CI: Fix CVE-2020-15228 in GitHub Actions (#6004)

* CI: Fix CVE-2020-15228 in GitHub Actions Fixes the CVE-2020-15228 security issue in GitHub Actions: > `add-path` and `set-env` Runner commands are processed via stdout set-env was used twice, which is now replaced by >> $GITHUB_ENV - Issue: https://github.com/actions/toolkit/security/advisories/GHSA-mfwh-5m23-j46w - Solution: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable) * CI: Specify installing libsigc++ v2.x in GitHub Actions Version 3 of libsigc++ was automatically installed. This commit fixates the version brew installs to 2.x. Should fix #6002 * CI: Use v2 checkout and upload-artifact actions Also replaces macos-10.15 with macos-latest as runner. Currently is references the same environment (macOS 10.15), but this way it will update to macOS 11.0 when it's ready and stable.
2020-11-22 07:22:53 +01:00 · 2020-11-22 07:22:53 +01:00 · 0367d31403
commit 0367d31403
parent e635030650
1 changed files with 6 additions and 6 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -14,16 +14,16 @@ on:
      - created
 jobs:
  build:
-    runs-on: macos-10.15
+    runs-on: macos-latest
    steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
      - name: Install dependencies
        run: |
           date -u
           mkdir build
           date +%s > build/stamp
           brew uninstall --ignore-dependencies libtiff
-           brew install libtiff gtk+3 gtkmm3 gtk-mac-integration adwaita-icon-theme libsigc++ little-cms2 libiptcdata fftw lensfun expat pkgconfig libomp shared-mime-info | tee -a depslog
+           brew install libtiff gtk+3 gtkmm3 gtk-mac-integration adwaita-icon-theme libsigc++@2 little-cms2 libiptcdata fftw lensfun expat pkgconfig libomp shared-mime-info | tee -a depslog
           date -u
           echo "----====Pourage====----"
           cat depslog | grep Pouring
@ -82,11 +82,11 @@ jobs:
          echo "=== artifact: ${ARTIFACT}"
          # defining environment variables for next step as per
          # https://github.com/actions/starter-workflows/issues/68
-          echo "::set-env name=ARTIFACT_PATH::${GITHUB_WORKSPACE}/build/${ARTIFACT}"
-          echo "::set-env name=ARTIFACT_FILE::${ARTIFACT}"
+          echo "ARTIFACT_PATH=${GITHUB_WORKSPACE}/build/${ARTIFACT}" >> $GITHUB_ENV
+          echo "ARTIFACT_FILE=${ARTIFACT}" >> $GITHUB_ENV
          zsh -c 'echo "Bundled in $(printf "%0.2f" $(($[$(date +%s)-$(cat bundlestamp)]/$((60.))))) minutes"'
          exit
-      - uses: actions/upload-artifact@v1
+      - uses: actions/upload-artifact@v2
        with:
          name: ${{env.ARTIFACT_FILE}}
          path: ${{env.ARTIFACT_PATH}}