Setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION only works at workflow (not job/step) level

[MPV]

Describe the bug

To Reproduce
Steps to reproduce the behavior:

1. Use an action that fails on node20 but works on node16
2. Set the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true at the jobs.<job_id>.steps[*].env step level
3. Run workflow

Expected behavior
While the blog post on the matter says:

To opt out of this and continue using Node16 while it is still available in the runner, you can choose to set ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true as an ‘env’ in their workflow or as an environment variable on your runner machine.

...it would make a lot more sense to just pick the older node version for just the steps (actions) that actually require it, so one can run this compatibility mode only for those single actions that actually require it (and keep it clear to maintainers and not obscure any other actions in the same workflow that may be added at a later time but also still require an upgrade).

Runner Version and Platform

Version of your runner? 2.317.0

OS of the machine running the runner? Linux

What's not working?

Seeing step output mentioning Node.js v20.13.1 when setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION at the jobs.<job_id>.steps[*].env step level.

...until I set ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION at the env workflow level.

[MPV]

If it helps, I suspect this is the related code:

runner/src/Runner.Worker/JobRunner.cs

Lines 293 to 297 in 70746ff

	if (jobContext.Global.Variables.TryGetValue(Constants.Runner.EnforcedNode16DetectedAfterEndOfLifeEnvVariable, out var node20ForceWarnings) && (jobContext.Global.Variables.GetBoolean("DistributedTask.ForceGithubJavascriptActionsToNode20") ?? false))
	{
	var actions = string.Join(", ", StringUtil.ConvertFromJson<HashSet<string>>(node20ForceWarnings));
	jobContext.Warning(string.Format(Constants.Runner.EnforcedNode16DetectedAfterEndOfLife, actions));
	}

[SirSaunders]

We are getting the same issues as of yesterday, it seems to be effecting a lot of people since yesterday.

Just a couple I stumbled upon:
actions/checkout#1590
arenadata/gpdb#986
#3373
actions/checkout#1809

[SirSaunders]

If you do not want to update ALL the steps and workflow yamls you can add an env var on the runner. I did the following

cd actions-runner && echo "ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true" >> .env

Note: action-runner is the name of the folder I unpacked my runner to when I first set it up, yours may be named differently. The .env loads all the env var for the runner from there.

Ref the github actions doc here: https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/using-a-proxy-server-with-self-hosted-runners#using-a-env-file-to-set-the-proxy-configuration

[nebuk89]

Given that SirSaunders has proposed a way to add the envVar onto the runner, I am going to close this for now. It would be great if we could make this more granular but right now this isn't a priority for us :(