Commit Graph

186 Commits

Author SHA1 Message Date
Bruno Borges
94eba1b8f5 graalvm-community: float latest to its own newest GA release
GraalVM Community publishes its releases on GitHub, so the `latest`
alias now matches against that real release list using the SemVer
wildcard instead of asking the Adoptium API for the newest GA major.
This prevents `latest` from hard-failing when GraalVM lags behind a
freshly released Java major (e.g. Adoptium reports 26 before GraalVM
ships it). Oracle GraalVM has no listing endpoint, so it keeps deriving
the newest major from Adoptium and errors clearly if that major is not
yet published.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-09 15:44:30 -04:00
Bruno Borges
71ee2e9aa6 Support pinning java-version as "latest"
Add a `latest` alias for the `java-version` input that floats to the newest
available stable (GA) release. It is normalized to the SemVer wildcard at the
base-installer layer and always resolves from remote (like `check-latest: true`).

List-based distributions resolve it automatically via the existing newest-first
matching. Corretto selects its newest available major; Oracle and GraalVM look up
the newest GA major via the Adoptium API and request it, failing with an actionable
error if that major isn't published yet. The jdkfile distribution rejects `latest`.

Closes #832

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-09 15:20:59 -04:00
Bruno Borges
f848fd1976 feat: expose cache-primary-key output (#597) (#1088)
* feat: expose cache-primary-key output (#597)

Expose the primary cache key computed by the caching logic as a new
`cache-primary-key` action output, so workflows can compose the built-in
setup-java cache key with actions/cache or actions/cache/restore across
steps and dependent jobs.

- src/cache.ts: set the `cache-primary-key` output in restore()
- action.yml: declare the new output
- README.md: document the new output
- __tests__/cache.test.ts: assert the output is set
- dist: rebuild

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* chore: rebuild dist

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-09 11:19:31 -04:00
Bruno Borges
4db08ef6bf Infer distribution from asdf .tool-versions vendor prefix (#1084)
* Infer distribution from asdf .tool-versions vendor prefix

asdf-java encodes the JDK vendor as a prefix on the version string in
.tool-versions (e.g. `java temurin-17.0.3+7`). Capture that prefix and
map it to a setup-java distribution, mirroring the existing .sdkmanrc
behavior. Unknown prefixes warn and fall back to the distribution input.

Fixes #1081

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-08 12:57:52 -04:00
Bruno Borges
7dbccc66ee Rename jdkFile input to jdk-file with deprecated alias (#1083)
* Rename jdkFile input to jdk-file with deprecated alias

Add a standardized `jdk-file` input to match the lowercase-dash naming
used by every other action input. The camelCase `jdkFile` input is kept
as a deprecated alias: it still works, but emits a deprecation warning and
may be removed in a future release. `jdk-file` takes precedence when both
are provided.

Updates docs and the local-file e2e workflow (one case intentionally keeps
using the deprecated alias for coverage) and regenerates the dist bundles.

Fixes #1077

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* docs: keep jdkFile in switching-to-v2 guide

The switching-to-v2 migration guide uses actions/setup-java@v2, which only supports the camelCase jdkFile input. Keep the new jdk-file spelling in current-version docs only.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-08 12:44:58 -04:00
Bruno Borges
8a3e8157a1 Map Zulu x86 architecture to i686 for Azul Metadata API (#1079)
The Azul Metadata API's `arch=x86` returns both 32-bit (i686) and 64-bit
(x64) packages. Because the two variants share identical java_version and
distro_version, setup-java cannot distinguish them and may resolve an
explicit `architecture: x86` request to a 64-bit JDK (and for Java 21+,
where 32-bit is dropped, x86 silently returns x64 instead of failing).

The legacy Zulu Discovery API used `arch=x86&hw_bitness=32` to target only
32-bit builds. The Metadata API exposes the equivalent via `arch=i686`,
which returns only genuine 32-bit builds with full version parity to the
old behavior. Map x86 -> i686 to restore correct 32-bit resolution.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-08 09:46:49 -04:00
Priya Gupta
f7121373a9 Migrate to ESM and upgrade dependencies (#1078)
* Migrate to ESM and upgrade dependencies

* fix: update import statement for JSON module in kona-installer test

---------

Co-authored-by: George Adams <georgeadams1995@gmail.com>
2026-07-08 10:15:00 +01:00
Copilot
2a07c83aea feat: add .mvn/extensions.xml to Maven cache key pattern (#1041)
* Initial plan

* feat: add .mvn/extensions.xml to Maven cache key pattern

Closes #990

Maven build extensions declared in `.mvn/extensions.xml` can introduce
additional plugin dependencies (e.g. lifecycle participants, custom
packaging types). Including this file in the cache key hash ensures that
changes to extensions — which affect what plugin JARs Maven downloads —
properly invalidate the cache, preventing stale caches from missing
newly-required plugin dependencies.

Changes:
- src/cache.ts: add `**/.mvn/extensions.xml` to Maven pattern array
- __tests__/cache.test.ts: update pattern expectations; add new test
- README.md: document the new file in the Maven cache key hash list

* test: update maven cache error test name for extensions.xml

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-07-08 10:07:54 +01:00
James Wald
d3530c1eb4 dist: Migrate from Zulu Discovery API to Azul Metadata API (#1010)
* Use Azul metadata API

* Document arm64 -> aarch64 mapping in README.md

* Paginate through all available versions

* Fix typo: win_aarhc4

* Only query for linux_glibc packages

* Add Zulu CRaC package support to metadata migration

Fold CRaC-related work into the Zulu metadata API migration by wiring crac_supported query handling, extending Zulu package docs, and updating installer tests for jdk+crac/jre+crac behavior.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Harden Zulu metadata pagination with safety cap

- Stop paginating on a short page to avoid an extra empty request
- Guard against undefined results (not just null)
- Cap iterations at 100 pages and warn if the limit is hit to
  prevent a runaway loop if the API misbehaves

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Preserve JDK build number from Azul Metadata API

The Azul Metadata API returns java_version as a 3-element array
(e.g. [17,0,7]) and reports the build number separately in
openjdk_build_number. The migration mapped version directly from
java_version, dropping the build and breaking exact-version lookups
like 17.0.7+7 (e2e failure: "No matching version found for SemVer").

Add openjdk_build_number to IZuluVersions and append it to
java_version before converting to semver so resolved versions retain
the build (e.g. 17.0.7+7). Update the zulu test fixtures to mirror the
real API shape (3-element java_version plus openjdk_build_number) so
unit tests exercise the actual response format, and rebuild dist.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Bruno Borges <brborges@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-08 10:00:43 +01:00
Lukasz
0f481fcb61 feat: Add distribution detection support to .sdkmanrc file (#975)
* feat: Add distribution detection support to .sdkmanrc file

Extends .sdkmanrc support to automatically detect Java distribution from SDKMAN identifiers (e.g., java=21.0.5-tem maps to temurin distribution).

Makes distribution input optional when using .sdkmanrc with distribution suffix.

* fix: align SDKMAN sem identifier mapping

* fix: support SDKMAN albba identifier

* docs: clarify sdkmanrc distribution inference scope

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add Tencent Kona SDKMAN mapping and format sdkmanrc docs as a table

- Map SDKMAN 'kona' identifier to the 'kona' distribution (added in #672)
- Add a .sdkmanrc test case for the kona suffix
- Convert the inline SDKMAN suffix mapping in advanced-usage.md to a table
- Rebuild dist bundles

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Bruno Borges <brborges@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
2026-07-07 14:49:12 -04:00
Guillaume Smet
6657b99340 feat: Add set-default option (#1017)
* Add set-default option

This option allows to install an additional JDK without making it the
default one.

