Release 2.273.5

Merge 'main' into release branch
Release notes for 2.273.5 (#734 )
2025-12-10 12:36:23 +00:00 · 2020-10-02 11:59:24 -04:00 · 2020-10-02 11:51:54 -04:00 · 2020-10-02 11:49:49 -04:00 · 2020-10-02 11:34:37 -04:00 · 2020-09-17 15:11:12 -04:00
6 changed files with 78 additions and 3 deletions
--- a/releaseNote.md
+++ b/releaseNote.md
@@ -1,5 +1,6 @@
 ## Features
-  - Allow registry credentials for job/service containers (#694) 
+  - Expose retention days in env for toolkit/artifacts package (#714)
+  - Notify on unsecure commands (#731)

 ## Bugs
  - N/A
--- a/2
+++ b/2
@@ -1 +1 @@
-2.273.4
+2.273.5
--- a/src/Runner.Common/Constants.cs
+++ b/src/Runner.Common/Constants.cs
@@ -140,6 +140,9 @@ namespace GitHub.Runner.Common

            public static readonly string InternalTelemetryIssueDataKey = "_internal_telemetry";
            public static readonly string WorkerCrash = "WORKER_CRASH";
+            public static readonly string UnsupportedCommand = "UNSUPPORTED_COMMAND";
+            public static readonly string UnsupportedCommandMessage = "The `{0}` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/";
+            public static readonly string UnsupportedCommandMessageDisabled = "The `{0}` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/";
        }

        public static class RunnerEvent
@@ -198,6 +201,7 @@ namespace GitHub.Runner.Common
                //
                // Keep alphabetical
                //
+                public static readonly string AllowUnsupportedCommands = "ACTIONS_ALLOW_UNSECURE_COMMANDS";
                public static readonly string RunnerDebug = "ACTIONS_RUNNER_DEBUG";
                public static readonly string StepDebug = "ACTIONS_STEP_DEBUG";
            }
--- a/src/Runner.Worker/ActionCommandManager.cs
+++ b/src/Runner.Worker/ActionCommandManager.cs
@@ -1,4 +1,5 @@
 using GitHub.DistributedTask.Pipelines;
+using GitHub.DistributedTask.Pipelines.ContextData;
 using GitHub.DistributedTask.WebApi;
 using GitHub.Runner.Common.Util;
 using GitHub.Runner.Worker.Container;
@@ -183,6 +184,40 @@ namespace GitHub.Runner.Worker

        public void ProcessCommand(IExecutionContext context, string line, ActionCommand command, ContainerInfo container)
        {
+            var configurationStore = HostContext.GetService<IConfigurationStore>();
+            var isHostedServer = configurationStore.GetSettings().IsHostedServer;
+            
+            var allowUnsecureCommands = false;
+            bool.TryParse(Environment.GetEnvironmentVariable(Constants.Variables.Actions.AllowUnsupportedCommands), out allowUnsecureCommands);
+
+            // Apply environment from env context, env context contains job level env and action's env block
+#if OS_WINDOWS
+            var envContext = context.ExpressionValues["env"] as DictionaryContextData;
+#else
+            var envContext = context.ExpressionValues["env"] as CaseSensitiveDictionaryContextData;
+#endif
+            if (!allowUnsecureCommands && envContext.ContainsKey(Constants.Variables.Actions.AllowUnsupportedCommands))
+            {
+                bool.TryParse(envContext[Constants.Variables.Actions.AllowUnsupportedCommands].ToString(), out allowUnsecureCommands);
+            }
+
+            // TODO: Eventually remove isHostedServer and apply this to dotcom customers as well
+            if (!isHostedServer && !allowUnsecureCommands)
+            {
+                throw new Exception(String.Format(Constants.Runner.UnsupportedCommandMessageDisabled, this.Command));
+            }
+            else if (!allowUnsecureCommands)
+            {
+                // Log Telemetry and let user know they shouldn't do this
+                var issue = new Issue() 
+                { 
+                    Type = IssueType.Warning, 
+                    Message = String.Format(Constants.Runner.UnsupportedCommandMessage, this.Command)
+                };
+                issue.Data[Constants.Runner.InternalTelemetryIssueDataKey] = Constants.Runner.UnsupportedCommand;
+                context.AddIssue(issue);
+            }
+
            if (!command.Properties.TryGetValue(SetEnvCommandProperties.Name, out string envName) || string.IsNullOrEmpty(envName))
            {
                throw new Exception("Required field 'name' is missing in ##[set-env] command.");
@@ -282,6 +317,40 @@ namespace GitHub.Runner.Worker

