github: Conform to the CVE-2020-15228 advisory

apyrgio · apyrgio · commit d9a77178357d · 2021-01-11T01:04:27.000+02:00
Replace the dangerous `set-env` arguments in our workflow file with environment files [1], as suggested by the CVE-2020-15228 advisory [2]. [1]: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#environment-files [2]: GHSA-mfwh-5m23-j46w
diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml
@@ -138,7 +138,7 @@ jobs:
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
     steps:
       - name: Set release tag
-        run: echo ::set-env name=GITHUB_RELEASE_TAG::${GITHUB_REF#refs/tags/}
+        run: echo GITHUB_RELEASE_TAG=${GITHUB_REF#refs/tags/} >> $GITHUB_ENV
 
       - name: Create release
         id: create_release
