EbookFoundation · eshellman · Feb 23, 2023 · Feb 22, 2023 · Feb 22, 2023 · Feb 22, 2023
diff --git a/.github/actions/awesomebot-gh-summary-action/action.yml b/.github/actions/awesomebot-gh-summary-action/action.yml
@@ -86,12 +86,13 @@ runs:
           }
         }
 
-        # HACK to single line strings (https://trstringer.com/github-actions-multiline-strings/)
-        $text = $text -replace "`%","%25"
-        $text = $text -replace "`n","%0A"
-        $text = $text -replace "`r","%25"
-        # set output
-        echo "::set-output name=text::$text"
+        # set multiline output (the way of prevent script injection is with random delimiters)
+        # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+        # https://github.com/orgs/community/discussions/26288#discussioncomment-3876281
+        $delimiter = (openssl rand -hex 8) | Out-String
+        echo "text<<$delimiter" >> $env:GITHUB_OUTPUT
+        echo "$text" >> $env:GITHUB_OUTPUT
+        echo "$delimiter" >> $env:GITHUB_OUTPUT
 
 
     - name: Write output

diff --git a/.github/workflows/check-urls.yml b/.github/workflows/check-urls.yml
@@ -29,9 +29,9 @@ jobs:
       - name: Determine workflow parameters
         id: init-params
         run: |
-          echo "::set-output name=fetch_depth::0";
+          echo "fetch_depth=0" >> $GITHUB_OUTPUT
           if [ "${{ github.event_name }}" == "pull_request" ]; then
-            echo "::set-output name=fetch_depth::0";
+            echo "fetch_depth=0" >> $GITHUB_OUTPUT
           fi
 
       - uses: actions/checkout@v3

diff --git a/.github/workflows/detect-conflicting-prs.yml b/.github/workflows/detect-conflicting-prs.yml
@@ -51,10 +51,12 @@ jobs:
         run: |
           echo "$INPUT_PRS"  \
             | jq --compact-output --raw-output 'to_entries | map({number: .key, dirty: .value})'  \
-            | sed -e 's/^/::set-output name=prs::/'
+            | sed -e 's/^/prs=/'  \
+            >> $GITHUB_OUTPUT
           echo "$INPUT_PRS"  \
             | jq --raw-output 'to_entries | length'  \
-            | sed -e 's/^/::set-output name=prs-len::/'
+            | sed -e 's/^/prs-len=/'  \
+            >> $GITHUB_OUTPUT
         env:
           INPUT_PRS: ${{ steps.pr-labeler.outputs.prDirtyStatuses }}
 

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -81,7 +81,7 @@ jobs:
           stale-pr-label: " "
 
       - name: Print outputs for issues
-        run: echo ${{ join(steps.stale-issues.outputs.*, ',') }}
+        run: echo ${{ format('{0},{1}', toJSON(steps.stale-issues.outputs.staled-issues-prs), toJSON(steps.stale-issues.outputs.closed-issues-prs)) }}
 
       - name: Stale Pull Requests
         uses: actions/stale@v7
@@ -120,7 +120,7 @@ jobs:
           stale-issue-label: " "
 
       - name: Print outputs for PRs
-        run: echo ${{ join(steps.stale-prs.outputs.*, ',') }}
+        run: echo ${{ format('{0},{1}', toJSON(steps.stale-prs.outputs.staled-issues-prs), toJSON(steps.stale-prs.outputs.closed-issues-prs)) }}
 
       ## Removing private properties from each JSON object and compute array length
       ## TODO: Delete these set-* workarounds when resolve actions/stale#806 ?
@@ -129,17 +129,21 @@ jobs:
         run: |
           echo $INPUT_ISSUES  \
             | jq --compact-output --raw-output 'del(.[] | .[to_entries[] | .key | select(startswith("_"))])'  \
-            | sed -e 's/^/::set-output name=issues::/'
+            | sed -e 's/^/issues=/'  \
+            >> $GITHUB_OUTPUT
           echo $INPUT_ISSUES  \
             | jq --raw-output '. | length'  \
-            | sed -e 's/^/::set-output name=issues-len::/'
+            | sed -e 's/^/issues-len=/'  \
+            >> $GITHUB_OUTPUT
 
           echo $INPUT_PRS  \
             | jq --compact-output --raw-output 'del(.[] | .[to_entries[] | .key | select(startswith("_"))])'  \
-            | sed -e 's/^/::set-output name=prs::/'
+            | sed -e 's/^/prs=/'  \
+            >> $GITHUB_OUTPUT
           echo $INPUT_PRS  \
             | jq --raw-output '. | length'  \
-            | sed -e 's/^/::set-output name=prs-len::/'
+            | sed -e 's/^/prs-len=/'  \
+            >> $GITHUB_OUTPUT
         env:
           INPUT_ISSUES: ${{ steps.stale-issues.outputs.staled-issues-prs }}
           INPUT_PRS:    ${{ steps.stale-prs.outputs.staled-issues-prs }}
@@ -148,17 +152,21 @@ jobs:
         run: |
           echo $INPUT_ISSUES  \
             | jq --compact-output --raw-output 'del(.[] | .[to_entries[] | .key | select(startswith("_"))])'  \
-            | sed -e 's/^/::set-output name=issues::/'
+            | sed -e 's/^/issues=/'  \
+            >> $GITHUB_OUTPUT
           echo $INPUT_ISSUES  \
             | jq --raw-output '. | length'  \
-            | sed -e 's/^/::set-output name=issues-len::/'
+            | sed -e 's/^/issues-len=/'  \
+            >> $GITHUB_OUTPUT
 
           echo $INPUT_PRS  \
             | jq --compact-output --raw-output 'del(.[] | .[to_entries[] | .key | select(startswith("_"))])'  \
-            | sed -e 's/^/::set-output name=prs::/'
+            | sed -e 's/^/prs=/'  \
+            >> $GITHUB_OUTPUT
           echo $INPUT_PRS  \
             | jq --raw-output '. | length'  \
-            | sed -e 's/^/::set-output name=prs-len::/'
+            | sed -e 's/^/prs-len=/'  \
+            >> $GITHUB_OUTPUT
         env:
           INPUT_ISSUES: ${{ steps.stale-issues.outputs.closed-issues-prs }}
           INPUT_PRS:    ${{ steps.stale-prs.outputs.closed-issues-prs }}