I have wanted this for quite a long time as I'm running custom GitHub
Actions with Java, which might require a specific JDK and I don't want
to pollute the JDK that is used by the overall workflow calling the
action.
And I'm apparently not alone as there was a preexisting issue.

Fixes #560

* Dedupe setJavaDefault and document multi-version/toolchain behavior

- Refactor setJavaDefault to delegate shared output/env logic to
  setJavaEnvironment, avoiding duplication between the two.
- Document that set-default applies to all JDKs in a multiline
  java-version, and that installed JDKs remain registered in Maven
  toolchains regardless of set-default.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test: fix Prettier formatting in base-installer test

Resolves the failing 'Basic validation / build' format-check on
__tests__/distributors/base-installer.test.ts (line exceeded print width).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Bruno Borges <brborges@microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-07-07 12:38:57 -04:00
John Jiang
a50fdccef1 dist: Support Tencent Kona JDK (#672)
* Support Tencent Kona JDK (#672)

Signed-off-by: John Jiang <johnsjiang@tencent.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Address Copilot review feedback for Kona distribution

- Sort matching releases by semver descending so range versions (e.g. >=17) resolve to the newest matching Kona JDK instead of the lowest
- Rename downloaded archive on Windows before extraction (renameWinArchive) to avoid extraction failures
- Import semver for version sorting

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Signed-off-by: John Jiang <johnsjiang@tencent.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-07 11:00:40 -04:00
Nikolas Grottendieck
77ee41d00e fix: Maven Toolchains grows unexpectedly (#534)
* fix: Maven Toolchains grows unexpectedly

On self-hosted runners toolchains.xml may survive multiple runs and unexpectedly
grow as a result of the toolchains setup simply appending the JDK definition
even if one with the same `type` and `provides.id` already exists.

Restructuring the parsing step and filtering the potentially existing list of
toolchain definitions prevents this and also fixes toolchain.xml files that
already contain duplicates.

Fixes #530

* fix: guard toolchain dedup and preserve existing root attributes

Address reviewer feedback on the Maven toolchains dedup logic:

- Treat jdk toolchains without a string `provides.id` as non-deduplicatable
  and use optional access when comparing ids, so partially-formed or
  nonstandard toolchains.xml files no longer crash setup.
- Preserve the existing `<toolchains>` root attributes (xmlns,
  schemaLocation, …) when present, falling back to the 1.1.0 defaults only
  for attributes the existing file is missing. This avoids silently
  rewriting user-managed metadata or changing the effective namespace.

Adds tests covering custom root attributes and id-less jdk toolchains, and
rebuilds dist/.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Bruno Borges <brborges@microsoft.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
2026-07-07 00:01:31 -04:00
Copilot
733efaeaca feat: Disable interactiveMode in generated Maven settings.xml (#1052)
* Initial plan

* Add interactiveMode false to generated maven settings.xml

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-07-02 17:22:38 -04:00
Bruno Borges
6c4d4a5025 feat: suppress Maven transfer progress via MAVEN_ARGS by default (add show-download-progress input) (#1053)
* feat: suppress Maven transfer progress via MAVEN_ARGS by default

Set MAVEN_ARGS to include -ntp (--no-transfer-progress) so Maven invocations
in the job produce cleaner CI logs without download/transfer progress noise.
Add a new optional 'show-download-progress' input (default false); set it to
true to keep the progress output.

The change preserves any existing MAVEN_ARGS value (the flag is appended,
not overwritten) and is idempotent (it won't add the flag twice if -ntp or
--no-transfer-progress is already present). Applies on all platforms; honored
by Maven 3.9.0+ and the Maven Wrapper, and is a no-op for non-Maven builds.

