configure-aws-credentials
configure-aws-credentials copied to clipboard
aws-actions
Replace deprecated set-output function with GITHUB_OUTPUT
Describe the feature
The ::set-output:: function is deprecated in favor of using the GITHUB_OUTPUT environment file
Use Case
The set-output function is insecure according to this notification: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Other Information
No response
Acknowledgements
- [ ] I may be able to implement this feature request
- [ ] This feature might incur a breaking change
I've upgraded my actions to use the v1-node16 as mentioned in this issue - https://github.com/aws-actions/configure-aws-credentials/issues/489. But I'm still getting the warning for set-output. I believe this requires more than just upgrading the node version to 16. (Ref: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/)
Looks like it should be fixed by 1cb4968956a6a7aa09e9b7808b539e4df883f610. Packaging seems to be broken though: https://github.com/aws-actions/configure-aws-credentials/actions/runs/3245630680/jobs/5323409444:
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: 3 of 3 required status checks are expected. At least 1 approving review is required by reviewers with write access.
To https://github.com/aws-actions/configure-aws-credentials
! [remote rejected] HEAD -> master (protected branch hook declined)
These changes are now integrated into all branches. There are still some cleanup tasks here for us: we need to work around branch protection rules and get a better packaging workflow in place, and we need to get our v1 release tag moved up to the current dist file.
@kellertk do we need to change anything in how we reference in the GitHub actions. aws-actions/[email protected]
@kellertk do we need to change anything in how we reference in the GitHub actions. aws-actions/[email protected]
If you want to stay up to date as we release changes, you'll want to use aws-actions/configure-aws-credentials@v1 or aws-actions/configure-aws-credentials@v1-node16. Those two refs will move as version updates happen. If you use a static version tag like 1.6.1, you'll stay on 1.6.1 (and probably get deprecation warnings)
Hi, I am using aws-actions/configure-aws-credentials@v1-node16 and I am still getting warnings about set-output
Hi @niklas302 (and others) - are you sure this is coming from this action and not something else in your workflow? I took a quick look at the dist index.js for v1-node16 and v1, and we're using exactly the same function from the distributed @actions/[email protected] core.js, which should no longer have the set-output problem.
Note: set-output had nothing to do with Node 16, this was a different problem that was fixed in @actions/[email protected]. The updated dependency is present on both the master and v1-node16 branches - we haven't run the internal workflow to update the v1 release tag yet, so if you are using @v1 in your action configuration, you'll still see this until we run that update. Because v1-node16 is a branch ref and not a tag that should already be up to date. Does this still happen if you reference a commit hash instead of a branch? You'd use "a485a1e9a44e8087c439d393c63ff3a8fd4a1d08" in place of v1-node16 in your configuration.
This action itself isn't using any direct echoing of set-output to stdout. We're only using GitHub's core.setOutput function from @actions/core.
You'd use "a485a1e9a44e8087c439d393c63ff3a8fd4a1d08" in place of v1-node16 in your configuration. Just tried that in my pipeline and the warnings are still there. Its probably coming from another action then...
aws-actions/configure-aws-credentials@v1-node16 action fixes the issue for me, the warning is gone.
Hi @niklas302 (and others) - are you sure this is coming from this action and not something else in your workflow? I took a quick look at the dist index.js for v1-node16 and v1, and we're using exactly the same function from the distributed @actions/[email protected] core.js, which should no longer have the set-output problem.
Note: set-output had nothing to do with Node 16, this was a different problem that was fixed in @actions/[email protected]. The updated dependency is present on both the master and v1-node16 branches - we haven't run the internal workflow to update the v1 release tag yet, so if you are using @v1 in your action configuration, you'll still see this until we run that update. Because v1-node16 is a branch ref and not a tag that should already be up to date. Does this still happen if you reference a commit hash instead of a branch? You'd use "a485a1e9a44e8087c439d393c63ff3a8fd4a1d08" in place of v1-node16 in your configuration.
This action itself isn't using any direct echoing of set-output to stdout. We're only using GitHub's
core.setOutputfunction from @actions/core.
@kellertk I'm still getting the warning using the v1-node16 and found an instance of using 'set-output' directly in dist/cleanup/index.js:1811 here when using Repository Search on Github.
still there in the following versions:
- v1-node16
-
commit
a485a1e9a44e8087c439d393c63ff3a8fd4a1d08you referenced above
It is not present in the v1 version of that file
You can compare what we're publishing with what's in GitHub's source here in core/src/core.ts:192 . Specifically, there's a new check for the GITHUB_OUTPUT environment variable that wasn't present in previous versions of this file. Our published functions also contain this check. Previous versions of the GitHub source core/src/core.ts:192 don't have this extra check
(Note: we haven't moved the v1 tag as I explained above. The v1 version of this action has GitHub's old code without the GITHUB_OUTPUT check in it)
Using aws-actions/configure-aws-credentials@v1-node16 instead removed the warning for me. I tested the action in isolation, here is the result of the run in case anyone is interested:
Using aws-actions/configure-aws-credentials@v1:
Using aws-actions/configure-aws-credentials@v1-node16:
Here is the workflow.yaml file that I tested it with:
name: 'pull-request'
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
on:
pull_request:
branches: [ main ]
types: [ opened, reopened, synchronize ]
jobs:
run-tests:
runs-on: [ "custom-runner" ]
steps:
- name: aws login
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-2
mask-aws-account-id: 'false'
we haven't run the internal workflow to update the v1 release tag yet, so if you are using @v1 in your action configuration, you'll still see this until we run that update.
Is there any chance that the v1 tag will be updated soon?
Hello, we're still seeing this warning. What could be the reason?
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
Hello, we're still seeing this warning. What could be the reason?
- name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1
@ADTC aws-actions/configure-aws-credentials@v1-node16 no longer throws this error, you could update your workflow to use that version instead.
Hello, we're still seeing this warning. What could be the reason?
- name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1@ADTC
aws-actions/configure-aws-credentials@v1-node16no longer throws this error, you could update your workflow to use that version instead.
Any ideas on when this branch would get a release? Not really excited on switching to a separate branch that's behind the main branch.
@steeef @bryantbiggs if I'm correct, v1 is a tag, and doesn't refer to the master branch. If that's so, then v1 is a lot older than v1-node16.
@aws-actions @mluypaert the Readme says both v1 and v1-node16 branches will receive the same updates. But as far as I can tell, only v1-node16 is a branch and has been getting updates even up to yesterday, whereas v1 is a tag which hasn't moved since Aug 3, 2022 (rightfully so, since tags aren't meant to move like branches). So is the Readme misleading?
@ADTC I guess it depends on how long the maintainers intend on keeping v1-node16 around. I pin my third-party actions to specific releases, so I'd prefer to have a v2 release. It signals the direction of the project, and not that I should be relying on some testing branch.
I think that this truly should be treated as the a bug. The README says (emphasis is my own):
GitHub actions has recently started throwing warning messages regarding the deprecation of Node 12. If you would like to stop seeing this warning, configure your action to use aws-actions/configure-aws-credentials@v1-node16. Both the v1 branch and the v1-node16 branch will receive the same updates moving forward.
Clearly that is not the case.
Hey folks, sorry for all the confusion and lack of updates
v1-node16 has been released as a full v2 version - please feel safe to move to v2 as a stable release.
We don't plan on releasing further changes to v1, so if this issue persists on that version I would recommend upgrading.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@peterwoodworth will there be any breaking changes moving from the old v1 (not v1-node16) to the new v2?
There shouldn't be @ADTC, if there are, please report them in an issue 🙂