slsa-framework · asraa · Nov 4, 2022 · Nov 3, 2022 · Nov 3, 2022 · Nov 3, 2022
@@ -230,7 +230,6 @@ jobs:
         run: |
           set -euo pipefail
 
-          # Disable set-output command.
           echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`"
 
           echo "$GITHUB_WORKSPACE/$BUILDER_BINARY" build "$CONFIG_FILE" "$UNTRUSTED_ENVS"

@@ -268,7 +268,7 @@ jobs:
 
           # cp output into upper folder to make the tarball accessible to
           # next step.
-          echo '::set-output name=filename::$TARBALL'
+          echo "filename=$TARBALL" >> "$GITHUB_OUTPUT"
 
       - name: Upload generated tarball
         id: upload

@@ -0,0 +1,39 @@
+// Copyright 2022 SLSA Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package github
+
+import (
+	"fmt"
+	"os"
+)
+
+// SetOutput writes a name value pair to a file located at GITHUB_OUTPUT.
+func SetOutput(name, value string) error {
+	if filename := os.Getenv("GITHUB_OUTPUT"); filename != "" {
+		f, err := os.OpenFile(filename, os.O_APPEND|os.O_WRONLY, 0o666)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+
+		if _, err := f.WriteString(name + "=" + value + "\n"); err != nil {
+			return err
+		}
+	} else {
+		// TODO(asraa): When set-output is EOL, remove this fallback.
+		fmt.Printf("::set-output name=%s=%s\n", name, value)
+	}
+	return nil
+}
@@ -123,8 +123,8 @@ run in the context of a Github Actions workflow.`,
 			check(err)
 
 			// Print the provenance name and sha256 so it can be used by the workflow.
-			fmt.Printf("::set-output name=provenance-name::%s\n", attPath)
-			fmt.Printf("::set-output name=provenance-sha256::%x\n", sha256.Sum256(attBytes))
+			github.SetOutput("provenance-name", attPath)
+			github.SetOutput("provenance-sha256", fmt.Sprintf("%x", sha256.Sum256(attBytes)))
 		},
 	}
 

@@ -24,6 +24,7 @@ import (
 	"os/exec"
 	"path/filepath"
 
+	"github.com/slsa-framework/slsa-github-generator/github"
 	"github.com/slsa-framework/slsa-github-generator/signing/sigstore"
 
 	// Enable the GitHub OIDC auth provider.
@@ -93,14 +94,14 @@ func runProvenanceGeneration(subject, digest, commands, envs, workingDir, rekor
 		return err
 	}
 
-	fmt.Printf("::set-output name=signed-provenance-name::%s\n", filename)
+	github.SetOutput("signed-provenance-name", filename)
 
 	h, err := computeSHA256(filename)
 	if err != nil {
 		return err
 	}
 
-	fmt.Printf("::set-output name=signed-provenance-sha256::%s\n", h)
+	github.SetOutput("signed-provenance-sha256", h)
 
 	return nil
 }

@@ -2,9 +2,7 @@ package main
 
 import (
 	"bufio"
-	"bytes"
 	"errors"
-	"io"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -274,18 +272,21 @@ func Test_runBuild(t *testing.T) {
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
 		t.Run(tt.name, func(t *testing.T) {
-			// *** WARNING: do not enable t.Parallel(), because we're redirecting stdout ***.
+			// *** WARNING: do not enable t.Parallel(), because we're writing to  ***.
 
+			file, err := os.CreateTemp("", "")
+			if err != nil {
+				t.Fatalf("unable to create a temp env file: %s", err)
+			}
+			defer os.Remove(file.Name())
 			// http://craigwickesser.com/2015/01/capture-stdout-in-go/
-			r := runNew()
-			r.start()
 
-			err := runBuild(true,
+			t.Setenv("GITHUB_OUTPUT", file.Name())
+
+			err = runBuild(true,
 				tt.config,
 				tt.evalEnvs)
 
-			s := r.end()
-
 			if !errCmp(err, tt.err) {
 				t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors()))
 			}
@@ -294,7 +295,8 @@ func Test_runBuild(t *testing.T) {
 				return
 			}
 
-			cmd, env, subject, wd, err := extract(s)
+			file.Seek(0, 0)
+			cmd, env, subject, wd, err := extract(file)
 			if err != nil {
 				t.Errorf("extract: %v", err)
 			}
@@ -323,53 +325,17 @@ func Test_runBuild(t *testing.T) {
 	}
 }
 
-type run struct {
-	oldStdout *os.File
-	wPipe     *os.File
-	rPipe     *os.File
-}
-
-func runNew() *run {
-	return &run{}
-}
-
-func (r *run) start() {
-	old := os.Stdout
-	rp, wp, _ := os.Pipe()
-	os.Stdout = wp
-
-	r.oldStdout = old
-	r.wPipe = wp
-	r.rPipe = rp
-}
-
-func (r *run) end() string {
-	r.wPipe.Close()
-	os.Stdout = r.oldStdout
-
-	var buf bytes.Buffer
-	if _, err := io.Copy(&buf, r.rPipe); err != nil {
-		panic(err)
-	}
-	s := buf.String()
-
-	r.oldStdout = nil
-	r.wPipe = nil
-	r.rPipe = nil
-	return s
-}
-
-func extract(lines string) ([]string, []string, string, string, error) {
-	rsubject := regexp.MustCompile("^::set-output name=go-binary-name::(.*)$")
-	rcmd := regexp.MustCompile("^::set-output name=go-command::(.*)$")
-	renv := regexp.MustCompile("^::set-output name=go-env::(.*)$")
-	rwd := regexp.MustCompile("^::set-output name=go-working-dir::(.*)$")
+func extract(file *os.File) ([]string, []string, string, string, error) {
+	rsubject := regexp.MustCompile(`^go-binary-name=(.*)$`)
+	rcmd := regexp.MustCompile(`^go-command=(.*)$`)
+	renv := regexp.MustCompile(`^go-env=(.*)$`)
+	rwd := regexp.MustCompile(`^go-working-dir=(.*)$`)
 	var subject string
 	var scmd string
 	var senv string
 	var wd string
 
-	scanner := bufio.NewScanner(bytes.NewReader([]byte(lines)))
+	scanner := bufio.NewScanner(file)
 	for scanner.Scan() {
 		n := rsubject.FindStringSubmatch(scanner.Text())
 		if len(n) > 1 {

@@ -23,6 +23,7 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/slsa-framework/slsa-github-generator/github"
 	"github.com/slsa-framework/slsa-github-generator/internal/runner"
 	"github.com/slsa-framework/slsa-github-generator/internal/utils"
 )
@@ -152,16 +153,16 @@ func (b *GoBuild) Run(dry bool) error {
 		}
 
 		// Share the resolved name of the binary.
-		fmt.Printf("::set-output name=go-binary-name::%s\n", filename)
+		github.SetOutput("go-binary-name", filename)
 
 		// Share the command used.
-		fmt.Printf("::set-output name=go-command::%s\n", command)
+		github.SetOutput("go-command", command)
 
 		// Share the env variables used.
-		fmt.Printf("::set-output name=go-env::%s\n", menv)
+		github.SetOutput("go-env", menv)
 
 		// Share working directory necessary for issuing the vendoring command.
-		fmt.Printf("::set-output name=go-working-dir::%s\n", dir)
+		github.SetOutput("go-working-dir", dir)
 		return nil
 	}