- action.yml: add show-download-progress input
- src/constants.ts: add input + MAVEN_ARGS constants
- src/maven-args.ts: new configureMavenArgs()
- src/setup-java.ts: invoke configureMavenArgs() during setup
- __tests__/maven-args.test.ts: unit tests
- docs/advanced-usage.md: document the behavior and input
- dist: rebuild bundled action

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Update generated dist for Maven args log change

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-07-02 17:12:50 -04:00
John
b150355f04 feat: Add verify-signature plumbing and Temurin+Microsoft verification support (#1060)
* Add verify-signature plumbing and Temurin verification support

* Rebuild dist after signature verification changes

* Refine signature verification errors and regenerate dist

* refactor: make gpg.ts generic, move Adoptium-specific constant to temurin distribution

* fix: mock renameWinArchive in temurin tests and add signature e2e job

* refactor: bundle Adoptium public key, replace keyserver lookup with local import

* feat: add verify-signature-public-key input to allow custom GPG key override

* refactor: extract Adoptium public key to adoptium-key.ts; tighten gpg.ts cleanup scope

* Add verify-signature plumbing and Temurin verification support

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Add Microsoft signature verification support

* Regenerate dist bundles for Microsoft signature checks

* Harden Microsoft signature URL handling

* Add setup-java-microsoft-signature-verification e2e job

* chore: regenerate dist files

* Fix e2e-versions: remove duplicate job, update signature jobs to checkout@v7 with env vars

* Fix Prettier formatting in test files

* fix: mock renameWinArchive in microsoft-installer tests to fix Windows CI failure

* fix: use --homedir flag instead of GNUPGHOME env var for Windows GPG compatibility

The Git-bundled GPG on Windows (MSYS2-based) does not automatically convert
Windows-style paths in environment variables like GNUPGHOME. This caused GPG
to fail with exit code 2 when verifying Microsoft JDK signatures on Windows,
because the GNUPGHOME path (D:\a\_temp\...) was not recognized as a valid
POSIX path.

Fix: pass --homedir as an explicit command-line argument to both gpg --import
and gpg --verify. MSYS2 does correctly convert Windows paths in command-line
arguments, so this approach works reliably on Windows, Linux, and macOS.

* fix: convert Windows paths to POSIX format for MSYS2 GPG on Windows

The Git-bundled GPG on Windows (C:\Program Files\Git\usr\bin\gpg.exe) is
an MSYS2-based binary that uses POSIX path conventions internally. When
Windows-style paths with backslashes and drive letters (D:\a\_temp\...)
are passed as arguments, GPG may fail to resolve them correctly, resulting
in a fatal error (exit code 2).

Fix: add a toGpgPath() helper that converts Windows paths to MSYS2 POSIX
format (/d/a/_temp/...) before passing them to any gpg command. On Linux
and macOS the helper is a no-op.

Applied to all four paths used in verifyPackageSignature:
- gpgHome (--homedir argument)
- publicKeyFile (--import argument)
- signaturePath (--verify signature argument)
- archivePath (--verify data argument)

* Fix gpg test formatting

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-06-29 13:19:49 +01:00
Bruno Borges
1bcf9fb12c dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#1059)
- installer: surface a clear error when the GraalVM Community releases
  listing is not a JSON array, instead of silently treating an error
  payload (rate limit, auth failure, etc.) as "no releases" which later
  surfaced as a misleading "version not found" error.
- docs: fix the GraalVM Community advanced-usage example to check the
  installed binary versions (java/native-image --version) rather than
  running a non-existent HelloWorldApp classpath that fails when copied.
- tests: cover the new non-array release listing error path.

Rebuilt dist bundle.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-23 13:37:44 -04:00
Copilot
1d56e31dbb dist: Add GraalVM Community distribution support (#1042)
* Initial plan

* feat: add graalvm community distribution support

* build: update bundled dist for graalvm community support

* chore: address GraalVM community review feedback

* fix: tidy graalvm community validation follow-ups

* refactor: simplify GraalVM Community release resolution

* refactor: address review feedback on Community resolver

* refactor: rename pagination index for clarity

* test: fix graalvm installer test formatting

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-06-23 13:19:27 -04:00
Bruno Borges
525097081d Update undici artifacts to 6.27.0 (license cache + dist) (#1040)
* Update undici license cache to 6.27.0

The Licensed check failed because the cached license record for undici
was pinned to 6.24.1 while the installed dependency is 6.27.0, causing
"license: mit, allowed: false" / source enumeration errors.

