push $packagePath -Source ${{ env.nuget_source }}
           }

.github/workflows/publish_release_notes.yml

@@ -46,14 +46,13 @@ jobs:
           fetch-depth: 0
 
       - name: Download Deploy Artifacts
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
+        uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          workflow: all_solutions.yml
-          run_id: ${{ github.event.inputs.run_id }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.inputs.run_id }}
           name: deploy-artifacts
           path: ${{ github.workspace }}/deploy-artifacts
-          repo: ${{ github.repository }}
+          repository: ${{ github.repository }}
 
       - name: Set Docs PR Branch Name
         run: |

.github/workflows/run_linux_container_tests.yml

@@ -63,14 +63,13 @@ jobs:
 
       - name: Download Agent Home Folders (Dispatch)
         if: ${{ !inputs.external_call }}
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
+        uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          workflow: all_solutions.yml
-          run_id: ${{ github.event.inputs.run_id }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.inputs.run_id }}
           name: homefolders
           path: ${{ github.workspace }}/src/Agent
-          repo: ${{ github.repository }}
+          repository: ${{ github.repository }}
 
       - name: Set up secrets
         env: