Overview
You might have been noticing some of these warnings in your GitHub Actions workflows:
Warning: The
set-outputcommand is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
GitHub is disabling the set-output and save-state commands in GitHub Actions on May 31, 2023, so it’s crunch time in ensuring your workflows are updated to use the new command syntax. For actions that you are authoring, the fix is relatively simply.
Old:
1
2
3
4
5
- name: Save state
run: echo "::save-state name={name}::{value}"
- name: Set output
run: echo "::set-output name={name}::{value}"
New:
1
2
3
4
5
- name: Save state
run: echo "{name}={value}" >> $GITHUB_STATE
- name: Set output
run: echo "{name}={value}" >> $GITHUB_OUTPUT
You could simply perform a code search and update instances of set-output and save-state to the new syntax. However, this wouldn’t work for actions that you are consuming from the marketplace. For example, if you were using actions/stale@v5.2.0 in your workflows, you would see this warning in your workflow run logs.
Finding Deprecated Workflow Command Usage
I created a bash solution to audit a list of repositories for deprecated workflow commands. It checks through recent workflow runs (configurable) to see if there are any set-output or save-state deprecation warnings in the logs. The outputs are stored to a specified CSV file and denotes if the deprecation message was found in the most recent workflow run or not. The reason why I’m searching through multiple workflow runs is that there is a possibility that certain actions aren’t run on every workflow run, such as a PR build, so I wanted to ensure proper coverage.
Usage
Repository: joshjohanning/github-actions-log-warning-checker
- Run
gh auth loginto authenticate with GitHub CLI - Run
./generate-repos.sh <org> > repos.csv- Modify list as needed
- Or create a list of repos in a csv file,
<org/<repo>, 1 per line, with a trailing empty line at the end of the file
- Run:
./github-actions-log-warning-checker.sh repos.csv output.csv
Example Output
1
2
3
repo,workflow_name,workflow_url,found_in_latest_workflow_run
joshjohanning-org/actions-linter-testing,CI,https://github.com/joshjohanning-org/actions-linter-testing/blob/main/.github/workflows/blank.yml,no
joshjohanning-org/actions-linter-testing,new-workflow,https://github.com/joshjohanning-org/actions-linter-testing/blob/main/.github/workflows/new-file.yml,yes
To do
- Find deprecated Node.js 12 actions
- Use annotations to be able to return workflow run log line links (for easier discoverability of which action is using the deprecated command(s))
Summary
As an Enterprise/Organization owner, this tool can be useful to find repositories that are using deprecated workflow commands. You can then reach out to the owners of the repositories to let them know that they need to update their workflows. This can also be useful for repository admins as well, and just feed in the list of repositories that you manage.
Going forward, make sure to set up dependabot.yml file to keep your actions up to date. This also applies for actions that are internal to your enterprise/organization, but with additional configuration required (see my post for more details!).
Also, check out another user’s solution to the problem I’m solving here!