        public void ProcessCommand(IExecutionContext context, string line, ActionCommand command, ContainerInfo container)
        {
+            var configurationStore = HostContext.GetService<IConfigurationStore>();
+            var isHostedServer = configurationStore.GetSettings().IsHostedServer;
+            
+            var allowUnsecureCommands = false;
+            bool.TryParse(Environment.GetEnvironmentVariable(Constants.Variables.Actions.AllowUnsupportedCommands), out allowUnsecureCommands);
+
+            // Apply environment from env context, env context contains job level env and action's env block
+#if OS_WINDOWS
+            var envContext = context.ExpressionValues["env"] as DictionaryContextData;
+#else
+            var envContext = context.ExpressionValues["env"] as CaseSensitiveDictionaryContextData;
+#endif
+            if (!allowUnsecureCommands && envContext.ContainsKey(Constants.Variables.Actions.AllowUnsupportedCommands))
+            {
+                bool.TryParse(envContext[Constants.Variables.Actions.AllowUnsupportedCommands].ToString(), out allowUnsecureCommands);
+            }
+
+            // TODO: Eventually remove isHostedServer and apply this to dotcom customers as well
+            if (!isHostedServer && !allowUnsecureCommands)
+            {
+                throw new Exception(String.Format(Constants.Runner.UnsupportedCommandMessageDisabled, this.Command));
+            }
+            else if (!allowUnsecureCommands)
+            {
+                // Log Telemetry and let user know they shouldn't do this
+                var issue = new Issue() 
+                { 
+                    Type = IssueType.Warning, 
+                    Message = String.Format(Constants.Runner.UnsupportedCommandMessage, this.Command)
+                };
+                issue.Data[Constants.Runner.InternalTelemetryIssueDataKey] = Constants.Runner.UnsupportedCommand;
+                context.AddIssue(issue);
+            }
+
            ArgUtil.NotNullOrEmpty(command.Data, "path");
            context.Global.PrependPath.RemoveAll(x => string.Equals(x, command.Data, StringComparison.CurrentCulture));
            context.Global.PrependPath.Add(command.Data);
--- a/src/Runner.Worker/GitHubContext.cs
+++ b/src/Runner.Worker/GitHubContext.cs
@@ -23,6 +23,7 @@ namespace GitHub.Runner.Worker
            "ref",
            "repository",
            "repository_owner",
+            "retention_days",
            "run_id",
            "run_number",
            "server_url",
--- a/src/runnerversion
+++ b/src/runnerversion
@@ -1 +1 @@
-2.273.4
+2.273.5
Author	SHA1	Message	Date
Thomas Boop	a79bab4b3c	Release 2.273.5	2020-10-02 11:59:24 -04:00
Thomas Boop	ff8e9f49de	Merge 'main' into release branch	2020-10-02 11:51:54 -04:00
Thomas Boop	c18c8746db	Release notes for 2.273.5 (#734 )	2020-10-02 11:49:49 -04:00
Thomas Boop	6332a52d76	Notify on unsecure commands (#731 ) * notify on unsecure commands	2020-10-02 11:34:37 -04:00
Yang Cao	8bb588bb69	Expose retention days in env for toolkit/artifacts package (#714 )	2020-09-17 15:11:12 -04:00
David Kale	4510f69c73	Prepare 273.4 release	2020-09-17 18:19:42 +00:00
@@ -1 +1 @@
 .273.4
 .273.5