No way to set the ACTIONS_ALLOW_UNSECURE_COMMANDS variable.

[JJ]

This is probably a LTA error issue, more than other kind of problem. When set-env is used, this is the recommendation issued:

The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

All's good and well. Let's then set in an action such as this one that variable to the very value indicated in the error:

- name: Busca en el cuerpo del PR
        uses: actions/github-script@v3
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          ACTIONS_ALLOW_UNSECURE_COMMANDS: true
          script: |
              # script follows

But then, this is the error obtained:

Unexpected input(s) 'ACTIONS_ALLOW_UNSECURE_COMMANDS', valid inputs are ['script', 'github-token', 'debug', 'user-agent', 'previews', 'result-encoding']

While we could follow one of these recommendations, I can't find what they mean and what's the reasonable value for them. It looks like errors like these are happening all over the place since set-env was deprecated today.

[JJ]

OK, stupid error.

[bogn83]

Likely highly off-topic, but what's an LTA error?

[JJ]

Less than awesome error. Something that does not point to the precise problem or where the misunderstanding has occurred, and leaves you wondering why something is wrong. This is still a LTA error, BTW. Instead of saying "whatever you put in the with section" must be one of these inputs, it kind of made me think the value I was assigning to that variable ('true') was not correct. I realized later that's not the case, but, well...

[VictoriaRamirezCharles]

It worked for me this way.

steps:
- uses: actions/checkout@master

- name: Setup MSBuild path
  uses: microsoft/setup-msbuild@v1.0.0
  env:
    ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'
  
- name: Setup NuGet
  uses: NuGet/setup-nuget@v1.0.2
  env:
    ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'

[thboop]

I'll update the toolkit docs, but if you are trying to opt into the old commands, here's how you can do that:

If you are using these old commands, the steps that use them in your workflow will fail. You will want to move towards using Environment Files.

You may also opt into unsecure command execution as well, at a job level or for all jobs on your self hosted runner. We recommend you do not choose to do this, and instead update to the new Environment Files.

• To opt in at a job level, set ACTIONS_ALLOW_UNSECURE_COMMANDS to true

jobs:
  test:
    runs-on: self-hosted
    env:
      ACTIONS_ALLOW_UNSECURE_COMMANDS: true

• To opt in for all jobs run on a self hosted runner, set ACTIONS_ALLOW_UNSECURE_COMMANDS=true in the .env file found at the root of the runner, much like you would set an http_proxy

[JJ]

@thboop the main problem is that downstream actions such as github-script were, until 3 hours ago, not updated. Thanks a lot anyway.

[williamhaley]

After re-reading a few times I see the right way to do this going forward.

Setting an environment variable

echo "{name}={value}" >> $GITHUB_ENV

But the dev experience for this deprecation is a bit rough. It was only through this issue that I found the answer.

The path from "this is no longer correct" to "what is the right way to do it" is a little hazy at first.

I didn't realize deprecating set-env was on the roadmap at all until a job just now failed for me. The link to the deprecation info is all the way to the right in this error so there's no way to see it without scrolling (which I didn't think to do initially).

And googling github actions environment files, looking for the canonical docs on how to do this "right", were a bit buried.

In hindsight, I see the deprecation error is my first google result, but I was looking for the official docs at that point, not the deprecation notice.

[atrull]

So if you want to quickly fix this..

I've set the first 'step' on all workflows to the following:

steps:
  - name: ACTIONS_ALLOW_UNSECURE_COMMANDS
    id: ACTIONS_ALLOW_UNSECURE_COMMANDS
    run: echo 'ACTIONS_ALLOW_UNSECURE_COMMANDS=true' >> $GITHUB_ENV

[zachliu]

don't understand why we need ACTIONS_ALLOW_UNSECURE_COMMANDS=true, all i need to do is replacing

echo "::set-env name=PR_AUTHOR::${{ github.event.pull_request.user.login }}"
echo "::set-env name=PR_AUTHOR::${{ github.event.issue.user.login }}"

with

echo "PR_AUTHOR=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
echo "PR_AUTHOR=${{ github.event.issue.user.login }}" >> $GITHUB_ENV

