No explicit artifact retention

Rule ID	artifact_retention
Category	reliability
Severity	low

Uploaded artifacts use the default 90-day retention. Set retention-days explicitly to control storage costs and data lifecycle.

Detection

static_analysis — Checks field presence or value in the workflow YAML.

Examples

Non-compliant:

jobs:
  build:
    steps:
      - uses: actions/upload-artifact@v4
        with:
          name: dist
          path: dist/

Compliant:

jobs:
  build:
    steps:
      - uses: actions/upload-artifact@v4
        with:
          name: dist
          path: dist/
          retention-days: 7

Fix: Add retention-days to every actions/upload-artifact step. Choose a value appropriate for the artifact’s purpose (e.g. 1 day for PR previews, 30 days for release assets).