From d9de210177690c6d190c2b0fe5745442fc8549f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Ord=C3=A1s?=
 <3125580+davorpa@users.noreply.github.com>
Date: Wed, 22 Feb 2023 13:09:40 +0100
Subject: [PATCH] security: `set-output` cmd deprecated. Use `$GITHUB_OUTPUT`
 env file

To avoid untrusted logged data to use `save-state` and `set-output` workflow commands without the intention of the workflow author we have introduced a new set of environment files to manage state and output.

Starting 1st June 2023 workflows using `save-state` or `set-output` commands via stdout will fail with an error.

https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
---
 .../awesomebot-gh-summary-action/action.yml   |  2 +-
 .github/workflows/check-urls.yml              |  4 ++--
 .github/workflows/detect-conflicting-prs.yml  |  6 +++--
 .github/workflows/stale.yml                   | 24 ++++++++++++-------
 4 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/.github/actions/awesomebot-gh-summary-action/action.yml b/.github/actions/awesomebot-gh-summary-action/action.yml
index b1f340c688118..7ee5c79caa989 100644
--- a/.github/actions/awesomebot-gh-summary-action/action.yml
+++ b/.github/actions/awesomebot-gh-summary-action/action.yml
@@ -91,7 +91,7 @@ runs:
         $text = $text -replace "`n","%0A"
         $text = $text -replace "`r","%25"
         # set output
-        echo "::set-output name=text::$text"
+        echo "text=$text" >> $env:GITHUB_OUTPUT
 
 
     - name: Write output
diff --git a/.github/workflows/check-urls.yml b/.github/workflows/check-urls.yml
index c8625bb7c122b..bd3152530fd99 100644
--- a/.github/workflows/check-urls.yml
+++ b/.github/workflows/check-urls.yml
@@ -29,9 +29,9 @@ jobs:
       - name: Determine workflow parameters
         id: init-params
         run: |
-          echo "::set-output name=fetch_depth::0";
+          echo "fetch_depth=0" >> $GITHUB_OUTPUT
           if [ "${{ github.event_name }}" == "pull_request" ]; then
-            echo "::set-output name=fetch_depth::0";
+            echo "fetch_depth=0" >> $GITHUB_OUTPUT
           fi
 
       - uses: actions/checkout@v3
diff --git a/.github/workflows/detect-conflicting-prs.yml b/.github/workflows/detect-conflicting-prs.yml
index 7a3dddc62d0cd..5a36c5d372f99 100644
--- a/.github/workflows/detect-conflicting-prs.yml
+++ b/.github/workflows/detect-conflicting-prs.yml
@@ -51,10 +51,12 @@ jobs:
         run: |
           echo "$INPUT_PRS"  \
             | jq --compact-output --raw-output 'to_entries | map({number: .key, dirty: .value})'  \
-            | sed -e 's/^/::set-output name=prs::/'
+            | sed -e 's/^/prs=/'  \
+            >> $GITHUB_OUTPUT
           echo "$INPUT_PRS"  \
             | jq --raw-output 'to_entries | length'  \
-            | sed -e 's/^/::set-output name=prs-len::/'
+            | sed -e 's/^/prs-len=/'  \
+            >> $GITHUB_OUTPUT
         env:
           INPUT_PRS: ${{ steps.pr-labeler.outputs.prDirtyStatuses }}
 
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 5772288bbe899..4a61320efc3ea 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -129,17 +129,21 @@ jobs:
         run: |
           echo $INPUT_ISSUES  \
             | jq --compact-output --raw-output 'del(.[] | .[to_entries[] | .key | select(startswith("_"))])'  \
-            | sed -e 's/^/::set-output name=issues::/'
+            | sed -e 's/^/issues=/'  \
+            >> $GITHUB_OUTPUT
           echo $INPUT_ISSUES  \
             | jq --raw-output '. | length'  \
-            | sed -e 's/^/::set-output name=issues-len::/'
+            | sed -e 's/^/issues-len=/'  \
+            >> $GITHUB_OUTPUT
 
           echo $INPUT_PRS  \
             | jq --compact-output --raw-output 'del(.[] | .[to_entries[] | .key | select(startswith("_"))])'  \
-            | sed -e 's/^/::set-output name=prs::/'
+            | sed -e 's/^/prs=/'  \
+            >> $GITHUB_OUTPUT
           echo $INPUT_PRS  \
             | jq --raw-output '. | length'  \
-            | sed -e 's/^/::set-output name=prs-len::/'
+            | sed -e 's/^/prs-len=/'  \
+            >> $GITHUB_OUTPUT
         env:
           INPUT_ISSUES: ${{ steps.stale-issues.outputs.staled-issues-prs }}
           INPUT_PRS:    ${{ steps.stale-prs.outputs.staled-issues-prs }}
@@ -148,17 +152,21 @@ jobs:
         run: |
           echo $INPUT_ISSUES  \
             | jq --compact-output --raw-output 'del(.[] | .[to_entries[] | .key | select(startswith("_"))])'  \
-            | sed -e 's/^/::set-output name=issues::/'
+            | sed -e 's/^/issues=/'  \
+            >> $GITHUB_OUTPUT
           echo $INPUT_ISSUES  \
             | jq --raw-output '. | length'  \
-            | sed -e 's/^/::set-output name=issues-len::/'
+            | sed -e 's/^/issues-len=/'  \
+            >> $GITHUB_OUTPUT
 
           echo $INPUT_PRS  \
             | jq --compact-output --raw-output 'del(.[] | .[to_entries[] | .key | select(startswith("_"))])'  \
-            | sed -e 's/^/::set-output name=prs::/'
+            | sed -e 's/^/prs=/'  \
+            >> $GITHUB_OUTPUT
           echo $INPUT_PRS  \
             | jq --raw-output '. | length'  \
-            | sed -e 's/^/::set-output name=prs-len::/'
+            | sed -e 's/^/prs-len=/'  \
+            >> $GITHUB_OUTPUT
         env:
           INPUT_ISSUES: ${{ steps.stale-issues.outputs.closed-issues-prs }}
           INPUT_PRS:    ${{ steps.stale-prs.outputs.closed-issues-prs }}