GitHub Actions "set-env command is disabled for security"
The "::set-env::" workflow command was disabled because it allowed untrusted output to inject environment variables. Steps still using it fail to set env, and later steps see unset variables.
What this error means
An environment variable set via ::set-env:: is empty in later steps, which fail or behave as if the variable was never assigned.
github-actions
Error: Unable to process command '::set-env name=FOO::bar' successfully.
Error: The `set-env` command is disabled. Please upgrade to using Environment Files.Common causes
Legacy ::set-env:: still in use
A step echoes "::set-env name=...::", which is rejected by the runner for security reasons.
How to fix it
Write to GITHUB_ENV instead
- Replace "::set-env name=FOO::bar" with "echo \"FOO=bar\" >> $GITHUB_ENV".
- For multiline values use the heredoc delimiter form.
- Re-run and confirm later steps see the variable.
.github/workflows/ci.yml
- run: echo "FOO=bar" >> "${GITHUB_ENV}"
- run: echo "FOO is ${FOO}"How to prevent it
- Use GITHUB_ENV environment files for all variable assignments.
- Never trust untrusted output to set env; validate before writing.
Related guides
GitHub Actions "set-output command is deprecated and disabled"Fix the GitHub Actions error where the legacy "::set-output::" workflow command no longer sets step outputs a…
GitHub Actions "add-path command is deprecated and disabled"Fix the GitHub Actions error where the legacy "::add-path::" workflow command no longer updates PATH and must…
GitHub Actions env var with a newline breaks GITHUB_ENV parsingFix the GitHub Actions error where writing a multiline value to GITHUB_ENV with a single-line syntax corrupts…