Regenerate the cached record with `licensed cache` so it matches the
installed version. `licensed status` now reports 0 errors.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Rebuild dist with undici 6.27.0

The committed dist/ bundle was built with undici 6.24.1, but the
lockfile resolves undici 6.27.0. The check-dist workflow rebuilds the
bundle and detected this drift (uncommitted changes after build).

Rebuild dist/setup and dist/cleanup with `npm run build` so the
committed bundle matches the installed undici 6.27.0, aligning with the
license cache update in this PR.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 16:43:17 -04:00
mahabaleshwars
ce7f9ce621 Add Maven Wrapper cache feature (#1027)
* add Maven Wrapper distribution caching

* update test case

---------

Co-authored-by: Bruno Borges <bruno.borges@gmail.com>
2026-06-22 09:45:18 -05:00
Jason Ginchereau
6e9017e125 Bump @actions/cache to 5.1.0, handle cache write denied (#1026) 2026-06-22 09:16:01 +01:00
Sean Proctor
baa1691374 fix: reject non-semver candidate versions in isVersionSatisfies (#1009)
Distributions like JetBrains Runtime publish 4-segment versions such as
'17.0.8.1+1080.1' that the semver package rejects. Both compareBuild and
satisfies throw on these, which surfaced to users as "Error: Invalid
Version: 17.0.8.1+1080.1" and aborted the whole install when any
available version was non-semver. Guard with an early semver.valid check
so unparseable versions are treated as a non-match.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-17 22:47:02 -05:00
dependabot[bot]
f300429fba Bump @typescript-eslint/parser from 8.48.0 to 8.61.1 (#1021)
* Bump @typescript-eslint/parser from 8.48.0 to 8.61.1

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.48.0 to 8.61.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.61.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* run licensed and update dist

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Adams <georgeadams1995@gmail.com>
2026-06-16 15:12:38 -07:00
dependabot[bot]
ad2b38190b Bump @vercel/ncc from 0.38.1 to 0.44.0 (#1018)
* Bump @vercel/ncc from 0.38.1 to 0.44.0

Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.44.0.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.1...0.44.0)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-version: 0.44.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* recompile dist

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Adams <georgeadams1995@gmail.com>
2026-06-16 09:37:47 +02:00
John
b24df5bba5 Make the Adoptopenjdk package type look at the Temurin repo first for latest assets (#522)
* Make the Adoptopenjdk package type look at the Temurin repo first for latest assets

* Address Copilot code review comments

- Use strict equality (===, !==) instead of loose equality (==, !=) for all comparisons
- Properly handle caught errors with instanceof type narrowing before accessing properties
- Only fall back to legacy AdoptOpenJDK for specific version-not-found errors
- Rethrow unexpected errors to avoid masking real issues (network failures, rate limits, etc.)
- Fix error message check to match actual error text ('No matching version found')
- Remove unnecessary undefined check since method return type is never undefined
- Add @internal JSDoc annotation to TemurinDistribution.findPackageForDownload()
- Update tests to properly mock Temurin lookup failures for fallback behavior testing
- Rebuild dist files

* Always fall back to legacy AdoptOpenJDK but log all Temurin failures

- Change error handling to gracefully fall back for all errors, not just version-not-found
- Log version-not-found errors as notices with migration guidance
- Log other Temurin failures as debug messages for troubleshooting
- Improves resilience: users always get a result even if Temurin API has issues
- Maintains visibility: failures are still logged for debugging

* Fixes from review

* Fixes from review

* Fixes from review

* Regenerate dist
2026-06-12 16:30:59 +01:00
John
43120bc3c3 Implement pagination with link headers for Adoptium based apis (#1014)
* Use Link headers for Adoptium pagination

