[skip changelog] Migrate workflows from deprecated `set-output` commands (#1940)

GitHub Actions provides the capability for workflow authors to use the capabilities of the GitHub Actions ToolKit package directly in the `run` keys of workflows via "workflow commands". One such command is `set-output`, which allows data to be passed out of a workflow step as an output. It has been determined that this command has potential to be a security risk in some applications. For this reason, GitHub has deprecated the command and a warning of this is shown in the workflow run summary page of any workflow using it: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ The identical capability is now provided in a safer form via the GitHub Actions "environment files" system. Migrating the use of the deprecated workflow commands to use the `GITHUB_OUTPUT` environment file instead fixes any potential vulnerabilities in the workflows, resolves the warnings, and avoids the eventual complete breakage of the workflows that would result from GitHub's planned removal of the `set-output` workflow command 2023-05-31.

[skip changelog] Migrate workflows from deprecated `set-output` commands (#1940)
GitHub Actions provides the capability for workflow authors to use the capabilities of the GitHub Actions ToolKit package directly in the `run` keys of workflows via "workflow commands". One such command is `set-output`, which allows data to be passed out of a workflow step as an output. It has been determined that this command has potential to be a security risk in some applications. For this reason, GitHub has deprecated the command and a warning of this is shown in the workflow run summary page of any workflow using it: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ The identical capability is now provided in a safer form via the GitHub Actions "environment files" system. Migrating the use of the deprecated workflow commands to use the `GITHUB_OUTPUT` environment file instead fixes any potential vulnerabilities in the workflows, resolves the warnings, and avoids the eventual complete breakage of the workflows that would result from GitHub's planned removal of the `set-output` workflow command 2023-05-31.
c9663a3c · per1234 · GitHub · 61ba6854 · c9663a3c · c9663a3c
Unverified Commit c9663a3c authored Oct 24, 2022 by per1234 Committed by GitHub Oct 24, 2022
11 changed files
--- a/.github/workflows/check-certificates.yml
+++ b/.github/workflows/check-certificates.yml
@@ -108,7 +108,7 @@ jobs:
          echo "Certificate expiration date: $EXPIRATION_DATE"
          echo "Days remaining before expiration: $DAYS_BEFORE_EXPIRATION"

-          echo "::set-output name=days::$DAYS_BEFORE_EXPIRATION"
+          echo "days=$DAYS_BEFORE_EXPIRATION" >> $GITHUB_OUTPUT

      - name: Check if expiration notification period has been reached
        id: check-expiration

--- a/.github/workflows/check-go-dependencies-task.yml
+++ b/.github/workflows/check-go-dependencies-task.yml
@@ -56,7 +56,7 @@ jobs:
            RESULT="false"
          fi

-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT

  check-cache:
    needs: run-determination

--- a/.github/workflows/check-go-task.yml
+++ b/.github/workflows/check-go-task.yml
@@ -47,7 +47,7 @@ jobs:
            RESULT="false"
          fi

-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT

  check-errors:
    name: check-errors (${{ matrix.module.path }})

--- a/.github/workflows/check-protobuf-task.yml
+++ b/.github/workflows/check-protobuf-task.yml
@@ -42,7 +42,7 @@ jobs:
            RESULT="false"
          fi

-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT

  build:
    needs: run-determination

--- a/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml
+++ b/.github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml
@@ -45,7 +45,7 @@ jobs:
            RESULT="false"
          fi

-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT

  publish:
    runs-on: ubuntu-latest
@@ -93,7 +93,7 @@ jobs:

      - name: Determine versioning parameters
        id: determine-versioning
-        run: echo "::set-output name=data::$(poetry run python docs/siteversion/siteversion.py)"
+        run: echo "data=$(poetry run python docs/siteversion/siteversion.py)" >> $GITHUB_OUTPUT

      - name: Publish documentation
        if: fromJson(steps.determine-versioning.outputs.data).version != null

--- a/.github/workflows/publish-go-nightly-task.yml
+++ b/.github/workflows/publish-go-nightly-task.yml
@@ -56,7 +56,7 @@ jobs:
        id: get-version
        env:
          NIGHTLY: true
-        run: echo "::set-output name=version::$(task general:get-version)"
+        run: echo "version=$(task general:get-version)" >> $GITHUB_OUTPUT

      - name: Upload artifacts
        uses: actions/upload-artifact@v3

--- a/.github/workflows/publish-go-tester-task.yml
+++ b/.github/workflows/publish-go-tester-task.yml
@@ -51,7 +51,7 @@ jobs:
            RESULT="false"
          fi

-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT

  package-name-prefix:
    needs: run-determination
@@ -69,7 +69,7 @@ jobs:
          fi
          PACKAGE_NAME_PREFIX="$PACKAGE_NAME_PREFIX-${{ github.sha }}-"

-          echo "::set-output name=prefix::$PACKAGE_NAME_PREFIX"
+          echo "prefix=$PACKAGE_NAME_PREFIX" >> $GITHUB_OUTPUT

  build:
    needs: package-name-prefix

--- a/.github/workflows/release-go-task.yml
+++ b/.github/workflows/release-go-task.yml
@@ -61,7 +61,7 @@ jobs:

      - name: Output Version
        id: get-version
-        run: echo "::set-output name=version::$(task general:get-version)"
+        run: echo "version=$(task general:get-version)" >> $GITHUB_OUTPUT

      - name: Upload artifacts
        uses: actions/upload-artifact@v3
@@ -254,7 +254,7 @@ jobs:
        run: |
          wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.0.0.zip
          unzip -p /tmp/3.0.0.zip semver-tool-3.0.0/src/semver >/tmp/semver && chmod +x /tmp/semver
-          if [[ "$(/tmp/semver get prerel ${{ needs.create-release-artifacts.outputs.version }} )" ]]; then echo "::set-output name=IS_PRE::true"; fi
+          if [[ "$(/tmp/semver get prerel ${{ needs.create-release-artifacts.outputs.version }} )" ]]; then echo "IS_PRE=true" >> $GITHUB_OUTPUT; fi

      - name: Create Github Release and upload artifacts
        uses: ncipollo/release-action@v1

--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -103,7 +103,7 @@ jobs:
        run: |
          # Use of this flag in the github-label-sync command will cause it to only check the validity of the
          # configuration.
-          echo "::set-output name=flag::--dry-run"
+          echo "flag=--dry-run" >> $GITHUB_OUTPUT

      - name: Checkout repository
        uses: actions/checkout@v3

--- a/.github/workflows/test-go-integration-task.yml
+++ b/.github/workflows/test-go-integration-task.yml
@@ -55,7 +55,7 @@ jobs:
            RESULT="false"
          fi

-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT

  tests-collector:
    runs-on: ubuntu-latest
@@ -70,7 +70,7 @@ jobs:
      - name: Collect tests
        id: collection
        run: |
-          echo "::set-output name=tests-data::$(python .github/tools/get_integration_tests.py ./test/)"
+          echo "tests-data=$(python .github/tools/get_integration_tests.py ./test/)" >> $GITHUB_OUTPUT

  test:
    needs: tests-collector

--- a/.github/workflows/test-go-task.yml
+++ b/.github/workflows/test-go-task.yml
@@ -56,7 +56,7 @@ jobs:
            RESULT="false"
          fi

-          echo "::set-output name=result::$RESULT"
+          echo "result=$RESULT" >> $GITHUB_OUTPUT

  test:
    needs: run-determination