actions/download-artifact cross-workflow download needs github-token in CI
By default download-artifact v4 only sees artifacts from the current run. To pull from a different workflow run (or repo), you must pass run-id and a github-token that has actions: read. Without them the download fails or finds nothing.
What this error means
A download targeting another run fails with "Unable to download artifact(s): Artifact not found" or a 403/permission error, because run-id and github-token were not provided.
Error: Unable to download artifact(s): Artifact not found for name: build-output
# (downloading from a different workflow run without run-id + github-token)Common causes
No run-id or token for a cross-run download
v4 scopes artifacts to a run; without run-id and a token granting actions: read, it cannot reach another run's artifacts.
The default GITHUB_TOKEN lacks actions:read scope
If the workflow restricts permissions, the token may not be allowed to read another run's artifacts (or another repo's).
How to fix it
Pass run-id and a scoped github-token
- Provide the source
run-idof the workflow that produced the artifact. - Pass a
github-tokenwithactions: read(andrepositoryfor cross-repo). - Re-run; the download now resolves the other run's artifact.
- uses: actions/download-artifact@v4
with:
name: build-output
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}Grant actions:read in workflow permissions
Ensure the job permissions include actions: read so the token can list and fetch artifacts from the referenced run.
permissions:
actions: read
contents: readHow to prevent it
- Supply
run-id+github-tokenfor any cross-run artifact download. - Grant
actions: readto the consuming job. - Use
repositoryfor cross-repo downloads.