Migrate workflows from deprecated set-output commands

per1234 · per1234 · commit 994b9dd71989 · 2023-07-19T00:33:08.000-07:00
GitHub Actions provides the capability for workflow authors to use the capabilities of the GitHub Actions ToolKit package directly in the `run` keys of workflows via "workflow commands". One such command is `set-output`, which allows data to be passed out of a workflow step as an output. It has been determined that this command has potential to be a security risk in some applications. For this reason, GitHub has deprecated the command and a warning of this is shown in the workflow run summary page of any workflow using it: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ The identical capability is now provided in a safer form via the GitHub Actions "environment files" system. Migrating the use of the deprecated workflow commands to use the `GITHUB_OUTPUT` environment file instead fixes any potential vulnerabilities in the workflows, resolves the warnings, and avoids the eventual complete breakage of the workflows that would result from GitHub's planned removal of the `set-output` workflow command.
diff --git a/.github/workflows/check-go-dependencies-task.yml b/.github/workflows/check-go-dependencies-task.yml
@@ -57,7 +57,7 @@ jobs:
             RESULT="false"
           fi
 
-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT
 
   check-cache:
     needs: run-determination
diff --git a/.github/workflows/check-go-task.yml b/.github/workflows/check-go-task.yml
@@ -51,7 +51,7 @@ jobs:
             RESULT="false"
           fi
 
-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT
 
   check-errors:
     name: check-errors (${{ matrix.module.path }})
diff --git a/.github/workflows/compare-performance.yml b/.github/workflows/compare-performance.yml
@@ -70,7 +70,7 @@ jobs:
             exit 1
           fi
 
-          echo "::set-output name=ref::$COMPARISON_REF"
+          echo "ref=$COMPARISON_REF" >> $GITHUB_OUTPUT
 
   run:
     name: Run at ${{ matrix.data.ref }} (${{ matrix.data.description }})
@@ -126,7 +126,7 @@ jobs:
             # anyway.
             USE_GO_VERSION="1.14"
           fi
-          echo "::set-output name=version::$USE_GO_VERSION"
+          echo "version=$USE_GO_VERSION" >> $GITHUB_OUTPUT
 
       - name: Install Go
         uses: actions/setup-go@v4
@@ -201,11 +201,38 @@ jobs:
           ./libraries-repository-engine "${{ env.CONFIG_PATH }}" "${{ env.REGISTRY_PATH }}"
 
           # Define step outputs with the performance data
-          echo "::set-output name=Type::fresh"
-          echo "::set-output name=Duration::$SECONDS"
-          echo "::set-output name=GitClonesSize::$(du --apparent-size --bytes --summarize "${{ env.GIT_CLONES_PATH }}" | cut --fields=1)"
-          echo "::set-output name=LibraryArchivesSize::$(du --apparent-size --bytes --summarize "${{ env.LIBRARY_ARCHIVES_PATH }}" | cut --fields=1)"
-          echo "::set-output name=LogsSize::$(du --apparent-size --bytes --summarize "${{ env.LOGS_PATH }}" | cut --fields=1)"
+          echo "Type=fresh" >> $GITHUB_OUTPUT
+          echo "Duration=$SECONDS" >> $GITHUB_OUTPUT
+          echo "GitClonesSize=$( \
+            du \
+              --apparent-size \
+              --bytes \
+              --summarize \
+              "${{ env.GIT_CLONES_PATH }}" \
+            | \
+            cut \
+              --fields=1 \
+          )" >> $GITHUB_OUTPUT
+          echo "LibraryArchivesSize=$( \
+            du \
+              --apparent-size \
+              --bytes \
+              --summarize \
+              "${{ env.LIBRARY_ARCHIVES_PATH }}" \
+            | \
+            cut \
+            --fields=1 \
+          )" >> $GITHUB_OUTPUT
+          echo "LogsSize=$( \
+            du \
+              --apparent-size \
+              --bytes \
+              --summarize \
+              "${{ env.LOGS_PATH }}" \
+            | \
+            cut \
+              --fields=1 \
+          )" >> $GITHUB_OUTPUT
 
       - name: Run sync on populated database
         id: populated
@@ -214,11 +241,38 @@ jobs:
           ./libraries-repository-engine "${{ env.CONFIG_PATH }}" "${{ env.REGISTRY_PATH }}"
 
           # Define step outputs with the performance data
-          echo "::set-output name=Type::populated"
-          echo "::set-output name=Duration::$SECONDS"
-          echo "::set-output name=GitClonesSize::$(du --apparent-size --bytes --summarize "${{ env.GIT_CLONES_PATH }}" | cut --fields=1)"
-          echo "::set-output name=LibraryArchivesSize::$(du --apparent-size --bytes --summarize "${{ env.LIBRARY_ARCHIVES_PATH }}" | cut --fields=1)"
-          echo "::set-output name=LogsSize::$(du --apparent-size --bytes --summarize "${{ env.LOGS_PATH }}" | cut --fields=1)"
+          echo "Type=populated" >> $GITHUB_OUTPUT
+          echo "Duration=$SECONDS" >> $GITHUB_OUTPUT
+          echo "GitClonesSize=$( \
+            du \
+              --apparent-size \
+              --bytes \
+              --summarize \
+              "${{ env.GIT_CLONES_PATH }}" \
+            | \
+            cut \
+              --fields=1 \
+          )" >> $GITHUB_OUTPUT
+          echo "LibraryArchivesSize=$( \
+            du \
+              --apparent-size \
+              --bytes \
+              --summarize \
+              "${{ env.LIBRARY_ARCHIVES_PATH }}" \
+            | \
+            cut \
+              --fields=1 \
+          )" >> $GITHUB_OUTPUT
+          echo "LogsSize=$( \
+            du \
+              --apparent-size \
+              --bytes \
+              --summarize \
+              "${{ env.LOGS_PATH }}" \
+            | \
+            cut \
+              --fields=1 \
+          )" >> $GITHUB_OUTPUT
 
       - name: Create report
         run: |
diff --git a/.github/workflows/publish-go-tester-task.yml b/.github/workflows/publish-go-tester-task.yml
@@ -48,7 +48,7 @@ jobs:
             RESULT="false"
           fi
 
-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT
 
   build:
     needs: run-determination
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -84,7 +84,9 @@ jobs:
       - name: Identify Prerelease
         id: prerelease
         run: |
-          if [[ "$("${{ env.SEMVER_TOOL_PATH }}" get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "::set-output name=IS_PRE::true"; fi
+          if [[ "$("${{ env.SEMVER_TOOL_PATH }}" get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then
+            echo "IS_PRE=true" >> $GITHUB_OUTPUT
+          fi
 
       - name: Create Release
         uses: ncipollo/release-action@v1
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
@@ -109,7 +109,7 @@ jobs:
         run: |
           # Use of this flag in the github-label-sync command will cause it to only check the validity of the
           # configuration.
-          echo "::set-output name=flag::--dry-run"
+          echo "flag=--dry-run" >> $GITHUB_OUTPUT
 
       - name: Checkout repository
         uses: actions/checkout@v3
diff --git a/.github/workflows/test-go-integration-task.yml b/.github/workflows/test-go-integration-task.yml
@@ -63,7 +63,7 @@ jobs:
             RESULT="false"
           fi
 
-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT
 
   test:
     needs: run-determination
diff --git a/.github/workflows/test-go-task.yml b/.github/workflows/test-go-task.yml
@@ -52,7 +52,7 @@ jobs:
             RESULT="false"
           fi
 
-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT
 
   test:
     name: test (${{ matrix.module.path }} - ${{ matrix.operating-system }})
