1
0
Commit Graph

503 Commits

Author SHA1 Message Date
Bruno Borges 6c4d4a5025 feat: suppress Maven transfer progress via MAVEN_ARGS by default (add show-download-progress input) (#1053)
* feat: suppress Maven transfer progress via MAVEN_ARGS by default

Set MAVEN_ARGS to include -ntp (--no-transfer-progress) so Maven invocations
in the job produce cleaner CI logs without download/transfer progress noise.
Add a new optional 'show-download-progress' input (default false); set it to
true to keep the progress output.

The change preserves any existing MAVEN_ARGS value (the flag is appended,
not overwritten) and is idempotent (it won't add the flag twice if -ntp or
--no-transfer-progress is already present). Applies on all platforms; honored
by Maven 3.9.0+ and the Maven Wrapper, and is a no-op for non-Maven builds.

- action.yml: add show-download-progress input
- src/constants.ts: add input + MAVEN_ARGS constants
- src/maven-args.ts: new configureMavenArgs()
- src/setup-java.ts: invoke configureMavenArgs() during setup
- __tests__/maven-args.test.ts: unit tests
- docs/advanced-usage.md: document the behavior and input
- dist: rebuild bundled action

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Update generated dist for Maven args log change

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-07-02 17:12:50 -04:00
Copilot 324b33387d Fix arm64 e2e workflow tests mislabeled as x64 (#1073)
* Initial plan

* Fix mislabeled arch in e2e workflow job names for Apple silicon runners

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-07-02 15:30:53 -04:00
jmjaffe37 2e73c8f8cd Updated jetbrains test: https.request() now catches errors. This fixes leaking tests as well (#1070)
* Updated jetbrains https.request command to catch errors. This fixes leaking tests as well

* Removed deprecated lines from pre-commit and pre-push

* added suggestion from PR feedback
2026-07-02 15:01:00 -04:00
John b150355f04 feat: Add verify-signature plumbing and Temurin+Microsoft verification support (#1060)
* Add verify-signature plumbing and Temurin verification support

* Rebuild dist after signature verification changes

* Refine signature verification errors and regenerate dist

* refactor: make gpg.ts generic, move Adoptium-specific constant to temurin distribution

* fix: mock renameWinArchive in temurin tests and add signature e2e job

* refactor: bundle Adoptium public key, replace keyserver lookup with local import

* feat: add verify-signature-public-key input to allow custom GPG key override

* refactor: extract Adoptium public key to adoptium-key.ts; tighten gpg.ts cleanup scope

* Add verify-signature plumbing and Temurin verification support

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Add Microsoft signature verification support

* Regenerate dist bundles for Microsoft signature checks

* Harden Microsoft signature URL handling

* Add setup-java-microsoft-signature-verification e2e job

* chore: regenerate dist files

* Fix e2e-versions: remove duplicate job, update signature jobs to checkout@v7 with env vars

* Fix Prettier formatting in test files

* fix: mock renameWinArchive in microsoft-installer tests to fix Windows CI failure

* fix: use --homedir flag instead of GNUPGHOME env var for Windows GPG compatibility

The Git-bundled GPG on Windows (MSYS2-based) does not automatically convert
Windows-style paths in environment variables like GNUPGHOME. This caused GPG
to fail with exit code 2 when verifying Microsoft JDK signatures on Windows,
because the GNUPGHOME path (D:\a\_temp\...) was not recognized as a valid
POSIX path.

Fix: pass --homedir as an explicit command-line argument to both gpg --import
and gpg --verify. MSYS2 does correctly convert Windows paths in command-line
arguments, so this approach works reliably on Windows, Linux, and macOS.

* fix: convert Windows paths to POSIX format for MSYS2 GPG on Windows

The Git-bundled GPG on Windows (C:\Program Files\Git\usr\bin\gpg.exe) is
an MSYS2-based binary that uses POSIX path conventions internally. When
Windows-style paths with backslashes and drive letters (D:\a\_temp\...)
are passed as arguments, GPG may fail to resolve them correctly, resulting
in a fatal error (exit code 2).

Fix: add a toGpgPath() helper that converts Windows paths to MSYS2 POSIX
format (/d/a/_temp/...) before passing them to any gpg command. On Linux
and macOS the helper is a no-op.

Applied to all four paths used in verifyPackageSignature:
- gpgHome (--homedir argument)
- publicKeyFile (--import argument)
- signaturePath (--verify signature argument)
- archivePath (--verify data argument)

* Fix gpg test formatting

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-06-29 13:19:49 +01:00
dependabot[bot] e9339ddc84 Bump @typescript-eslint/parser from 8.61.1 to 8.62.0 (#1062)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.61.1 to 8.62.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-29 09:13:56 +01:00
dependabot[bot] bf1fac860b Bump actions/setup-python from 5 to 6 (#1067)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-29 09:13:25 +01:00
dependabot[bot] aff09c2230 Bump actions/checkout from 6 to 7 (#1068)
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-29 09:12:58 +01:00
dependabot[bot] c5f2f2ea96 Bump github/codeql-action from 3 to 4 (#1069)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-29 09:12:17 +01:00
Bruno Borges 623c707d77 chore: enforce pre-PR validation (aggregate scripts, git hooks, PR checklist) (#1061)
* chore: enforce pre-PR validation with aggregate scripts, git hooks, and PR checklist

Add tooling to help contributors run the same checks as CI before
submitting a pull request, reducing avoidable format/lint/build failures.

- Add aggregate npm scripts:
  - `npm run check` runs format-check + lint + build + test (mirrors CI)
  - `npm run fix` runs format + lint:fix + build
- Add husky + lint-staged git hooks (installed via `npm install`):
  - pre-commit formats and lints staged files
  - pre-push rebuilds dist/ and runs the test suite
- Add a checklist item to the PR template prompting contributors to run
  `npm run check` locally
- Document the aggregate scripts and hooks in docs/contributors.md

dist/ is intentionally not auto-committed by CI to avoid pwn-request
security risks; the existing `Check dist/` workflow continues to verify it.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-26 08:07:16 +01:00
Bruno Borges 1bcf9fb12c dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#1059)
- installer: surface a clear error when the GraalVM Community releases
  listing is not a JSON array, instead of silently treating an error
  payload (rate limit, auth failure, etc.) as "no releases" which later
  surfaced as a misleading "version not found" error.
- docs: fix the GraalVM Community advanced-usage example to check the
  installed binary versions (java/native-image --version) rather than
  running a non-existent HelloWorldApp classpath that fails when copied.
- tests: cover the new non-array release listing error path.

Rebuilt dist bundle.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
v5 v5.4.0
2026-06-23 13:37:44 -04:00
Bruno Borges fa2c6508d1 docs: note jdkfile approach for Early Access / unreleased JDK builds (#1058)
* docs: note jdkfile approach for Early Access / unreleased JDK builds

Clarify in advanced-usage that the existing 'jdkfile' distribution can be
used to install Early Access (EA) or other unreleased JDK builds not
provided directly by setup-java, by downloading the archive in a prior
step and pointing jdkFile at it. Adds a concrete EA example.

Addresses #612.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-23 13:23:45 -04:00
Copilot 1d56e31dbb dist: Add GraalVM Community distribution support (#1042)
* Initial plan

* feat: add graalvm community distribution support

* build: update bundled dist for graalvm community support

* chore: address GraalVM community review feedback

* fix: tidy graalvm community validation follow-ups

* refactor: simplify GraalVM Community release resolution

* refactor: address review feedback on Community resolver

* refactor: rename pagination index for clarity

* test: fix graalvm installer test formatting

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-06-23 13:19:27 -04:00
Bruno Borges 1d25252804 chore: Harden workflows: least-privilege permissions + zizmor integration (#1039)
* Harden workflows with least-privilege permissions and zizmor

Apply GitHub Actions security best practices to the action's own
workflows and integrate zizmor to catch regressions.

