No explicit artifact retention
==============================

.. list-table::
   :stub-columns: 1
   :widths: 20 80

   * - Rule ID
     - ``artifact_retention``
   * - Category
     - reliability
   * - Severity
     - low

Uploaded artifacts use the default 90-day retention. Set retention-days explicitly to control storage costs and data lifecycle.

Detection
---------

``static_analysis`` — Checks field presence or value in the workflow YAML.

Examples
--------

**Non-compliant:**

.. code-block:: yaml

   jobs:
     build:
       steps:
         - uses: actions/upload-artifact@v4
           with:
             name: dist
             path: dist/

**Compliant:**

.. code-block:: yaml

   jobs:
     build:
       steps:
         - uses: actions/upload-artifact@v4
           with:
             name: dist
             path: dist/
             retention-days: 7

**Fix**: Add retention-days to every actions/upload-artifact step. Choose a value appropriate for the artifact's purpose (e.g. 1 day for PR previews, 30 days for release assets).