`set-env` command is disabled

[Satak]

Azure Login fails now with error:

- Error: Unable to process command '::set-env name=AZURE_HTTP_USER_AGENT,::' successfully.
- Error: The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
- Error: Unable to process command '::set-env name=AZUREPS_HOST_ENVIRONMENT,::' successfully.
- Error: The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

Any workaround? Devs ahoy?!

[Satak]

I tried to add env ACTIONS_ALLOW_UNSECURE_COMMANDS: true but it doesn't help.

      - name: Login to Azure
        uses: azure/login@v1
        env:
          ACTIONS_ALLOW_UNSECURE_COMMANDS: true
        with:
          creds: ${{secrets.AZURE_CREDENTIALS}}
          enable-AzPSSession: true

[aksm-ms]

@Satak i am using azure/login@v1 in my workflow and it is not throwing any error. If possible, can you please share link to workflow run/complete workflow file? If not, can you please share debug logs? Please create a secret ACTIONS_STEP_DEBUG and set it to true to get debug logs

[walzph]

My workflow breaks too. It seems like Github disabled the set-env and set-path commands in its action runners just today (at least in Europe).

This is a security measure and was already announced on Oct 1, 2020 in the CVE-2020-15228. However without a clear deadline ..

Although this project uses the latest @actions/core v1.2.6, the issue can only be resolved by switching to environment files syntax as the exportVariable() function in the @actions/core library still sets env variables via stdout:
https://github.com/actions/toolkit/blob/2bf7365352507ee52b4017790934cf9cefabc5f4/packages/core/src/core.ts#L51

[sdebruyn]

My pipeline started failing today because of this. If you need an example: https://github.com/datarootsio/terraform-module-azure-datalake/actions/runs/367093870

[aksm-ms]

@sdebruyn can you please update your workflow to use azure/login@v1? currently azure/login@v1.1 is being used

[aksm-ms]

@walzph Are you using self-hosted runner? Also can you please share your workflow and debug logs?

[walzph]

@walzph Are you using self-hosted runner? Also can you please share your workflow and debug logs?

No, I'm not using a self-hosted runner.

2020-11-17T09:08:36.6767762Z ##[group]Run azure/login@v1.1
2020-11-17T09:08:36.6768555Z with:
2020-11-17T09:08:36.6773475Z   creds: ***
2020-11-17T09:08:36.6774266Z   enable-AzPSSession: false
2020-11-17T09:08:36.6775067Z ##[endgroup]
2020-11-17T09:08:36.7793849Z ##[error]Unable to process command '::set-env name=AZURE_HTTP_USER_AGENT,::GITHUBACTIONS/AzureLogin@v1_daeff026641a706c654bae92849b829816ac16035db8203dda04335a0bcd52bb' successfully.
2020-11-17T09:08:36.7811688Z ##[error]The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
2020-11-17T09:08:36.7918221Z ##[error]Unable to process command '::set-env name=AZUREPS_HOST_ENVIRONMENT,::GITHUBACTIONS/AzureLogin@v1_daeff026641a706c654bae92849b829816ac16035db8203dda04335a0bcd52bb' successfully.
2020-11-17T09:08:36.7924879Z ##[error]The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
2020-11-17T09:08:36.7929440Z [command]/usr/bin/az --version
2020-11-17T09:08:40.1774726Z azure-cli                         2.14.1 *
2020-11-17T09:08:40.1775767Z 
2020-11-17T09:08:40.1776964Z core                              2.14.1 *
2020-11-17T09:08:40.1777899Z telemetry                          1.0.6
2020-11-17T09:08:40.1778376Z 
2020-11-17T09:08:40.1779046Z Extensions:
2020-11-17T09:08:40.1780298Z azure-devops                      0.18.0
2020-11-17T09:08:40.1781102Z 
2020-11-17T09:08:40.1782154Z Python location '/opt/az/bin/python3'
2020-11-17T09:08:40.1783391Z Extensions directory '/opt/az/azcliextensions'
2020-11-17T09:08:40.1784023Z 
2020-11-17T09:08:40.1784873Z Python (Linux) 3.6.10 (default, Nov  6 2020, 08:35:03) 
2020-11-17T09:08:40.1785680Z [GCC 7.5.0]
2020-11-17T09:08:40.1786082Z 
2020-11-17T09:08:40.1786995Z Legal docs and information: aka.ms/AzureCliLegal
2020-11-17T09:08:40.1787614Z 
2020-11-17T09:08:40.1787985Z 
2020-11-17T09:08:40.1788369Z 
2020-11-17T09:08:40.1789360Z Please let us know how we are doing: https://aka.ms/azureclihats
2020-11-17T09:08:40.1791087Z and let us know if you're interested in trying out our newest features: https://aka.ms/CLIUXstudy
2020-11-17T09:08:40.1792864Z You have 2 updates available. Consider updating your CLI installation with 'az upgrade'
2020-11-17T09:08:45.2961997Z Login successful.
2020-11-17T09:08:45.2968982Z ##[error]Unable to process command '::set-env name=AZURE_HTTP_USER_AGENT,::' successfully.
2020-11-17T09:08:45.2975951Z ##[error]The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
2020-11-17T09:08:45.2984796Z ##[error]Unable to process command '::set-env name=AZUREPS_HOST_ENVIRONMENT,::' successfully.
2020-11-17T09:08:45.2990720Z ##[error]The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
2020-11-17T09:08:45.3131763Z Post job cleanup.

[walzph]

Just noticed, I'm using v1.1 too. Will switch to v1 and check again.

[walzph]

@sdebruyn can you please update your workflow to use azure/login@v1? currently azure/login@v1.1 is being used

I can confirm that switching to azure/login@v1 solved the issue for me.

2020-11-17T10:39:21.6151673Z ##[group]Run azure/login@v1
2020-11-17T10:39:21.6152713Z with:
2020-11-17T10:39:21.6158065Z   creds: ***
2020-11-17T10:39:21.6159601Z   enable-AzPSSession: false
2020-11-17T10:39:21.6160815Z   allow-no-subscriptions: false
2020-11-17T10:39:21.6161914Z ##[endgroup]
2020-11-17T10:39:30.8996903Z Login successful.
2020-11-17T10:39:30.9143001Z ##[group]Run azure/docker-login@v1
2020-11-17T10:39:30.9144076Z with:
2020-11-17T10:39:30.9145219Z   login-server: ***
2020-11-17T10:39:30.9146392Z   username: ***
2020-11-17T10:39:30.9147639Z   password: ***
2020-11-17T10:39:30.9148534Z env:
2020-11-17T10:39:30.9149480Z   AZURE_HTTP_USER_AGENT: 
2020-11-17T10:39:30.9150575Z   AZUREPS_HOST_ENVIRONMENT: 
2020-11-17T10:39:30.9151587Z ##[endgroup]

Which means in turn, that my assumption was wrong and core.exportVariable() is safe to use :)

[aksm-ms]

@walzph Thanks for checking.

[aksm-ms]

@Satak Please let me know if you are still facing the issue.

[Satak]

@Satak Please let me know if you are still facing the issue.

Updating to v1 helped. Issue can be closed.