- Add explicit least-privilege `permissions:` to every workflow
  (contents: read for read-only workflows; default-deny `{}` with
  job-scoped grants for codeql, publish-immutable-actions and
  update-config-files).
- Set `persist-credentials: false` on all checkout steps that don't
  need the GITHUB_TOKEN afterwards.
- Move `${{ ... }}` expansions out of `run:` blocks into `env:` vars
  to avoid template injection.
- Pin the alpine container image (alpine:latest -> alpine:3.21).
- Add a zizmor CI workflow that uploads SARIF to code scanning, plus a
  `.github/zizmor.yml` pinning policy (ref-pin for actions/* and
  github/*, hash-pin for third-party actions).

zizmor now reports no findings (offline and online).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Fix indentation of if: in zizmor SARIF upload step

The `if:` key on the "Upload SARIF results to code scanning" step had no
indentation, producing invalid YAML ("Nested mappings are not allowed in
compact mappings"). This broke `npm run format-check` (prettier) in Basic
validation.

Indent `if:` to 8 spaces so it nests under the step alongside uses/with.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-23 18:10:17 +01:00
Bruno Borges 668c1ea991 docs: add post-install keytool import for the JDK cacerts trust store (#1051)
Document how to make the installed JDK trust an internal CA at application
runtime by importing it into $JAVA_HOME/lib/security/cacerts with keytool
after setup-java runs. Clarifies this is the runtime trust layer, distinct
from the download/transport layer (NODE_EXTRA_CA_CERTS), and notes hosted vs
self-hosted persistence caveats.

Refs #640 #1035

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 21:59:01 -04:00
Bruno Borges a9a46fbe09 docs: document self-signed certificate / internal CA handling for GitHub Enterprise (#1050)
Adds an advanced-usage section explaining the 'self signed certificate in
certificate chain' error seen on GitHub Enterprise Server and behind
TLS-inspecting proxies. Recommends the secure fix of trusting the internal
CA via NODE_EXTRA_CA_CERTS (or the OS trust store on self-hosted runners),
with a GitHub Enterprise callout, and warns against disabling TLS
verification since the JDK download has no checksum fallback.

Refs #640

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 21:51:01 -04:00
Copilot 5431e71f9a docs: add JavaFX Maven project configuration instructions (#1044)
* Initial plan

* docs: add JavaFX Maven project configuration instructions

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-06-22 18:04:38 -04:00
Copilot 4baa9b45d2 docs: replace non-existent HelloWorldApp references with java --version (#1043)
* Initial plan

* docs: replace HelloWorldApp references with java --version in README and advanced-usage

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-06-22 17:59:24 -04:00
dependabot[bot] eab4b0854d Bump @types/node from 25.9.3 to 26.0.0 (#1031)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.9.3 to 26.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 26.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-06-22 17:16:03 -04:00
dependabot[bot] bf0c0e6df3 Bump actions/checkout from 6 to 7 (#1032)
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-06-22 17:15:27 -04:00
Milos Pantic 92163d3dc6 Templates for new Java distributions (#429)
* Add templates for new Java distributions

* Update new pull request template

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Address PR #429 review suggestions

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 17:11:20 -04:00
Stephan Abel 679e4e46a7 docs: enhance custom jdk file installation (#996)
* docs: enhance custom jdk file installation

* Update jdkFile note for case sensitivity

Clarify that 'distribution' must be set to 'jdkfile' in lowercase when using jdkFile input.

---------

Co-authored-by: Bruno Borges <brborges@microsoft.com>
Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
2026-06-22 17:10:15 -04:00
Bruno Borges 525097081d Update undici artifacts to 6.27.0 (license cache + dist) (#1040)
* Update undici license cache to 6.27.0

The Licensed check failed because the cached license record for undici
was pinned to 6.24.1 while the installed dependency is 6.27.0, causing
"license: mit, allowed: false" / source enumeration errors.

Regenerate the cached record with `licensed cache` so it matches the
installed version. `licensed status` now reports 0 errors.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Rebuild dist with undici 6.27.0

The committed dist/ bundle was built with undici 6.24.1, but the
lockfile resolves undici 6.27.0. The check-dist workflow rebuilds the
bundle and detected this drift (uncommitted changes after build).

