Merge bd6ef4177a into b14cf4c926

.github/workflows/check-dist.yml

@@ -6,6 +6,9 @@
 # We need to make sure the checked-in `index.js` actually matches what we expect it to be.
 name: Check dist/
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:

.github/workflows/codeql-analysis.yml

@@ -1,5 +1,9 @@
 name: "Code scanning - action"
 
+permissions:
+  contents: read
+  security-events: write
+
 on:
   push:
     branches-ignore: "dependabot/**"

.github/workflows/licensed.yml

@@ -1,5 +1,8 @@
 name: Licensed
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
@@ -9,7 +12,7 @@ on:
       - main
 
 jobs:
-  test:
+  licenses:
     runs-on: ubuntu-latest
     name: Check licenses
     steps:

.github/workflows/test.yml

@@ -7,9 +7,12 @@ on:
     paths-ignore:
       - '**.md'
 
+permissions:
+  contents: read
+
 jobs:
-  build:
-    name: Build
+  test:
+    name: Build and Test
 
     strategy:
       matrix:
@@ -115,6 +118,29 @@ jobs:
         path: single/directory
         merge-multiple: true
 
+    - name: Request missing Artifact
+      id: request-missing-artifact
+      uses: ./
+      with:
+        name: nonexistent
+        warn-on-failure: true
+
+    - name: Check missing warning
+      env:
+        output: ${{ steps.request-missing-artifact.outputs.failure }}
+      if: ${{ !contains(env.output, 'Unable to download artifact(s):') }}
+      run: |
+        false
+      shell: bash
+
+    - name: Log missing warning
+      env:
+        output: ${{ steps.request-missing-artifact.outputs.failure }}
+        run_os: ${{ matrix.runs-on }}
+      run: |
+        echo "::notice title=This message is expected::[$run_os] $output"
+      shell: bash
+
     - name: Verify successful download
       run: |
         $fileA = "single/directory/file-A.txt"