From bc437e4cbbc6a7893645afe0119624b908739a30 Mon Sep 17 00:00:00 2001 From: per1234 Date: Sat, 15 Mar 2025 12:58:53 -0700 Subject: [PATCH] Migrate workflows from deprecated `set-output` commands GitHub Actions provides the capability for workflow authors to use the capabilities of the GitHub Actions ToolKit package directly in the `run` keys of workflows via "workflow commands". One such command is `set-output`, which allows data to be passed out of a workflow step as an output. It has been determined that this command has potential to be a security risk in some applications. For this reason, GitHub has deprecated the command and a warning of this is shown in the workflow run summary page of any workflow using it: > The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more > information see: > https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ The identical capability is now provided in a safer form via the GitHub Actions "environment files" system. Migrating the use of the deprecated workflow commands to use the `GITHUB_OUTPUT` environment file instead fixes any potential vulnerabilities in the workflows, resolves the warnings, and avoids the eventual complete breakage of the workflows that would result from GitHub's planned removal of the `set-output` workflow command. --- .github/workflows/check-go-dependencies-task.yml | 2 +- .github/workflows/check-go-task.yml | 2 +- .github/workflows/check-license.yml | 2 +- .github/workflows/check-markdown-task.yml | 2 +- .github/workflows/check-yaml-task.yml | 2 +- .github/workflows/sync-labels-npm.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check-go-dependencies-task.yml b/.github/workflows/check-go-dependencies-task.yml index 18f14cd..002404e 100644 --- a/.github/workflows/check-go-dependencies-task.yml +++ b/.github/workflows/check-go-dependencies-task.yml @@ -57,7 +57,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT check-cache: needs: run-determination diff --git a/.github/workflows/check-go-task.yml b/.github/workflows/check-go-task.yml index 8c3bf3e..d369a64 100644 --- a/.github/workflows/check-go-task.yml +++ b/.github/workflows/check-go-task.yml @@ -51,7 +51,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT check-errors: name: check-errors (${{ matrix.module.path }}) diff --git a/.github/workflows/check-license.yml b/.github/workflows/check-license.yml index a33e8e2..a364c73 100644 --- a/.github/workflows/check-license.yml +++ b/.github/workflows/check-license.yml @@ -55,7 +55,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT check-license: needs: run-determination diff --git a/.github/workflows/check-markdown-task.yml b/.github/workflows/check-markdown-task.yml index f2f66d0..366c175 100644 --- a/.github/workflows/check-markdown-task.yml +++ b/.github/workflows/check-markdown-task.yml @@ -59,7 +59,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT lint: needs: run-determination diff --git a/.github/workflows/check-yaml-task.yml b/.github/workflows/check-yaml-task.yml index 36094aa..865c6e9 100644 --- a/.github/workflows/check-yaml-task.yml +++ b/.github/workflows/check-yaml-task.yml @@ -69,7 +69,7 @@ jobs: RESULT="false" fi - echo "::set-output name=result::$RESULT" + echo "result=$RESULT" >> $GITHUB_OUTPUT check: name: ${{ matrix.configuration.name }} diff --git a/.github/workflows/sync-labels-npm.yml b/.github/workflows/sync-labels-npm.yml index 8369ea4..6c2322b 100644 --- a/.github/workflows/sync-labels-npm.yml +++ b/.github/workflows/sync-labels-npm.yml @@ -119,7 +119,7 @@ jobs: run: | # Use of this flag in the github-label-sync command will cause it to only check the validity of the # configuration. - echo "::set-output name=flag::--dry-run" + echo "flag=--dry-run" >> $GITHUB_OUTPUT - name: Checkout repository uses: actions/checkout@v4