Skip to content
Latchkey

GitHub Actions "set-env command is disabled for security"

The "::set-env::" workflow command was disabled because it allowed untrusted output to inject environment variables. Steps still using it fail to set env, and later steps see unset variables.

What this error means

An environment variable set via ::set-env:: is empty in later steps, which fail or behave as if the variable was never assigned.

github-actions
Error: Unable to process command '::set-env name=FOO::bar' successfully.
Error: The `set-env` command is disabled. Please upgrade to using Environment Files.

Common causes

Legacy ::set-env:: still in use

A step echoes "::set-env name=...::", which is rejected by the runner for security reasons.

How to fix it

Write to GITHUB_ENV instead

  1. Replace "::set-env name=FOO::bar" with "echo \"FOO=bar\" >> $GITHUB_ENV".
  2. For multiline values use the heredoc delimiter form.
  3. Re-run and confirm later steps see the variable.
.github/workflows/ci.yml
- run: echo "FOO=bar" >> "${GITHUB_ENV}"
- run: echo "FOO is ${FOO}"

How to prevent it

  • Use GITHUB_ENV environment files for all variable assignments.
  • Never trust untrusted output to set env; validate before writing.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →