From 094e2de7e83a2a5103f884bb62e598017c677020 Mon Sep 17 00:00:00 2001 From: per1234 Date: Mon, 14 Oct 2024 20:12:30 -0700 Subject: [PATCH] Migrate workflows from deprecated set-output commands GitHub Actions provides the capability for workflow authors to use the capabilities of the GitHub Actions ToolKit package directly in the `run` keys of workflows via "workflow commands". One such command is `set-output`, which allows data to be passed out of a workflow step as an output. It has been determined that this command has potential to be a security risk in some applications. For this reason, GitHub has deprecated the command and a warning of this is shown in the workflow run summary page of any workflow using it: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ The identical capability is now provided in a safer form via the GitHub Actions "environment files" system. Migrating the use of the deprecated workflow commands to use the `GITHUB_OUTPUT` environment file instead fixes any potential vulnerabilities in the workflows, resolves the warnings, and avoids the eventual complete breakage of the workflows that would result from GitHub's planned removal of the `set-output` workflow command 2023-05-31. --- .github/workflows/check-certificates.yml | 2 +- .github/workflows/check-code-generation-task.yml | 2 +- .github/workflows/check-go-dependencies-task.yml | 2 +- .github/workflows/check-go-task.yml | 2 +- .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml | 4 ++-- .github/workflows/publish-go-tester-task.yml | 4 ++-- .github/workflows/sync-labels.yml | 2 +- .github/workflows/test-go-task.yml | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/check-certificates.yml b/.github/workflows/check-certificates.yml index b92fbb147..f5f9bd9a1 100644 --- a/.github/workflows/check-certificates.yml +++ b/.github/workflows/check-certificates.yml @@ -109,7 +109,7 @@ jobs: echo "Certificate expiration date: $EXPIRATION_DATE" echo "Days remaining before expiration: $DAYS_BEFORE_EXPIRATION" - echo "::set-output name=days::$DAYS_BEFORE_EXPIRATION" + echo "days=$DAYS_BEFORE_EXPIRATION" >> $GITHUB_OUTPUT - name: Check if expiration notification period has been reached id: check-expiration diff --git a/.github/workflows/check-code-generation-task.yml b/.github/workflows/check-code-generation-task.yml index 11c024e38..8ef200c8c 100644 --- a/.github/workflows/check-code-generation-task.yml +++ b/.github/workflows/check-code-generation-task.yml @@ -46,7 +46,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT check: needs: run-determination diff --git a/.github/workflows/check-go-dependencies-task.yml b/.github/workflows/check-go-dependencies-task.yml index e27516c9e..598306d20 100644 --- a/.github/workflows/check-go-dependencies-task.yml +++ b/.github/workflows/check-go-dependencies-task.yml @@ -57,7 +57,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT check-cache: needs: run-determination diff --git a/.github/workflows/check-go-task.yml b/.github/workflows/check-go-task.yml index 14bb3b950..9c946dcc6 100644 --- a/.github/workflows/check-go-task.yml +++ b/.github/workflows/check-go-task.yml @@ -48,7 +48,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT check-errors: name: check-errors (${{ matrix.module.path }}) diff --git a/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml b/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml index fc03559f6..95a534aa5 100644 --- a/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml +++ b/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml @@ -46,7 +46,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT publish: runs-on: ubuntu-latest @@ -88,7 +88,7 @@ jobs: - name: Determine versioning parameters id: determine-versioning - run: echo "::set-output name=data::$(poetry run python docs/siteversion/siteversion.py)" + run: echo "data=$(poetry run python docs/siteversion/siteversion.py)" >> $GITHUB_OUTPUT - name: Publish documentation if: fromJson(steps.determine-versioning.outputs.data).version != null diff --git a/.github/workflows/publish-go-tester-task.yml b/.github/workflows/publish-go-tester-task.yml index 6dcba001c..c25d344e1 100644 --- a/.github/workflows/publish-go-tester-task.yml +++ b/.github/workflows/publish-go-tester-task.yml @@ -52,7 +52,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT package-name-prefix: needs: run-determination @@ -71,7 +71,7 @@ jobs: fi PACKAGE_NAME_PREFIX="$PACKAGE_NAME_PREFIX-${{ github.sha }}-" - echo "::set-output name=prefix::$PACKAGE_NAME_PREFIX" + echo "prefix=$PACKAGE_NAME_PREFIX" >> $GITHUB_OUTPUT build: needs: package-name-prefix diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index baf3996f1..2fa3395be 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -109,7 +109,7 @@ jobs: run: | # Use of this flag in the github-label-sync command will cause it to only check the validity of the # configuration. - echo "::set-output name=flag::--dry-run" + echo "flag=--dry-run" >> $GITHUB_OUTPUT - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/test-go-task.yml b/.github/workflows/test-go-task.yml index 78b10ccd0..773670f91 100644 --- a/.github/workflows/test-go-task.yml +++ b/.github/workflows/test-go-task.yml @@ -52,7 +52,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT test: name: test (${{ matrix.module.path }} - ${{ matrix.operating-system }})