Closed Satak closed 3 years ago
I tried to add env ACTIONS_ALLOW_UNSECURE_COMMANDS: true
but it doesn't help.
- name: Login to Azure
uses: azure/login@v1
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
with:
creds: ${{secrets.AZURE_CREDENTIALS}}
enable-AzPSSession: true
@Satak i am using azure/login@v1 in my workflow and it is not throwing any error. If possible, can you please share link to workflow run/complete workflow file? If not, can you please share debug logs? Please create a secret ACTIONS_STEP_DEBUG and set it to true to get debug logs
My workflow breaks too. It seems like Github disabled the set-env
and set-path
commands in its action runners just today (at least in Europe).
This is a security measure and was already announced on Oct 1, 2020 in the CVE-2020-15228. However without a clear deadline ..
Although this project uses the latest @actions/core v1.2.6
, the issue can only be resolved by switching to environment files syntax as the exportVariable()
function in the @actions/core library still sets env variables via stdout:
https://github.com/actions/toolkit/blob/2bf7365352507ee52b4017790934cf9cefabc5f4/packages/core/src/core.ts#L51
My pipeline started failing today because of this. If you need an example: https://github.com/datarootsio/terraform-module-azure-datalake/actions/runs/367093870
@sdebruyn can you please update your workflow to use azure/login@v1? currently azure/login@v1.1 is being used
@walzph Are you using self-hosted runner? Also can you please share your workflow and debug logs?
@walzph Are you using self-hosted runner? Also can you please share your workflow and debug logs?
No, I'm not using a self-hosted runner.
2020-11-17T09:08:36.6767762Z ##[group]Run azure/login@v1.1
2020-11-17T09:08:36.6768555Z with:
2020-11-17T09:08:36.6773475Z creds: ***
2020-11-17T09:08:36.6774266Z enable-AzPSSession: false
2020-11-17T09:08:36.6775067Z ##[endgroup]
2020-11-17T09:08:36.7793849Z ##[error]Unable to process command '::set-env name=AZURE_HTTP_USER_AGENT,::GITHUBACTIONS/AzureLogin@v1_daeff026641a706c654bae92849b829816ac16035db8203dda04335a0bcd52bb' successfully.
2020-11-17T09:08:36.7811688Z ##[error]The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
2020-11-17T09:08:36.7918221Z ##[error]Unable to process command '::set-env name=AZUREPS_HOST_ENVIRONMENT,::GITHUBACTIONS/AzureLogin@v1_daeff026641a706c654bae92849b829816ac16035db8203dda04335a0bcd52bb' successfully.
2020-11-17T09:08:36.7924879Z ##[error]The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
2020-11-17T09:08:36.7929440Z [command]/usr/bin/az --version
2020-11-17T09:08:40.1774726Z azure-cli 2.14.1 *
2020-11-17T09:08:40.1775767Z
2020-11-17T09:08:40.1776964Z core 2.14.1 *
2020-11-17T09:08:40.1777899Z telemetry 1.0.6
2020-11-17T09:08:40.1778376Z
2020-11-17T09:08:40.1779046Z Extensions:
2020-11-17T09:08:40.1780298Z azure-devops 0.18.0
2020-11-17T09:08:40.1781102Z
2020-11-17T09:08:40.1782154Z Python location '/opt/az/bin/python3'
2020-11-17T09:08:40.1783391Z Extensions directory '/opt/az/azcliextensions'
2020-11-17T09:08:40.1784023Z
2020-11-17T09:08:40.1784873Z Python (Linux) 3.6.10 (default, Nov 6 2020, 08:35:03)
2020-11-17T09:08:40.1785680Z [GCC 7.5.0]
2020-11-17T09:08:40.1786082Z
2020-11-17T09:08:40.1786995Z Legal docs and information: aka.ms/AzureCliLegal
2020-11-17T09:08:40.1787614Z
2020-11-17T09:08:40.1787985Z
2020-11-17T09:08:40.1788369Z
2020-11-17T09:08:40.1789360Z Please let us know how we are doing: https://aka.ms/azureclihats
2020-11-17T09:08:40.1791087Z and let us know if you're interested in trying out our newest features: https://aka.ms/CLIUXstudy
2020-11-17T09:08:40.1792864Z You have 2 updates available. Consider updating your CLI installation with 'az upgrade'
2020-11-17T09:08:45.2961997Z Login successful.
2020-11-17T09:08:45.2968982Z ##[error]Unable to process command '::set-env name=AZURE_HTTP_USER_AGENT,::' successfully.
2020-11-17T09:08:45.2975951Z ##[error]The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
2020-11-17T09:08:45.2984796Z ##[error]Unable to process command '::set-env name=AZUREPS_HOST_ENVIRONMENT,::' successfully.
2020-11-17T09:08:45.2990720Z ##[error]The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
2020-11-17T09:08:45.3131763Z Post job cleanup.
Just noticed, I'm using v1.1 too. Will switch to v1 and check again.
@sdebruyn can you please update your workflow to use azure/login@v1? currently azure/login@v1.1 is being used
I can confirm that switching to azure/login@v1 solved the issue for me.
2020-11-17T10:39:21.6151673Z ##[group]Run azure/login@v1
2020-11-17T10:39:21.6152713Z with:
2020-11-17T10:39:21.6158065Z creds: ***
2020-11-17T10:39:21.6159601Z enable-AzPSSession: false
2020-11-17T10:39:21.6160815Z allow-no-subscriptions: false
2020-11-17T10:39:21.6161914Z ##[endgroup]
2020-11-17T10:39:30.8996903Z Login successful.
2020-11-17T10:39:30.9143001Z ##[group]Run azure/docker-login@v1
2020-11-17T10:39:30.9144076Z with:
2020-11-17T10:39:30.9145219Z login-server: ***
2020-11-17T10:39:30.9146392Z username: ***
2020-11-17T10:39:30.9147639Z password: ***
2020-11-17T10:39:30.9148534Z env:
2020-11-17T10:39:30.9149480Z AZURE_HTTP_USER_AGENT:
2020-11-17T10:39:30.9150575Z AZUREPS_HOST_ENVIRONMENT:
2020-11-17T10:39:30.9151587Z ##[endgroup]
Which means in turn, that my assumption was wrong and core.exportVariable()
is safe to use :)
@walzph Thanks for checking.
@Satak Please let me know if you are still facing the issue.
@Satak Please let me know if you are still facing the issue.
Updating to v1 helped. Issue can be closed.
Azure Login fails now with error:
Any workaround? Devs ahoy?!