Remove set-env due to CVE-2020-15228 (dapr#318)

* Remove set-env due to CVE-2020-15228 * Remove set-env in file
jkears · Oct 16, 2020 · 798b003 · 798b003
1 parent 66a62c2
commit 798b003
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 14 deletions.
diff --git a/.github/scripts/get_release_version.py b/.github/scripts/get_release_version.py
@@ -4,26 +4,28 @@
 # ------------------------------------------------------------
 
 # This script parses release version from Git tag and set the parsed version to
-# environment variable, REL_VERSION. If the tag is the final version, it sets 
-# LATEST_RELEASE to true to add 'latest' tag to docker image.
+# environment variable, REL_VERSION.
 
 import os
 import sys
 
 gitRef = os.getenv("GITHUB_REF")
 tagRefPrefix = "refs/tags/v"
 
-if gitRef is None or not gitRef.startswith(tagRefPrefix):
-    print ("##[set-env name=REL_VERSION;]edge")
-    print ("This is daily build from {}...".format(gitRef))
-    sys.exit(0)
+with open(os.getenv("GITHUB_ENV"), "a") as githubEnv:
+    if gitRef is None or not gitRef.startswith(tagRefPrefix):
+        githubEnv.write("REL_VERSION=edge\n")
+        print ("This is daily build from {}...".format(gitRef))
+        sys.exit(0)
 
-releaseVersion = gitRef[len(tagRefPrefix):]
+    releaseVersion = gitRef[len(tagRefPrefix):]
+    releaseNotePath="docs/release_notes/v{}.md".format(releaseVersion)
 
-if gitRef.find("-rc.") > 0:
-    print ("Release Candidate build from {}...".format(gitRef))
-else:
-    print ("##[set-env name=LATEST_RELEASE;]true")
-    print ("Release build from {}...".format(gitRef))
+    if gitRef.find("-rc.") > 0:
+        print ("Release Candidate build from {}...".format(gitRef))
+    else:
+        # Set LATEST_RELEASE to true
+        githubEnv.write("LATEST_RELEASE=true\n")
+        print ("Release build from {}...".format(gitRef))
 
-print ("##[set-env name=REL_VERSION;]{}".format(releaseVersion))
+    githubEnv.write("REL_VERSION={}\n".format(releaseVersion))
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -26,7 +26,7 @@ jobs:
         run: |
           if [ -z "${{ env.SAMPLE_REGISTRY }}" ]; then
             export SAMPLE_REGISTRY=docker.io/dapriosamples
-            echo "##[set-env name=SAMPLE_REGISTRY;]$SAMPLE_REGISTRY"
+            echo "SAMPLE_REGISTRY=$SAMPLE_REGISTRY" >> $GITHUB_ENV
           fi
   
           SAMPLE_LIST=(hello-kubernetes distributed-calculator pub-sub bindings middleware observability secretstore)