New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
set-output deprecation scared me nearly to death #1212
Comments
If
I expect we will hear more specifics regarding GitHub's timeline based on the progress the community makes in squashing this security concern. This doesn't apply to you, @DaSchTour, but others following this thread can also see ScribeMD/docker-cache#208 for an example of replacing |
Well, actually I couldn't find any use of set-output in my workflow or the used actions. That's making this even more scary. But I'm not sure if workflow outputs also count as usage of set-output. That's the only possible reason. But it's not mentioned in the changelog. |
Do the actions you use have any dependencies? Did you find |
Well, I just rechecked and I can't find any name: Tags
on:
workflow_call:
outputs:
head:
description: 'HEAD SHA'
value: ${{ jobs.tags.outputs.head }}
base:
description: 'Base SHA'
value: ${{ jobs.tags.outputs.base }}
jobs:
tags:
name: Tags
runs-on: ubuntu-latest
outputs:
base: ${{ steps.sha.outputs.base }}
head: ${{ steps.sha.outputs.head }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: nrwl/nx-set-shas@v2
id: sha
with:
main-branch-name: ${{ github.event.repository.default_branch }} |
|
@Kurt-von-Laven thanks a lot for your help. I wished github would have written a bit more about this deprecation. |
I have the same issues, deprecation notice everywhere. @Kurt-von-Laven somehow 1.10.0 still outputs |
It is correct that |
set-output is deprecated but there is no real migration guide, I have no idea what to do and I'm sacred that my actions will all break in the next days and I'll have to switch to another CI because I have no idea how to fix it.
That's a really scary situation, as I have no idea how to proceed. Especially as there is actually no set-output in my yml and I would not expect this warning to show up.
The text was updated successfully, but these errors were encountered: