Build artifacts not reused

Rule ID	artifact_reuse
Category	energy
Severity	medium

Dependent jobs rebuild artifacts already produced by upstream jobs instead of downloading them via actions/download-artifact.

Detection

heuristic — Structural comparison across multiple jobs or steps.

Examples

Non-compliant:

jobs:
  build:
    steps:
      - uses: actions/upload-artifact@v4
        with: {name: dist, path: dist/}
  deploy:
    needs: build
    steps:
      - run: ./deploy.sh

Compliant:

jobs:
  build:
    steps:
      - uses: actions/upload-artifact@v4
        with: {name: dist, path: dist/}
  deploy:
    needs: build
    steps:
      - uses: actions/download-artifact@v4
        with: {name: dist}
      - run: ./deploy.sh

Fix: Add an actions/download-artifact step in the dependent job to consume the artifact produced by the upstream job.