* Fix nullable pagination URL types and rebuild dist

* Add 1000-page safeguard for JetBrains pagination

* Adjust plan for pagination safeguard scope

* Move pagination safeguard to non-JetBrains installers

* Add 1000-page safeguard to Adopt Temurin and Semeru pagination

* Fix Prettier formatting in adopt, semeru, and temurin installer files

* Fix CI audit failure by updating vulnerable transitive deps

* Address PR review: RFC-compliant Link parsing, SSRF validation, centralized constant

- Make getNextPageUrlFromLinkHeader RFC 8288 compliant by splitting
  link-values and checking for rel=next anywhere in the parameters,
  not just as the first parameter after the semicolon.
- Add validatePaginationUrl utility to reject pagination URLs that
  point to unexpected origins (SSRF mitigation).
- Centralize MAX_PAGINATION_PAGES in util.ts instead of duplicating
  across Adopt, Semeru, and Temurin installers.
- Add tests for rel not being the first parameter, and for URL
  origin validation.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address code review feedback on pagination implementation

- Tighten rel regex with word boundary to prevent false positives
  (e.g., rel="nextsomething" no longer matches).
- Use parsed.origin comparison in validatePaginationUrl to correctly
  handle explicit default ports (e.g., :443 for HTTPS).
- Fix pagination safeguard tests to use same-origin URLs so they
  actually exercise the 1000-page limit instead of being rejected
  by origin validation on the first request.
- Add test for rel="nextsomething" not matching.
- Add test for explicit default port acceptance.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix prettier formatting in util.test.ts

* Rebuild dist/ to fix check-dist CI failure

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-12 11:50:16 +01:00
dependabot[bot]
039af37997 Bump picomatch, @types/jest, jest, jest-circus and ts-jest (#1016)
* Bump picomatch, @types/jest, jest, jest-circus and ts-jest

Bumps [picomatch](https://github.com/micromatch/picomatch) to 4.0.4 and updates ancestor dependencies [picomatch](https://github.com/micromatch/picomatch), [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest), [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest), [jest-circus](https://github.com/jestjs/jest/tree/HEAD/packages/jest-circus) and [ts-jest](https://github.com/kulshekhar/ts-jest). These dependencies need to be updated together.


Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)

Updates `@types/jest` from 29.5.14 to 30.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Updates `jest` from 29.7.0 to 30.4.2
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest)

Updates `jest-circus` from 29.7.0 to 30.4.2
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest-circus)

Updates `ts-jest` from 29.3.0 to 29.4.11
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.3.0...v29.4.11)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-version: 30.0.0
  dependency-type: direct:development
- dependency-name: jest
  dependency-version: 30.4.2
  dependency-type: direct:development
- dependency-name: jest-circus
  dependency-version: 30.4.2
  dependency-type: direct:development
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
- dependency-name: ts-jest
  dependency-version: 29.4.11
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* run licensed and update dist

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Adams <georgeadams1995@gmail.com>
2026-06-12 10:05:41 +01:00
George Adams
1071fc12d6 fix: resolve npm audit vulnerabilities in fast-xml-builder and fast-xml-parser (#1015)
* fix: update dependency license records and resolve npm audit vulnerabilities

- Bump fast-xml-builder 1.1.4 → 1.2.0 (GHSA-5wm8-gmm8-39j9)
- Bump fast-xml-parser 5.5.10 → 5.8.0 (GHSA-gh4j-gqv2-49f6)
- Bump strnum 2.2.3 → 2.4.0
- Bump path-expression-matcher 1.4.0 → 1.5.0
- Add license records for new deps @nodable/entities and xml-naming

