GitHub Action No Longer Works Due to Deprecation of Add-Path

[LuisOsta]

Recently GitHub actions deprecated the usage of set-env and add-path commands due to security vulnerabilities.
You can find more about that here: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

So currently I can't use the Doctl GitHub action. While there is a short-term solution to allow insecure commands, since I can't do that on an action-specific basis I don't really think that's a viable route.

Here's a screen capture of the error message:

How difficult would it be to fix this for the doctl github action?

[andrewsomething]

From https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

Action authors who are using the toolkit should update the @actions/core package to v1.2.6 or greater to get the updated addPath and exportVariable functions.

We updated to v1.2.6 in: #35 This was part of the v2.1.0 release: https://github.com/digitalocean/action-doctl/releases/tag/v2.1.0

How are you specifying the version of action-doctl in yor workflow? If you point at the v2 branch, this should work:

    - name: Install doctl
      uses: digitalocean/action-doctl@v2
      with:
        token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

If you are using a specific version tag, you will need to update to v2.1.0:

uses: digitalocean/action-doctl@v2.1.0

[LuisOsta]

You're completely right! I had hard-coded the version to 2.0.0. Thanks!

[andrewsomething]

👍 No problem! Glad to hear it's working.