Rebuild dist/setup and dist/cleanup with `npm run build` so the
committed bundle matches the installed undici 6.27.0, aligning with the
license cache update in this PR.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 16:43:17 -04:00
Copilot c09b25f3e7 Clarify README version syntax and migration guidance (#1038)
* Initial plan

* Clarify README version guidance

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-06-22 16:38:14 -04:00
Trass3r dc8e16ad37 add javac problem matcher (#562)
* add javac problemMatcher

* fix spaces

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-22 16:37:47 -04:00
Bruno Borges 3d27da4ac1 Update contributor guide with emoji for clarity (#1028) 2026-06-22 16:21:54 -04:00
dependabot[bot] cefdecda46 Bump undici from 6.24.1 to 6.27.0 (#1033)
Bumps [undici](https://github.com/nodejs/undici) from 6.24.1 to 6.27.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.24.1...v6.27.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
2026-06-22 13:07:33 -04:00
Markus Hoffrogge 347226bb3b Update README.md - use "alert syntax for Markdown" for notes (#924) 2026-06-22 11:58:00 -04:00
alexander 5866e121b4 feat: add microsoft openjdk 17.0.18 (#1002)
* feat: add microsoft openjdk 17.0.18

* fix: correct url microsoft-jdk-17.0.10-macos-x64
2026-06-22 11:56:08 -04:00
Kranthi Poturaju 2872526dc6 docs(action): fix missing required or default fields (#1007)
- Add required: false to java-version, java-version-file, job-status, and token, which had defaults or were optional but lacked the explicit flag
- Add default: '' to gpg-private-key to match its stated description
- Fix java-version-file description: the input accepts .java-version, .tool-versions, and .sdkmanrc, not only .java-version
- Fix gpg-passphrase description: GPG_PASSPHRASE is only defaulted when gpg-private-key is provided, not unconditionally

Co-authored-by: Kranthi Poturaju <Kranthi.Poturaju1@aexp.com>
Co-authored-by: Panuganti Saketh <sakethpanuganti@gmail.com>
Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
2026-06-22 11:17:16 -04:00
Robert Stoll bb8b13a4a5 add link to advanced configuration for JetBrains (#850) 2026-06-22 11:13:36 -04:00
Josh Soref 957ad8b43e Spelling (#713)
* spelling: aarch

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: cannot

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: guaranteed

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: its

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: macos

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: on the fly

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: warn/fail

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* link: more information about ADRs

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* link: Distribution / Official site

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* link: License

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

---------

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
2026-06-22 10:57:54 -04:00
mahabaleshwars ce7f9ce621 Add Maven Wrapper cache feature (#1027)
* add Maven Wrapper distribution caching

* update test case

---------

Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
2026-06-22 09:45:18 -05:00
Jason Ginchereau 6e9017e125 Bump @actions/cache to 5.1.0, handle cache write denied (#1026) 2026-06-22 09:16:01 +01:00
Sean Proctor baa1691374 fix: reject non-semver candidate versions in isVersionSatisfies (#1009)
Distributions like JetBrains Runtime publish 4-segment versions such as
'17.0.8.1+1080.1' that the semver package rejects. Both compareBuild and
satisfies throw on these, which surfaced to users as "Error: Invalid
Version: 17.0.8.1+1080.1" and aborted the whole install when any
available version was non-semver. Guard with an early semver.valid check
so unparseable versions are treated as a non-match.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-17 22:47:02 -05:00
George Adams bc52a13212 fix CodeQL permissions (#1025) 2026-06-17 07:58:23 -07:00
Josh Soref c9b6aee07e Fix codeql workflow permissions (#993)
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2026-06-17 07:52:02 -07:00
dependabot[bot] f300429fba Bump @typescript-eslint/parser from 8.48.0 to 8.61.1 (#1021)
* Bump @typescript-eslint/parser from 8.48.0 to 8.61.1

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.48.0 to 8.61.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.61.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* run licensed and update dist

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Adams <georgeadams1995@gmail.com>
2026-06-16 15:12:38 -07:00
dependabot[bot] ad2b38190b Bump @vercel/ncc from 0.38.1 to 0.44.0 (#1018)
* Bump @vercel/ncc from 0.38.1 to 0.44.0

Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.44.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.1...0.44.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-version: 0.44.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* recompile dist

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Adams <georgeadams1995@gmail.com>
v5.3.0
2026-06-16 09:37:47 +02:00
John b24df5bba5 Make the Adoptopenjdk package type look at the Temurin repo first for latest assets (#522)
* Make the Adoptopenjdk package type look at the Temurin repo first for latest assets

* Address Copilot code review comments

- Use strict equality (===, !==) instead of loose equality (==, !=) for all comparisons
- Properly handle caught errors with instanceof type narrowing before accessing properties
- Only fall back to legacy AdoptOpenJDK for specific version-not-found errors
- Rethrow unexpected errors to avoid masking real issues (network failures, rate limits, etc.)
- Fix error message check to match actual error text ('No matching version found')
- Remove unnecessary undefined check since method return type is never undefined
- Add @internal JSDoc annotation to TemurinDistribution.findPackageForDownload()
- Update tests to properly mock Temurin lookup failures for fallback behavior testing
- Rebuild dist files

* Always fall back to legacy AdoptOpenJDK but log all Temurin failures

- Change error handling to gracefully fall back for all errors, not just version-not-found
- Log version-not-found errors as notices with migration guidance
- Log other Temurin failures as debug messages for troubleshooting
- Improves resilience: users always get a result even if Temurin API has issues
- Maintains visibility: failures are still logged for debugging

* Fixes from review

* Fixes from review

* Fixes from review

* Regenerate dist
2026-06-12 16:30:59 +01:00
John 43120bc3c3 Implement pagination with link headers for Adoptium based apis (#1014)
* Use Link headers for Adoptium pagination

* Fix nullable pagination URL types and rebuild dist

* Add 1000-page safeguard for JetBrains pagination

* Adjust plan for pagination safeguard scope

* Move pagination safeguard to non-JetBrains installers

* Add 1000-page safeguard to Adopt Temurin and Semeru pagination

* Fix Prettier formatting in adopt, semeru, and temurin installer files

* Fix CI audit failure by updating vulnerable transitive deps

* Address PR review: RFC-compliant Link parsing, SSRF validation, centralized constant

- Make getNextPageUrlFromLinkHeader RFC 8288 compliant by splitting
  link-values and checking for rel=next anywhere in the parameters,
  not just as the first parameter after the semicolon.
- Add validatePaginationUrl utility to reject pagination URLs that
  point to unexpected origins (SSRF mitigation).
- Centralize MAX_PAGINATION_PAGES in util.ts instead of duplicating
  across Adopt, Semeru, and Temurin installers.
- Add tests for rel not being the first parameter, and for URL
  origin validation.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address code review feedback on pagination implementation

- Tighten rel regex with word boundary to prevent false positives
  (e.g., rel="nextsomething" no longer matches).
- Use parsed.origin comparison in validatePaginationUrl to correctly
  handle explicit default ports (e.g., :443 for HTTPS).
- Fix pagination safeguard tests to use same-origin URLs so they
  actually exercise the 1000-page limit instead of being rejected
  by origin validation on the first request.
- Add test for rel="nextsomething" not matching.
- Add test for explicit default port acceptance.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix prettier formatting in util.test.ts

* Rebuild dist/ to fix check-dist CI failure

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-12 11:50:16 +01:00
dependabot[bot] ad9d6a6320 Bump @types/node from 24.1.0 to 25.9.3 (#950)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.1.0 to 25.9.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-12 10:21:27 +01:00
dependabot[bot] 039af37997 Bump picomatch, @types/jest, jest, jest-circus and ts-jest (#1016)
* Bump picomatch, @types/jest, jest, jest-circus and ts-jest

Bumps [picomatch](https://github.com/micromatch/picomatch) to 4.0.4 and updates ancestor dependencies [picomatch](https://github.com/micromatch/picomatch), [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest), [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest), [jest-circus](https://github.com/jestjs/jest/tree/HEAD/packages/jest-circus) and [ts-jest](https://github.com/kulshekhar/ts-jest). These dependencies need to be updated together.


Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)

Updates `@types/jest` from 29.5.14 to 30.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Updates `jest` from 29.7.0 to 30.4.2
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest)

Updates `jest-circus` from 29.7.0 to 30.4.2
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest-circus)

Updates `ts-jest` from 29.3.0 to 29.4.11
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.3.0...v29.4.11)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-version: 30.0.0
  dependency-type: direct:development
- dependency-name: jest
  dependency-version: 30.4.2
  dependency-type: direct:development
- dependency-name: jest-circus
  dependency-version: 30.4.2
  dependency-type: direct:development
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
- dependency-name: ts-jest
  dependency-version: 29.4.11
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* run licensed and update dist

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Adams <georgeadams1995@gmail.com>
2026-06-12 10:05:41 +01:00
dependabot[bot] 1756ab6acd Bump eslint-config-prettier from 8.10.0 to 10.1.8 (#881)
Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 8.10.0 to 10.1.8.
- [Release notes](https://github.com/prettier/eslint-config-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/eslint-config-prettier/compare/v8.10.0...v10.1.8)

---
updated-dependencies:
- dependency-name: eslint-config-prettier
  dependency-version: 10.1.8
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-12 09:55:04 +01:00
dependabot[bot] 662bb59f48 Bump @typescript-eslint/eslint-plugin from 8.35.1 to 8.46.2 (#952)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.35.1 to 8.46.2.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.2/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.46.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-12 09:52:03 +01:00
George Adams 1071fc12d6 fix: resolve npm audit vulnerabilities in fast-xml-builder and fast-xml-parser (#1015)
* fix: update dependency license records and resolve npm audit vulnerabilities

- Bump fast-xml-builder 1.1.4 → 1.2.0 (GHSA-5wm8-gmm8-39j9)
- Bump fast-xml-parser 5.5.10 → 5.8.0 (GHSA-gh4j-gqv2-49f6)
- Bump strnum 2.2.3 → 2.4.0
- Bump path-expression-matcher 1.4.0 → 1.5.0
- Add license records for new deps @nodable/entities and xml-naming

* fix: add anynum license record and rebuild dist

* re-run licensed
2026-06-12 09:49:51 +01:00
George Adams 576b821f29 Merge pull request #674 from gdams/alpine
temurin: add support for Alpine Linux
2026-06-12 09:18:56 +01:00
mahabaleshwars 307d3a25a0 update readme for ubuntu sudo java_home behavior (#1013) 2026-06-08 11:34:56 -05:00
mahabaleshwars b622de1dfa Add Oracle JDK 17 licensing limitation note (#1001)
* note for oracle jdk17. in Readme.md

* docs: fix Oracle JDK 17 NOTE

* docs: fix duplicate NOTE prefix and improve Oracle JDK 17 license link phrasing in READMEn
2026-04-15 12:33:22 -05:00
Copilot c76542e033 chore: upgrade dependencies (@actions/core, cache, glob, http-client, tool-cache, xmlbuilder2) (#999)
* chore: upgrade dependencies and update license cache

Agent-Logs-Url: https://github.com/actions/setup-java/sessions/55ba1e4b-a515-4177-8a35-44bffa4ad0c0

Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com>

* chore: upgrade @actions/exec ^1.0.4→^2.0.0 and @actions/io ^1.0.2→^2.0.0

Agent-Logs-Url: https://github.com/actions/setup-java/sessions/8be3df50-f347-42da-9734-73f71bf89d40

Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com>
2026-04-15 12:30:24 -05:00
Chiranjib Swain 0756542bc5 Refactor error handling and improve test logging for installers (#989)
* Refactor error handling for version not found cases across multiple installers

* Mock core.error in tests to suppress error logs

* fix(graalvm): improve error messages for EA version not found scenarios

* refactor(tests): update error messages for version not found scenarios

* fix(graalvm): enhance error messages for version not found scenarios

* fix(graalvm): improve error messages for version not found scenarios with updated download URL

* fix(graalvm): improve error handling for EA version not found scenarios with clearer messages
2026-04-13 12:44:45 -05:00