[thboop]

don't understand why we need ACTIONS_ALLOW_UNSECURE_COMMANDS=true, all i need to do is replacing

echo "::set-env name=PR_AUTHOR::${{ github.event.pull_request.user.login }}"
echo "::set-env name=PR_AUTHOR::${{ github.event.issue.user.login }}"

with

echo "PR_AUTHOR=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
echo "PR_AUTHOR=${{ github.event.issue.user.login }}" >> $GITHUB_ENV

That is correct. You will want to move towards using Environment Files, which is what you are doing. We don't recommend you set ACTIONS_ALLOW_UNSECURE_COMMANDS, but some users may choose that to do that as a short term mitigation while they get their actions or workflows updated.

[dre4success]

don't understand why we need ACTIONS_ALLOW_UNSECURE_COMMANDS=true, all i need to do is replacing

echo "::set-env name=PR_AUTHOR::${{ github.event.pull_request.user.login }}"
echo "::set-env name=PR_AUTHOR::${{ github.event.issue.user.login }}"

with

echo "PR_AUTHOR=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
echo "PR_AUTHOR=${{ github.event.issue.user.login }}" >> $GITHUB_ENV

This definitely worked.

[vsub21]

I am attempting to quickly fix a repo that is no longer deploying to Azure Functions upon push:

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - name: 'Define env variables'
      run: |
        echo "PYTHON_VERSION=3.7" >> $GITHUB_ENV

    - name: 'Checkout GitHub Action'
      uses: actions/checkout@master

    - name: Setup Python $PYTHON_VERSION Environment
      uses: actions/setup-python@v2
      with:
        python-version: $PYTHON_VERSION

When I attempt to kickoff this action, I get this error as a result:

@github-actionsgithub-actions
/ build-and-deploy
.github#L1
Version $PYTHON_VERSION with arch x64 not found
The list of all available versions can be found here: https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json

I am not sure of what I am doing wrong, does anyone know?

[JJ]

I would say it's in this line:

echo "PYTHON_VERSION=3.7" >> $GITHUB_ENV

and this line

python-version: $PYTHON_VERSION

I would say that should be ${{ PYTHON_VERSION }} In any case, if you're setting that deterministically maybe you should simply set the version there. Again, I would say this is the case of a LTA error. Simply putting $PYTHON_VERSION in some kind of quotes would make easier to understand that it's taking that literally.

[omar-m-othman]

It worked for me this way.

steps:
- uses: actions/checkout@master

- name: Setup MSBuild path
  uses: microsoft/setup-msbuild@v1.0.0
  env:
    ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'
  
- name: Setup NuGet
  uses: NuGet/setup-nuget@v1.0.2
  env:
    ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'

Do those who are thumbing down care to explain why? This indeed worked like a charm.

[hubert17]

don't understand why we need ACTIONS_ALLOW_UNSECURE_COMMANDS=true, all i need to do is replacing

echo "::set-env name=PR_AUTHOR::${{ github.event.pull_request.user.login }}"
echo "::set-env name=PR_AUTHOR::${{ github.event.issue.user.login }}"

with

echo "PR_AUTHOR=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
echo "PR_AUTHOR=${{ github.event.issue.user.login }}" >> $GITHUB_ENV

This definitely worked.

It worked for me. Thank you!

[bcagarwal]

I tried to run like below and I still get

The add-path command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the ACTIONS_ALLOW_UNSECURE_COMMANDS environment variable to true.

      - run: echo "PR_AUTHOR=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
      - run: echo "PR_AUTHOR=${{ github.event.issue.user.login }}" >> $GITHUB_ENV

      - uses: chrislennon/action-aws-cli@v1.1

- uses: chrislennon/action-aws-cli@v1.1

This is the command where I get the error..