* fix: add anynum license record and rebuild dist

* re-run licensed
2026-06-12 09:49:51 +01:00
George Adams
576b821f29 Merge pull request #674 from gdams/alpine
temurin: add support for Alpine Linux
2026-06-12 09:18:56 +01:00
Copilot
c76542e033 chore: upgrade dependencies (@actions/core, cache, glob, http-client, tool-cache, xmlbuilder2) (#999)
* chore: upgrade dependencies and update license cache

Agent-Logs-Url: https://github.com/actions/setup-java/sessions/55ba1e4b-a515-4177-8a35-44bffa4ad0c0

Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com>

* chore: upgrade @actions/exec ^1.0.4→^2.0.0 and @actions/io ^1.0.2→^2.0.0

Agent-Logs-Url: https://github.com/actions/setup-java/sessions/8be3df50-f347-42da-9734-73f71bf89d40

Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lmvysakh <187510632+lmvysakh@users.noreply.github.com>
2026-04-15 12:30:24 -05:00
Chiranjib Swain
0756542bc5 Refactor error handling and improve test logging for installers (#989)
* Refactor error handling for version not found cases across multiple installers

* Mock core.error in tests to suppress error logs

* fix(graalvm): improve error messages for EA version not found scenarios

* refactor(tests): update error messages for version not found scenarios

* fix(graalvm): enhance error messages for version not found scenarios

* fix(graalvm): improve error messages for version not found scenarios with updated download URL

* fix(graalvm): improve error handling for EA version not found scenarios with clearer messages
2026-04-13 12:44:45 -05:00
dependabot[bot]
1d018f9b8b Bump minimatch from 3.1.2 to 3.1.5 (#984)
* Bump minimatch from 3.1.2 to 3.1.5

Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Check failure fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: gowridurgad <gowridurgad@gmail.com>
2026-03-02 15:50:04 -06:00
Salman Chishti
d81c4e45f3 Upgrade @actions/cache to v5 (#968)
* Upgrade @actions/cache to v5

- Bump @actions/cache from 4.0.3 to 5.0.0
- Update license cache files for new/updated dependencies
- Rebuild dist bundles
- Mark @actions/http-client as reviewed in licensed config (MIT license text present but detected as 'other')

* chore: Update version to 5.0.1 in package.json and package-lock.json

* upgrade actions/cache to 5.0.1

---------

Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
2026-01-20 09:24:36 -06:00
Piotr Findeisen
5d7b214633 Retry on HTTP 522 Connection timed out (#964)
This is supposed to be CloudFlare specific 522 Connection timed out HTTP
error code.
2025-12-23 16:49:17 -06:00
guicamest
4e7e684fbb feat: Add support for .sdkmanrc file in java-version-file parameter (#736)
* chore(e2e-versions): Add e2e test scenario on `setup-java-version-from-file-major-minor-patch-with-dist` for `.sdkmanrc`

* chore(e2e-versions): Update `setup-java-version-from-file-major-minor-patch-with-dist` test to include the file name of the java-version-file that is used

* feat: Add support for `.sdkmanrc` as *Java Version File*

* chore: Add test for the latest known sdkman java versions

* docs(advanced-usage): Document support for `.sdkmanrc` as java-version-file

* chore(docs): Anyone can contribute and maintain 🤷

* Update advanced-usage.md

Add example step/file for `.sdkmanrc`

* Update advanced-usage.md

* Update util.ts

* chore: format and rebuild

* chore: untouch toolchains.ts

* fix check dist error

---------

Co-authored-by: mahabaleshwars <147705296+mahabaleshwars@users.noreply.github.com>
2025-11-25 13:36:29 -06:00
mahabaleshwars
46c56d6f92 Add GitHub Token Support for GraalVM and Refactor Code (#849)
* Code updated to let code accept github token and refactored the code.

* github token accept through environment variable

* fix test error

* audit fix commit

* update package-lock.json

* Update GraalVM Tests

* Lint Issue Resolve

* Update Test case for Windows

* update with enhance code and test
2025-11-18 12:04:23 -06:00
Christoph Langer
66b945764b Update SapMachine URLs (#955) 2025-11-17 10:33:06 -06:00
priya-kinthali
6ba5449b7d Enhance error logging for network failures to include endpoint/IP details, add retry mechanism and update workflows to use macos-15-intel (#946)
* enhance error logging and implement retry

* Replace macos-13 with macos-15-intel

* refactored code based on Copilot suggestions
2025-11-13 13:34:50 -06:00
aparnajyothi-y
ead9eaa3cf Update Regex to Support All ASDF Versions for the supported distributions in tool-versions File (#767)
* Regex update to fix #719

* Check failures fix

* npm run format, npm run format-check & npm run build

* Regex update

* regex update

* fixed check failures

* updated regex

* regex update for all the versions

* regex and docmentation update

* Regex update

* format and doc update

* doc format update

* npm audit fix

* resolve conflicts

* resolve conflicts

* resolve conflicts

* doc update

* Java version upgrade
2025-09-16 13:23:22 -05:00
gowridurgad
e9343db97e Bumps form-data (#887)
Co-authored-by: “gowridurgad” <“hgowridurgad@github.com>
2025-07-30 14:34:56 -05:00
dependabot[bot]
ae2b61dbc6 Bump undici from 5.28.5 to 5.29.0 (#833)
* Bump undici from 5.28.5 to 5.29.0

Bumps [undici](https://github.com/nodejs/undici) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix CI failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
2025-07-15 12:32:37 -05:00
dependabot[bot]
c190c18feb Bump eslint-plugin-jest from 27.9.0 to 29.0.1 (#730)
* Bump eslint-plugin-jest from 27.9.0 to 29.0.1

Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.9.0 to 28.11.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.9.0...v28.11.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

* Fix lint error

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
2025-07-07 13:51:25 -05:00
Priya Gupta
67aec007b3 Fix: prevent default installation of JetBrains pre-releases (#859)
* fix: prevent default installation of JetBrains pre-releases

* simplify prerelease filter logic

* fix basic validation checks
2025-07-03 12:03:51 -05:00
gowridurgad
ebb356cc4e Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failures (#848)
* error-handling

* Logic update

---------

Co-authored-by: “gowridurgad” <“hgowridurgad@github.com>
2025-06-23 12:32:03 -05:00
aparnajyothi-y
c5195efecf actions/cache upgrade to 4.0.3 (#773) 2025-04-08 09:20:46 -05:00
dependabot[bot]
dd38875f93 Bump ts-jest from 29.1.2 to 29.2.5 (#743)
* Bump ts-jest from 29.1.2 to 29.2.5

Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 29.1.2 to 29.2.5.
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.2...v29.2.5)

---
updated-dependencies:
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* check failures fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
2025-04-08 09:19:01 -05:00
dependabot[bot]
148017a9b0 Bump @actions/glob from 0.4.0 to 0.5.0 (#744)
* Bump @actions/glob from 0.4.0 to 0.5.0

Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob)

---
updated-dependencies:
- dependency-name: "@actions/glob"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* check failures fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
2025-04-01 12:02:03 -05:00
aparnajyothi-y
b8ebb8ba1d upgrade @action/cache from 4.0.0 to 4.0.2 (#766)
* actions/cache upgrade to 4.0.2

* check failures fix

* fix for licensed check failure
2025-03-19 13:20:08 -05:00
dependabot[bot]
3a4f6e1af5 Bump @types/jest from 29.5.12 to 29.5.14 (#729)
* Bump @types/jest from 29.5.12 to 29.5.14

Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
2025-01-28 10:20:39 -06:00
dependabot[bot]
d4e4b6bbc1 Bump @actions/http-client from 2.2.1 to 2.2.3 (#728)
* Bump @actions/http-client from 2.2.1 to 2.2.3

Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 2.2.1 to 2.2.3.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client)

---
updated-dependencies:
- dependency-name: "@actions/http-client"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist and license failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
2025-01-28 09:27:56 -06:00