dapr
/
java-sdk
mirror of https://github.com/dapr/java-sdk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove set-env usage (#351) 

https://nvd.nist.gov/vuln/detail/CVE-2020-15228 advises that setenv
and add-path are not secure, so they will be disabled very shortly on
workflows. This changes set-env to the recommended upgrade.
This commit is contained in:
Nghia Tran 2020-10-08 20:12:06 -07:00 committed by GitHub
parent 9076d9f60e
commit ff8d580990
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/build.yml vendored
View File

@ -117,13 +117,15 @@ jobs:
- name: Get pom parent version
run: |
PARENT_VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
echo "##[set-env name=PARENT_VERSION;]$PARENT_VERSION"
echo "PARENT_VERSION=$PARENT_VERSION" >> $GITHUB_ENV
- name: Is SNAPSHOT release ?
if: contains(github.ref, 'master') && contains(env.PARENT_VERSION, '-SNAPSHOT')
run: echo "##[set-env name=DEPLOY_OSSRH;]true"
run: |
echo "DEPLOY_OSSRH=true" >> $GITHUB_ENV
- name: Is Release or RC version ?
if: startswith(github.ref, 'refs/tags/v') && !contains(env.PARENT_VERSION, '-SNAPSHOT')
run: echo "##[set-env name=DEPLOY_OSSRH;]true"
run: |
echo "DEPLOY_OSSRH=true" >> $GITHUB_ENV
- name: Publish to ossrh
if: env.DEPLOY_OSSRH == 'true'
run: |