From 2a4704a763cf2638f20061ae35b3cc4a789623a0 Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Mon, 4 Nov 2024 20:33:27 -0800
Subject: [PATCH] Use more efficient workflow artifact replacement approach

The "Release" workflow (Go, Task, Crosscompile) template uses a GitHub Workflow to automatically generate releases of a
project. This is done for a range of host architectures, including macOS. The macOS builds are then put through a
notarization process in a dedicated workflow job.

The builds are transferred between jobs by GitHub Actions workflow artifacts. The "create-release-artifacts" job
produces macOS workflow artifacts containing non-notarized builds, which must then be replaced after the builds are
notarized by the "notarize-macos" job.

Previously, the approach chosen to accomplish this replacement was to use the community created
"geekyeggo/delete-artifact" action to delete each artifact after it had been downloaded by the "notarize-macos" job,
then replacing it by uploading the notarized version using the "actions/upload-artifact" action. It turns out that the
ability to overwrite workflows was recently added to the "actions/upload-artifact" action. This behavior is enabled by
setting the action's `overwrite` input to `true`. By using this feature, the dependence on the
"geekyeggo/delete-artifact" action can be avoided, making the workflow more simple, easier to maintain, and more secure.
---
 workflow-templates/release-go-crosscompile-task.yml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/workflow-templates/release-go-crosscompile-task.yml b/workflow-templates/release-go-crosscompile-task.yml
index aef018ec..975f0e09 100644
--- a/workflow-templates/release-go-crosscompile-task.yml
+++ b/workflow-templates/release-go-crosscompile-task.yml
@@ -120,11 +120,6 @@ jobs:
           name: ${{ env.ARTIFACT_PREFIX }}${{ matrix.build.artifact-suffix }}
           path: ${{ env.DIST_DIR }}
 
-      - name: Remove non-notarized artifact
-        uses: geekyeggo/delete-artifact@v5
-        with:
-          name: ${{ env.ARTIFACT_PREFIX }}${{ matrix.build.artifact-suffix }}
-
       - name: Import Code-Signing Certificates
         env:
           KEYCHAIN: "sign.keychain"
@@ -192,11 +187,12 @@ jobs:
           -C "${{ env.BUILD_FOLDER }}/" "${{ env.PROJECT_NAME }}" \
           -C ../../ LICENSE.txt
 
-      - name: Upload notarized artifact
+      - name: Replace artifact with notarized build
         uses: actions/upload-artifact@v4
         with:
           if-no-files-found: error
           name: ${{ env.ARTIFACT_PREFIX }}${{ matrix.build.artifact-suffix }}
+          overwrite: true
           path: ${{ env.DIST_DIR }}/${{ env.PACKAGE_FILENAME }}
 
   create-release: