dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#1059)

- installer: surface a clear error when the GraalVM Community releases
  listing is not a JSON array, instead of silently treating an error
  payload (rate limit, auth failure, etc.) as "no releases" which later
  surfaced as a misleading "version not found" error.
- docs: fix the GraalVM Community advanced-usage example to check the
  installed binary versions (java/native-image --version) rather than
  running a non-existent HelloWorldApp classpath that fails when copied.
- tests: cover the new non-array release listing error path.

Rebuilt dist bundle.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

.github/workflows/basic-validation.yml

@@ -11,6 +11,9 @@ on:
     paths-ignore:
       - '**.md'
 
+permissions:
+  contents: read
+
 jobs:
   call-basic-validation:
     name: Basic validation

.github/workflows/check-dist.yml

@@ -11,6 +11,9 @@ on:
       - '**.md'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   call-check-dist:
     name: Check dist/

.github/workflows/codeql-analysis.yml

@@ -8,6 +8,8 @@ on:
   schedule:
     - cron: '0 3 * * 0'
 
+permissions: {}
+
 jobs:
   call-codeQL-analysis:
     permissions:

.github/workflows/e2e-cache-dependency-path.yml

@@ -11,6 +11,9 @@ on:
     paths-ignore:
       - '**.md'
 
+permissions:
+  contents: read
+
 defaults:
   run:
     shell: bash
@@ -25,6 +28,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for gradle
         uses: ./
         id: setup-java
@@ -52,6 +57,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for gradle
         uses: ./
         id: setup-java
@@ -77,6 +84,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for gradle
         uses: ./
         id: setup-java

.github/workflows/e2e-cache.yml

@@ -11,6 +11,9 @@ on:
     paths-ignore:
       - '**.md'
 
+permissions:
+  contents: read
+
 defaults:
   run:
     shell: bash
@@ -25,6 +28,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for gradle
         uses: ./
         id: setup-java
@@ -51,6 +56,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for gradle
         uses: ./
         id: setup-java
@@ -74,6 +81,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for maven
         uses: ./
         id: setup-java
@@ -98,6 +107,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for maven
         uses: ./
         id: setup-java
@@ -125,6 +136,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for sbt
         uses: ./
         id: setup-java
@@ -175,6 +188,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Run setup-java with the cache for sbt
         uses: ./
         id: setup-java

.github/workflows/e2e-local-file.yml

@@ -11,6 +11,9 @@ on:
     paths-ignore:
       - '**.md'
 
+permissions:
+  contents: read
+
 jobs:
   setup-java-local-file-adopt:
     name: Validate installation from local file Adopt
@@ -22,6 +25,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Download Adopt OpenJDK file
         run: |
           if ($IsLinux) {
@@ -46,7 +51,9 @@ jobs:
           java-version: '11.0.0-ea'
           architecture: x64
       - name: Verify Java version
-        run: bash __tests__/verify-java.sh "11.0.10" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11.0.10" "$JAVA_PATH"
         shell: bash
 
   setup-java-local-file-zulu:
@@ -59,6 +66,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Download Zulu OpenJDK file
         run: |
           if ($IsLinux) {
@@ -83,7 +92,9 @@ jobs:
           java-version: '11.0.0-ea'
           architecture: x64
       - name: Verify Java version
-        run: bash __tests__/verify-java.sh "11.0" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11.0" "$JAVA_PATH"
         shell: bash
 
   setup-java-local-file-temurin:
@@ -96,6 +107,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Download Eclipse Temurin file
         run: |
           if ($IsLinux) {
@@ -120,5 +133,7 @@ jobs:
           java-version: '11.0.0-ea'
           architecture: x64
       - name: Verify Java version
-        run: bash __tests__/verify-java.sh "11.0.12" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11.0.12" "$JAVA_PATH"
         shell: bash

.github/workflows/e2e-publishing.yml

@@ -11,6 +11,9 @@ on:
     paths-ignore:
       - '**.md'
 
+permissions:
+  contents: read
+
 defaults:
   run:
     shell: pwsh
@@ -26,6 +29,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -61,6 +66,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Create fake settings.xml
         run: |
           $xmlDirectory = Join-Path $HOME ".m2"
@@ -97,6 +104,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Create fake settings.xml
         run: |
           $xmlDirectory = Join-Path $HOME ".m2"
@@ -134,6 +143,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java

.github/workflows/e2e-versions.yml

@@ -13,6 +13,10 @@ on:
   schedule:
     - cron: '0 */12 * * *'
   workflow_dispatch:
+
+permissions:
+  contents: read
+
 jobs:
   setup-java-major-versions:
     name: ${{ matrix.distribution }} ${{ matrix.version }} (jdk-x64) - ${{ matrix.os }}
@@ -74,6 +78,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -83,14 +89,17 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
         shell: bash
 
   setup-java-alpine-linux:
     name: ${{ matrix.distribution }} ${{ matrix.version }} (jdk-x64) - alpine-linux - ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     container:
-      image: alpine:latest
+      image: alpine:3.21
     strategy:
       fail-fast: false
       matrix:
@@ -100,6 +109,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Install bash
         run: apk add --no-cache bash
       - name: setup-java
@@ -109,7 +120,10 @@ jobs:
           java-version: ${{ matrix.version }}
           distribution: ${{ matrix.distribution }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
         shell: bash
 
   setup-java-major-minor-versions:
@@ -150,6 +164,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -157,10 +173,12 @@ jobs:
           java-version: ${{ matrix.version }}
           distribution: ${{ matrix.distribution }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
-        shell: bash
         env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
+        shell: bash
 
   setup-java-check-latest:
     name: ${{ matrix.distribution }} ${{ matrix.version }} - check-latest flag - ${{ matrix.os }}
@@ -185,6 +203,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -195,7 +215,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "11" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11" "$JAVA_PATH"
         shell: bash
 
   setup-java-multiple-jdks:
@@ -221,6 +243,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -245,7 +269,9 @@ jobs:
           }
         shell: pwsh
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "17" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "17" "$JAVA_PATH"
         shell: bash
 
   setup-java-ea-versions-zulu:
@@ -260,6 +286,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -267,7 +295,10 @@ jobs:
           java-version: ${{ matrix.version }}
           distribution: zulu
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
         shell: bash
 
   setup-java-ea-versions-temurin:
@@ -282,6 +313,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -289,7 +322,10 @@ jobs:
           java-version: ${{ matrix.version }}
           distribution: temurin
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
         shell: bash
 
   setup-java-ea-versions-sapmachine:
@@ -304,6 +340,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -311,7 +349,10 @@ jobs:
           java-version: ${{ matrix.version }}
           distribution: sapmachine
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
         shell: bash
 
   setup-java-custom-package-type:
@@ -391,6 +432,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -401,7 +444,10 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
         shell: bash
 
   # Only Liberica and Zulu provide x86
@@ -419,6 +465,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: setup-java
         uses: ./
         id: setup-java
@@ -427,7 +475,10 @@ jobs:
           java-version: ${{ matrix.version }}
           architecture: 'x86'
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
         shell: bash
 
   setup-java-version-both-version-inputs-presents:
@@ -442,6 +493,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Create .java-version file
         shell: bash
         run: echo "17" > .java-version
@@ -456,7 +509,9 @@ jobs:
           java-version: 11
           java-version-file: ${{matrix.java-version-file }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "11" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11" "$JAVA_PATH"
         shell: bash
 
   setup-java-version-from-file-major-notation:
@@ -471,6 +526,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Create .java-version file
         shell: bash
         run: echo "11" > .java-version
@@ -484,7 +541,9 @@ jobs:
           distribution: ${{ matrix.distribution }}
           java-version-file: ${{matrix.java-version-file }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "11" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11" "$JAVA_PATH"
         shell: bash
 
   setup-java-version-from-file-major-minor-patch-notation:
@@ -499,6 +558,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Create .java-version file
         shell: bash
         run: echo "17.0.10" > .java-version
@@ -512,7 +573,9 @@ jobs:
           distribution: ${{ matrix.distribution }}
           java-version-file: ${{matrix.java-version-file }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "17.0.10" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "17.0.10" "$JAVA_PATH"
         shell: bash
 
   setup-java-version-from-file-major-minor-patch-with-dist:
@@ -527,6 +590,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Create .java-version file
         shell: bash
         run: echo "openjdk64-17.0.10" > .java-version
@@ -543,79 +608,7 @@ jobs:
           distribution: ${{ matrix.distribution }}
           java-version-file: ${{matrix.java-version-file }}
       - name: Verify Java
-        run: bash __tests__/verify-java.sh "17.0.10" "${{ steps.setup-java.outputs.path }}"
-        shell: bash
-
-  setup-java-set-default:
-    name: set-default option - ${{ matrix.os }}
-    needs: setup-java-major-versions
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-      - name: Setup Java 17 as default
-        uses: ./
-        id: setup-java-17
-        with:
-          distribution: 'temurin'
-          java-version: '17'
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup Java 21 without setting as default
-        uses: ./
-        id: setup-java-21
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-          set-default: false
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Verify JAVA_HOME still points to Java 17
-        run: |
-          echo "JAVA_HOME=$JAVA_HOME"
-          echo "Java 17 path=${{ steps.setup-java-17.outputs.path }}"
-          if [ "$JAVA_HOME" != "${{ steps.setup-java-17.outputs.path }}" ]; then
-            echo "JAVA_HOME should still point to Java 17"
-            exit 1
-          fi
-        shell: bash
-      - name: Verify java -version reports Java 17
-        run: |
-          JAVA_VERSION=$(java -version 2>&1 | head -1)
-          echo "java -version: $JAVA_VERSION"
-          if ! echo "$JAVA_VERSION" | grep -q "17"; then
-            echo "Default java should still be version 17"
-            exit 1
-          fi
-        shell: bash
-      - name: Verify JAVA_HOME_21 env var is set
-        run: |
-          $envName = "JAVA_HOME_21_${env:RUNNER_ARCH}"
-          $JavaVersionPath = [Environment]::GetEnvironmentVariable($envName)
-          if (-not $JavaVersionPath) {
-            Write-Host "$envName is not set"
-            exit 1
-          }
-          if (-not (Test-Path "$JavaVersionPath")) {
-            Write-Host "$envName path does not exist: $JavaVersionPath"
-            exit 1
-          }
-          Write-Host "$envName=$JavaVersionPath"
-        shell: pwsh
-      - name: Verify Java 21 outputs are set
-        run: |
-          echo "Java 21 path=${{ steps.setup-java-21.outputs.path }}"
-          echo "Java 21 version=${{ steps.setup-java-21.outputs.version }}"
-          if [ -z "${{ steps.setup-java-21.outputs.path }}" ]; then
-            echo "Java 21 path output should be set"
-            exit 1
-          fi
-          if [ -z "${{ steps.setup-java-21.outputs.version }}" ]; then
-            echo "Java 21 version output should be set"
-            exit 1
-          fi
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "17.0.10" "$JAVA_PATH"
         shell: bash

.github/workflows/licensed.yml

@@ -9,6 +9,9 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   call-licensed:
     name: Licensed

.github/workflows/publish-immutable-actions.yml

@@ -5,6 +5,8 @@ on:
     types: [released]
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -16,6 +18,8 @@ jobs:
     steps:
       - name: Checking out
         uses: actions/checkout@v7
+        with:
+          persist-credentials: false
       - name: Publish
         id: publish
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/update-config-files.yml

@@ -5,7 +5,12 @@ on:
     - cron: '0 3 * * 0'
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   call-update-configuration-files:
     name: Update configuration files
+    permissions:
+      contents: write # to push the branch with updated configuration files
+      pull-requests: write # to open/update the configuration update PR
     uses: actions/reusable-workflows/.github/workflows/update-config-files.yml@main

.github/workflows/zizmor.yml

@@ -0,0 +1,48 @@
+name: Security analysis with zizmor
+
+on:
+  push:
+    branches:
+      - main
+      - releases/*
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: Analyze workflows with zizmor
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write # to upload SARIF results to code scanning
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install zizmor
+        run: pip install zizmor
+
+      - name: Run zizmor
+        run: zizmor --format sarif .github/workflows/ > zizmor.sarif
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload SARIF results to code scanning
+        if: always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: zizmor.sarif
+          category: zizmor

.github/zizmor.yml

@@ -0,0 +1,11 @@
+# Configuration for zizmor (https://docs.zizmor.sh)
+rules:
+  unpinned-uses:
+    config:
+      # First-party GitHub-maintained actions are trusted and referenced by
+      # major-version tags (the convention used across the actions org).
+      # Any third-party action must be pinned to a full commit SHA.
+      policies:
+        actions/*: ref-pin
+        github/*: ref-pin
+        '*': hash-pin

README.md

@@ -41,8 +41,6 @@ For more details,  see the full release notes on the [releases page](https://git
 
   - `check-latest`: Setting this option makes the action to check for the latest available version for the version spec.
 
-  - `set-default`: Set to `false` to install a JDK without making it the default. When `false`, `JAVA_HOME` and `PATH` are not updated, but `JAVA_HOME_<major>_<arch>` is still set so the JDK remains discoverable. Default value: `true`. See [Installing JDK without setting as default](docs/advanced-usage.md#Installing-JDK-without-setting-as-default) for more details.
-
   - `cache`: Quick [setup caching](#caching-packages-dependencies) for the dependencies managed through one of the predefined package managers. It can be one of "maven", "gradle" or "sbt".
 
   - `cache-dependency-path`: The path to a dependency file: pom.xml, build.gradle, build.sbt, etc. This option can be used with the `cache` option. If this option is omitted, the action searches for the dependency file in the entire repository. This option supports wildcards and a list of file names for caching multiple dependencies.
@@ -114,6 +112,7 @@ Currently, the following distributions are supported:
 | `dragonwell` | [Alibaba Dragonwell JDK](https://dragonwell-jdk.io/) | [`dragonwell` license](https://www.aliyun.com/product/dragonwell/)
 | `sapmachine` | [SAP SapMachine JDK/JRE](https://sapmachine.io/) | [`sapmachine` license](https://github.com/SAP/SapMachine/blob/sapmachine/LICENSE)
 | `graalvm` | [Oracle GraalVM](https://www.graalvm.org/) | [`graalvm` license](https://www.oracle.com/downloads/licenses/graal-free-license.html)
+| `graalvm-community` | [GraalVM Community](https://github.com/graalvm/graalvm-ce-builds/releases) | [`graalvm-community` license](https://github.com/oracle/graal/blob/master/LICENSE)
 | `jetbrains` | [JetBrains Runtime](https://github.com/JetBrains/JetBrainsRuntime/) | [`jetbrains` license](https://github.com/JetBrains/JetBrainsRuntime/blob/main/LICENSE)
 | `jdkfile` | Custom JDK Installation | |
 
@@ -122,6 +121,7 @@ Currently, the following distributions are supported:
 > - AdoptOpenJDK got moved to Eclipse Temurin and won't be updated anymore. It is highly recommended to migrate workflows from `adopt` and `adopt-openj9`, to `temurin` and `semeru` respectively, to keep receiving software and security updates. See more details in the [Good-bye AdoptOpenJDK post](https://blog.adoptopenjdk.net/2021/08/goodbye-adoptopenjdk-hello-adoptium/).
 > - For Azul Zulu OpenJDK architectures x64 and arm64 are mapped to x86 / arm with proper hw_bitness.
 > - To comply with the GraalVM Free Terms and Conditions (GFTC) license, it is recommended to use GraalVM JDK 17 version 17.0.12, as this is the only version of GraalVM JDK 17 available under the GFTC license. Additionally, it is encouraged to consider upgrading to GraalVM JDK 21, which offers the latest features and improvements.
+> - GraalVM Community is available as `distribution: 'graalvm-community'` for stable JDK 17 and later releases published on GitHub.
 
 **NOTE:** Oracle JDK 17 licensing varies by patch level. As shown on the [JDK 17 Archive](https://www.oracle.com/java/technologies/javase/jdk17-archive-downloads.html) (versions up to 17.0.12 are under the [NFTC](https://www.oracle.com/downloads/licenses/no-fee-license.html) license) and the [JDK 17.0.13+ Archive](https://www.oracle.com/java/technologies/javase/jdk17-0-13-later-archive-downloads.html) (versions 17.0.13 and later are under the [OTN](https://www.oracle.com/downloads/licenses/javase-license1.html) license). To stay on the free NFTC license, use `distribution: 'oracle'` with `java-version: '17.0.12'` (or earlier) instead of the floating `'17'`. Alternatively, upgrade to Oracle JDK 21+, which remains under the NFTC license.
 

__tests__/distributors/base-installer.test.ts

@@ -545,110 +545,6 @@ describe('setupJava', () => {
     expect(spyCoreExportVariable).not.toHaveBeenCalled();
     expect(spyCoreSetOutput).not.toHaveBeenCalled();
   });
-
-  it('should not set JAVA_HOME and PATH when setDefault is false', async () => {
-    mockJavaBase = new EmptyJavaBase({
-      version: '11',
-      architecture: 'x86',
-      packageType: 'jdk',
-      checkLatest: false,
-      setDefault: false
-    });
-    await expect(mockJavaBase.setupJava()).resolves.toEqual({
-      version: installedJavaVersion,
-      path: javaPath
-    });
-    expect(spyCoreExportVariable).not.toHaveBeenCalledWith(
-      'JAVA_HOME',
-      expect.anything()
-    );
-    expect(spyCoreAddPath).not.toHaveBeenCalled();
-    expect(spyCoreExportVariable).toHaveBeenCalledWith(
-      'JAVA_HOME_11_X86',
-      javaPath
-    );
-    expect(spyCoreSetOutput).toHaveBeenCalledWith(
-      'version',
-      installedJavaVersion
-    );
-    expect(spyCoreSetOutput).toHaveBeenCalledWith('path', javaPath);
-    expect(spyCoreSetOutput).toHaveBeenCalledWith('distribution', 'Empty');
-    expect(spyCoreInfo).toHaveBeenCalledWith(
-      `Installing Java ${installedJavaVersion} (not setting as default)`
-    );
-  });
-
-  it('should set JAVA_HOME and PATH when setDefault is true', async () => {
-    mockJavaBase = new EmptyJavaBase({
-      version: '11',
-      architecture: 'x86',
-      packageType: 'jdk',
-      checkLatest: false,
-      setDefault: true
-    });
-    await expect(mockJavaBase.setupJava()).resolves.toEqual({
-      version: installedJavaVersion,
-      path: javaPath
-    });
-    expect(spyCoreExportVariable).toHaveBeenCalledWith('JAVA_HOME', javaPath);
-    expect(spyCoreAddPath).toHaveBeenCalledWith(path.join(javaPath, 'bin'));
-    expect(spyCoreExportVariable).toHaveBeenCalledWith(
-      'JAVA_HOME_11_X86',
-      javaPath
-    );
-    expect(spyCoreInfo).toHaveBeenCalledWith(
-      `Setting Java ${installedJavaVersion} as the default`
-    );
-  });
-
-  it('should default to setting as default when setDefault is not specified', async () => {
-    mockJavaBase = new EmptyJavaBase({
-      version: '11',
-      architecture: 'x86',
-      packageType: 'jdk',
-      checkLatest: false
-    });
-    await expect(mockJavaBase.setupJava()).resolves.toEqual({
-      version: installedJavaVersion,
-      path: javaPath
-    });
-    expect(spyCoreExportVariable).toHaveBeenCalledWith('JAVA_HOME', javaPath);
-    expect(spyCoreAddPath).toHaveBeenCalledWith(path.join(javaPath, 'bin'));
-    expect(spyCoreInfo).toHaveBeenCalledWith(
-      `Setting Java ${installedJavaVersion} as the default`
-    );
-  });
-
-  it('should download and not set default when setDefault is false', async () => {
-    mockJavaBase = new EmptyJavaBase({
-      version: '11',
-      architecture: 'x64',
-      packageType: 'jdk',
-      checkLatest: false,
-      setDefault: false
-    });
-    await expect(mockJavaBase.setupJava()).resolves.toEqual({
-      version: '11.0.9',
-      path: path.join('toolcache', 'Java_Empty_jdk', '11.0.9', 'x64')
-    });
-    expect(spyCoreExportVariable).not.toHaveBeenCalledWith(
-      'JAVA_HOME',
-      expect.anything()
-    );
-    expect(spyCoreAddPath).not.toHaveBeenCalled();
-    expect(spyCoreExportVariable).toHaveBeenCalledWith(
-      'JAVA_HOME_11_X64',
-      path.join('toolcache', 'Java_Empty_jdk', '11.0.9', 'x64')
-    );
-    expect(spyCoreSetOutput).toHaveBeenCalledWith('version', '11.0.9');
-    expect(spyCoreSetOutput).toHaveBeenCalledWith(
-      'path',
-      path.join('toolcache', 'Java_Empty_jdk', '11.0.9', 'x64')
-    );
-    expect(spyCoreInfo).toHaveBeenCalledWith(
-      'Installing Java 11.0.9 (not setting as default)'
-    );
-  });
 });
 
 describe('normalizeVersion', () => {

__tests__/distributors/graalvm-installer.test.ts

@@ -3,7 +3,11 @@ import * as tc from '@actions/tool-cache';
 import * as http from '@actions/http-client';
 import fs from 'fs';
 import path from 'path';
-import {GraalVMDistribution} from '../../src/distributions/graalvm/installer';
+import {
+  GraalVMCommunityDistribution,
+  GraalVMDistribution
+} from '../../src/distributions/graalvm/installer';
+import {getJavaDistribution} from '../../src/distributions/distribution-factory';
 import {JavaInstallerOptions} from '../../src/distributions/base-models';
 import * as util from '../../src/util';
 
@@ -41,6 +45,7 @@ beforeAll(() => {
 
 describe('GraalVMDistribution', () => {
   let distribution: GraalVMDistribution;
+  let communityDistribution: GraalVMCommunityDistribution;
   let mockHttpClient: jest.Mocked<http.HttpClient>;
   let spyCoreError: jest.SpyInstance;
 
@@ -55,9 +60,11 @@ describe('GraalVMDistribution', () => {
     jest.clearAllMocks();
 
     distribution = new GraalVMDistribution(defaultOptions);
+    communityDistribution = new GraalVMCommunityDistribution(defaultOptions);
 
     mockHttpClient = new http.HttpClient() as jest.Mocked<http.HttpClient>;
     (distribution as any).http = mockHttpClient;
+    (communityDistribution as any).http = mockHttpClient;
 
     (util.getDownloadArchiveExtension as jest.Mock).mockReturnValue('tar.gz');
 
@@ -242,6 +249,23 @@ describe('GraalVMDistribution', () => {
         path: '/cached/java/path'
       });
     });
+
+    it('should use a dedicated toolcache folder for GraalVM Community', async () => {
+      const result = await (communityDistribution as any).downloadTool(
+        javaRelease
+      );
+
+      expect(tc.cacheDir).toHaveBeenCalledWith(
+        path.join('/tmp/extracted', 'graalvm-jdk-17.0.5'),
+        'Java_GraalVM_Community_jdk',
+        '17.0.5',
+        'x64'
+      );
+      expect(result).toEqual({
+        version: '17.0.5',
+        path: '/cached/java/path'
+      });
+    });
   });
 
   describe('findPackageForDownload', () => {
@@ -948,5 +972,121 @@ describe('GraalVMDistribution', () => {
         configurable: true
       });
     });
+
+    describe('GraalVMCommunityDistribution', () => {
+      beforeEach(() => {
+        jest
+          .spyOn(communityDistribution, 'getPlatform')
+          .mockReturnValue('linux');
+      });
+
+      it('should resolve an exact GraalVM Community version from GitHub releases', async () => {
+        mockHttpClient.getJson.mockResolvedValue({
+          result: [
+            {
+              draft: false,
+              prerelease: false,
+              assets: [
+                {
+                  name: 'graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz',
+                  browser_download_url:
+                    'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz'
+                }
+              ]
+            }
+          ],
+          statusCode: 200,
+          headers: {}
+        });
+
+        const result = await (
+          communityDistribution as any
+        ).findPackageForDownload('21.0.2');
+
+        expect(result).toEqual({
+          url: 'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz',
+          version: '21.0.2'
+        });
+      });
+
+      it('should resolve the latest GraalVM Community release for a major version', async () => {
+        mockHttpClient.getJson.mockResolvedValue({
+          result: [
+            {
+              draft: false,
+              prerelease: false,
+              assets: [
+                {
+                  name: 'graalvm-community-jdk-21.0.1_linux-x64_bin.tar.gz',
+                  browser_download_url:
+                    'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.1/graalvm-community-jdk-21.0.1_linux-x64_bin.tar.gz'
+                }
+              ]
+            },
+            {
+              draft: false,
+              prerelease: false,
+              assets: [
+                {
+                  name: 'graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz',
+                  browser_download_url:
+                    'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz'
+                }
+              ]
+            }
+          ],
+          statusCode: 200,
+          headers: {}
+        });
+
+        const result = await (
+          communityDistribution as any
+        ).findPackageForDownload('21');
+
+        expect(result).toEqual({
+          url: 'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz',
+          version: '21.0.2'
+        });
+      });
+
+      it('should reject GraalVM Community early access requests', async () => {
+        (communityDistribution as any).stable = false;
+
+        await expect(
+          (communityDistribution as any).findPackageForDownload('23')
+        ).rejects.toThrow(
+          'GraalVM Community does not provide early access builds'
+        );
+      });
+
+      it('should surface an error when the releases listing is not an array', async () => {
+        mockHttpClient.getJson.mockResolvedValue({
+          result: {message: 'API rate limit exceeded'},
+          statusCode: 403,
+          headers: {}
+        });
+
+        await expect(
+          (communityDistribution as any).findPackageForDownload('21')
+        ).rejects.toThrow(
+          /Unexpected response while listing GraalVM Community releases.*HTTP status code: 403/s
+        );
+      });
+    });
+  });
+});
+
+describe('distribution factory', () => {
+  const defaultOptions: JavaInstallerOptions = {
+    version: '17',
+    architecture: 'x64',
+    packageType: 'jdk',
+    checkLatest: false
+  };
+
+  it('should map graalvm-community to the community installer', () => {
+    const community = getJavaDistribution('graalvm-community', defaultOptions);
+
+    expect(community).toBeInstanceOf(GraalVMCommunityDistribution);
   });
 });

action.yml

@@ -26,10 +26,6 @@ inputs:
     description: 'Set this option if you want the action to check for the latest available version that satisfies the version spec'
     required: false
     default: false
-  set-default:
-    description: 'Set this option to false if you want to install a JDK but not make it the default. When false, JAVA_HOME and PATH are not updated, but JAVA_HOME_<major>_<arch> is still set.'
-    required: false
-    default: true
   server-id:
     description: 'ID of the distributionManagement repository in the pom.xml
        file. Default is `github`'

dist/cleanup/index.js

@@ -52241,7 +52241,7 @@ else {
 "use strict";
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_SET_DEFAULT = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
+exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
 exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
 exports.INPUT_JAVA_VERSION = 'java-version';
 exports.INPUT_JAVA_VERSION_FILE = 'java-version-file';
@@ -52250,7 +52250,6 @@ exports.INPUT_JAVA_PACKAGE = 'java-package';
 exports.INPUT_DISTRIBUTION = 'distribution';
 exports.INPUT_JDK_FILE = 'jdkFile';
 exports.INPUT_CHECK_LATEST = 'check-latest';
-exports.INPUT_SET_DEFAULT = 'set-default';
 exports.INPUT_SERVER_ID = 'server-id';
 exports.INPUT_SERVER_USERNAME = 'server-username';
 exports.INPUT_SERVER_PASSWORD = 'server-password';

dist/setup/index.js

@@ -78000,7 +78000,7 @@ function isProbablyGradleDaemonProblem(packageManager, error) {
 "use strict";
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_SET_DEFAULT = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
+exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
 exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
 exports.INPUT_JAVA_VERSION = 'java-version';
 exports.INPUT_JAVA_VERSION_FILE = 'java-version-file';
@@ -78009,7 +78009,6 @@ exports.INPUT_JAVA_PACKAGE = 'java-package';
 exports.INPUT_DISTRIBUTION = 'distribution';
 exports.INPUT_JDK_FILE = 'jdkFile';
 exports.INPUT_CHECK_LATEST = 'check-latest';
-exports.INPUT_SET_DEFAULT = 'set-default';
 exports.INPUT_SERVER_ID = 'server-id';
 exports.INPUT_SERVER_USERNAME = 'server-username';
 exports.INPUT_SERVER_PASSWORD = 'server-password';
@@ -78318,10 +78317,6 @@ class JavaBase {
         this.architecture = installerOptions.architecture || os_1.default.arch();
         this.packageType = installerOptions.packageType;
         this.checkLatest = installerOptions.checkLatest;
-        this.setDefault =
-            installerOptions.setDefault !== undefined
-                ? installerOptions.setDefault
-                : true;
     }
     setupJava() {
         var _a, _b;
@@ -78437,14 +78432,8 @@ class JavaBase {
             if (process.platform === 'darwin' && fs.existsSync(macOSPostfixPath)) {
                 foundJava.path = macOSPostfixPath;
             }
-            if (this.setDefault) {
             core.info(`Setting Java ${foundJava.version} as the default`);
             this.setJavaDefault(foundJava.version, foundJava.path);
-            }
-            else {
-                core.info(`Installing Java ${foundJava.version} (not setting as default)`);
-                this.setJavaEnvironment(foundJava.version, foundJava.path);
-            }
             return foundJava;
         });
     }
@@ -78542,12 +78531,9 @@ class JavaBase {
         return error;
     }
     setJavaDefault(version, toolPath) {
+        const majorVersion = version.split('.')[0];
         core.exportVariable('JAVA_HOME', toolPath);
         core.addPath(path_1.default.join(toolPath, 'bin'));
-        this.setJavaEnvironment(version, toolPath);
-    }
-    setJavaEnvironment(version, toolPath) {
-        const majorVersion = version.split('.')[0];
         core.setOutput('distribution', this.distribution);
         core.setOutput('path', toolPath);
         core.setOutput('version', version);
@@ -78785,6 +78771,7 @@ var JavaDistribution;
     JavaDistribution["Dragonwell"] = "dragonwell";
     JavaDistribution["SapMachine"] = "sapmachine";
     JavaDistribution["GraalVM"] = "graalvm";
+    JavaDistribution["GraalVMCommunity"] = "graalvm-community";
     JavaDistribution["JetBrains"] = "jetbrains";
 })(JavaDistribution || (JavaDistribution = {}));
 function getJavaDistribution(distributionName, installerOptions, jdkFile) {
@@ -78816,6 +78803,8 @@ function getJavaDistribution(distributionName, installerOptions, jdkFile) {
             return new installer_11.SapMachineDistribution(installerOptions);
         case JavaDistribution.GraalVM:
             return new installer_12.GraalVMDistribution(installerOptions);
+        case JavaDistribution.GraalVMCommunity:
+            return new installer_12.GraalVMCommunityDistribution(installerOptions);
         case JavaDistribution.JetBrains:
             return new installer_13.JetBrainsDistribution(installerOptions);
         default:
@@ -79083,23 +79072,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.GraalVMDistribution = void 0;
+exports.GraalVMCommunityDistribution = exports.GraalVMDistribution = void 0;
 const core = __importStar(__nccwpck_require__(37484));
 const tc = __importStar(__nccwpck_require__(33472));
 const fs_1 = __importDefault(__nccwpck_require__(79896));
 const path_1 = __importDefault(__nccwpck_require__(16928));
+const semver_1 = __importDefault(__nccwpck_require__(62088));
 const base_installer_1 = __nccwpck_require__(79935);
 const http_client_1 = __nccwpck_require__(54844);
 const util_1 = __nccwpck_require__(54527);
 const GRAALVM_DL_BASE = 'https://download.oracle.com/graalvm';
 const GRAALVM_DOWNLOAD_URL = 'https://www.graalvm.org/downloads/';
+const GRAALVM_COMMUNITY_RELEASES_URL = 'https://api.github.com/repos/graalvm/graalvm-ce-builds/releases?per_page=100';
+const GRAALVM_COMMUNITY_RELEASES_PAGE_ORIGIN = 'https://api.github.com';
+const GRAALVM_COMMUNITY_DOWNLOAD_URL = 'https://github.com/graalvm/graalvm-ce-builds/releases';
+const GRAALVM_COMMUNITY_ASSET_PREFIX = 'graalvm-community-jdk-';
+const GRAALVM_COMMUNITY_VERSION_PATTERN = /^\d+(?:\.\d+)*$/;
 const IS_WINDOWS = process.platform === 'win32';
 const GRAALVM_PLATFORM = IS_WINDOWS ? 'windows' : process.platform;
 const GRAALVM_MIN_VERSION = 17;
 const SUPPORTED_ARCHITECTURES = ['x64', 'aarch64'];
 class GraalVMDistribution extends base_installer_1.JavaBase {
-    constructor(installerOptions) {
-        super('GraalVM', installerOptions);
+    constructor(installerOptions, distributionName = 'GraalVM') {
+        super(distributionName, installerOptions);
     }
     downloadTool(javaRelease) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -79133,19 +79128,33 @@ class GraalVMDistribution extends base_installer_1.JavaBase {
     }
     findPackageForDownload(range) {
         return __awaiter(this, void 0, void 0, function* () {
-            // Add input validation
+            this.validateVersionRange(range);
+            const arch = this.getSupportedArchitecture();
+            if (!this.stable) {
+                return this.findEABuildDownloadUrl(`${range}-ea`);
+            }
+            const { platform, extension, major } = this.validateStableBuildRequest(range);
+            const fileUrl = this.constructFileUrl(range, major, platform, arch, extension);
+            const response = yield this.http.head(fileUrl);
+            this.handleHttpResponse(response, range);
+            return { url: fileUrl, version: range };
+        });
+    }
+    validateVersionRange(range) {
         if (!range || typeof range !== 'string') {
             throw new Error('Version range is required and must be a string');
         }
+    }
+    getSupportedArchitecture() {
         const arch = this.distributionArchitecture();
         if (!SUPPORTED_ARCHITECTURES.includes(arch)) {
             throw new Error(`Unsupported architecture: ${this.architecture}. Supported architectures are: ${SUPPORTED_ARCHITECTURES.join(', ')}`);
         }
-            if (!this.stable) {
-                return this.findEABuildDownloadUrl(`${range}-ea`);
+        return arch;
     }
+    validateStableBuildRequest(range) {
         if (this.packageType !== 'jdk') {
-                throw new Error('GraalVM provides only the `jdk` package type');
+            throw new Error(`${this.distribution} provides only the \`jdk\` package type`);
         }
         const platform = this.getPlatform();
         const extension = (0, util_1.getDownloadArchiveExtension)();
@@ -79155,13 +79164,13 @@ class GraalVMDistribution extends base_installer_1.JavaBase {
             throw new Error(`Invalid version format: ${range}`);
         }
         if (majorVersion < GRAALVM_MIN_VERSION) {
-                throw new Error(`GraalVM is only supported for JDK ${GRAALVM_MIN_VERSION} and later. Requested version: ${major}`);
+            throw new Error(`${this.distribution} is only supported for JDK ${GRAALVM_MIN_VERSION} and later. Requested version: ${major}`);
         }
-            const fileUrl = this.constructFileUrl(range, major, platform, arch, extension);
-            const response = yield this.http.head(fileUrl);
-            this.handleHttpResponse(response, range);
-            return { url: fileUrl, version: range };
-        });
+        return {
+            platform,
+            major,
+            extension
+        };
     }
     constructFileUrl(range, major, platform, arch, extension) {
         return range.includes('.')
@@ -79253,6 +79262,101 @@ class GraalVMDistribution extends base_installer_1.JavaBase {
     }
 }
 exports.GraalVMDistribution = GraalVMDistribution;
+class GraalVMCommunityDistribution extends GraalVMDistribution {
+    constructor(installerOptions) {
+        super(installerOptions, 'GraalVM Community');
+    }
+    get toolcacheFolderName() {
+        return `Java_GraalVM_Community_${this.packageType}`;
+    }
+    findPackageForDownload(range) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.validateVersionRange(range);
+            if (!this.stable) {
+                throw new Error('GraalVM Community does not provide early access builds');
+            }
+            const arch = this.getSupportedArchitecture();
+            const { platform, extension } = this.validateStableBuildRequest(range);
+            // GraalVM Community asset names embed the platform, architecture and
+            // archive type, e.g. `graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz`.
+            const assetSuffix = `_${platform}-${arch}_bin.${extension}`;
+            const availableVersions = yield this.getAvailableVersions(assetSuffix);
+            const satisfiedVersion = availableVersions
+                .filter(item => (0, util_1.isVersionSatisfies)(range, item.version))
+                .sort((a, b) => -semver_1.default.compareBuild(a.version, b.version))[0];
+            if (!satisfiedVersion) {
+                const error = this.createVersionNotFoundError(range, availableVersions.map(item => item.version), `Platform: ${platform}`);
+                error.message += `\nPlease check if this version is available at ${GRAALVM_COMMUNITY_DOWNLOAD_URL}.`;
+                throw error;
+            }
+            return satisfiedVersion;
+        });
+    }
+    getAvailableVersions(assetSuffix) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            const headers = (0, util_1.getGitHubHttpHeaders)();
+            const versions = new Map();
+            let releasesUrl = GRAALVM_COMMUNITY_RELEASES_URL;
+            for (let pageIndex = 0; releasesUrl && pageIndex < util_1.MAX_PAGINATION_PAGES; pageIndex++) {
+                const response = yield this.http.getJson(releasesUrl, headers);
+                // A successful GitHub releases listing is always a JSON array (possibly
+                // empty). Anything else indicates an unexpected/error payload (rate
+                // limiting, auth failure, etc.) that must be surfaced instead of being
+                // silently treated as "no releases", which would later look like a
+                // misleading "version not found" error.
+                if (!Array.isArray(response.result)) {
+                    throw new Error(`Unexpected response while listing GraalVM Community releases from ${releasesUrl} ` +
+                        `(HTTP status code: ${response.statusCode}). Expected a JSON array of releases. ` +
+                        `Please check if the service is available at ${GRAALVM_COMMUNITY_DOWNLOAD_URL}.`);
+                }
+                const releases = response.result;
+                if (releases.length === 0) {
+                    break;
+                }
+                for (const release of releases) {
+                    if (release.draft || release.prerelease) {
+                        continue;
+                    }
+                    for (const asset of (_a = release.assets) !== null && _a !== void 0 ? _a : []) {
+                        const version = this.extractAssetVersion(asset.name, assetSuffix);
+                        if (version) {
+                            versions.set(version, {
+                                version,
+                                url: asset.browser_download_url
+                            });
+                        }
+                    }
+                }
+                releasesUrl = this.getNextReleasesUrl(response.headers);
+            }
+            return [...versions.values()];
+        });
+    }
+    // Returns the GraalVM JDK version encoded in a release asset name when it
+    // matches the requested platform/architecture/archive suffix, otherwise null.
+    extractAssetVersion(assetName, assetSuffix) {
+        if (!assetName.startsWith(GRAALVM_COMMUNITY_ASSET_PREFIX) ||
+            !assetName.endsWith(assetSuffix)) {
+            return null;
+        }
+        const rawVersion = assetName.slice(GRAALVM_COMMUNITY_ASSET_PREFIX.length, -assetSuffix.length);
+        if (!GRAALVM_COMMUNITY_VERSION_PATTERN.test(rawVersion)) {
+            return null;
+        }
+        return (0, util_1.convertVersionToSemver)(rawVersion);
+    }
+    getNextReleasesUrl(headers) {
+        const nextUrl = (0, util_1.getNextPageUrlFromLinkHeader)(headers);
+        if (nextUrl &&
+            !(0, util_1.validatePaginationUrl)(nextUrl, GRAALVM_COMMUNITY_RELEASES_PAGE_ORIGIN)) {
+            core.warning(`Ignoring pagination link with unexpected origin: ${nextUrl}`);
+            return null;
+        }
+        return nextUrl;
+    }
+}
+exports.GraalVMCommunityDistribution = GraalVMCommunityDistribution;
 
 
 /***/ }),
@@ -79744,14 +79848,8 @@ class LocalDistribution extends base_installer_1.JavaBase {
             if (process.platform === 'darwin' && fs_1.default.existsSync(macOSPostfixPath)) {
                 foundJava.path = macOSPostfixPath;
             }
-            if (this.setDefault) {
-                core.info(`Setting Java ${foundJava.version} as the default`);
+            core.info(`Setting Java ${foundJava.version} as default`);
             this.setJavaDefault(foundJava.version, foundJava.path);
-            }
-            else {
-                core.info(`Installing Java ${foundJava.version} (not setting as default)`);
-                this.setJavaEnvironment(foundJava.version, foundJava.path);
-            }
             return foundJava;
         });
     }
@@ -80975,7 +81073,6 @@ function run() {
             const cache = core.getInput(constants.INPUT_CACHE);
             const cacheDependencyPath = core.getInput(constants.INPUT_CACHE_DEPENDENCY_PATH);
             const checkLatest = (0, util_1.getBooleanInput)(constants.INPUT_CHECK_LATEST, false);
-            const setDefault = (0, util_1.getBooleanInput)(constants.INPUT_SET_DEFAULT, true);
             let toolchainIds = core.getMultilineInput(constants.INPUT_MVN_TOOLCHAIN_ID);
             core.startGroup('Installed distributions');
             if (versions.length !== toolchainIds.length) {
@@ -80988,7 +81085,6 @@ function run() {
                 architecture,
                 packageType,
                 checkLatest,
-                setDefault,
                 distributionName,
                 jdkFile,
                 toolchainIds
@@ -81022,12 +81118,11 @@ function run() {
 run();
 function installVersion(version, options, toolchainId = 0) {
     return __awaiter(this, void 0, void 0, function* () {
-        const { distributionName, jdkFile, architecture, packageType, checkLatest, setDefault, toolchainIds } = options;
+        const { distributionName, jdkFile, architecture, packageType, checkLatest, toolchainIds } = options;
         const installerOptions = {
             architecture,
             packageType,
             checkLatest,
-            setDefault,
             version
         };
         const distribution = (0, distribution_factory_1.getJavaDistribution)(distributionName, installerOptions, jdkFile);

docs/advanced-usage.md

@@ -10,11 +10,11 @@
   - [Alibaba Dragonwell](#Alibaba-Dragonwell)
   - [SapMachine](#SapMachine)
   - [GraalVM](#GraalVM)
+  - [GraalVM Community](#GraalVM-Community)
   - [JetBrains](#JetBrains)
 - [Installing custom Java package type](#Installing-custom-Java-package-type)
   - [JavaFX Maven project](#JavaFX-Maven-project)
 - [Installing custom Java architecture](#Installing-custom-Java-architecture)
-- [Installing JDK without setting as default](#Installing-JDK-without-setting-as-default)
 - [Installing custom Java distribution from local file](#Installing-Java-from-local-file)
 - [Testing against different Java distributions](#Testing-against-different-Java-distributions)
 - [Testing against different platforms](#Testing-against-different-platforms)
@@ -175,6 +175,21 @@ steps:
     native-image --version
 ```
 
+### GraalVM Community
+**NOTE:** GraalVM Community is available for stable JDK 17 and later releases.
+
+```yaml
+steps:
+- uses: actions/checkout@v6
+- uses: actions/setup-java@v5
+  with:
+    distribution: 'graalvm-community'
+    java-version: '21'
+- run: |
+    java --version
+    native-image --version
+```
+
 ### JetBrains
 
 **NOTE:** JetBrains is only available for LTS versions on 11 or later (11, 17, 21, etc.).
@@ -268,37 +283,12 @@ steps:
 - run: java --version
 ```
 
-## Installing JDK without setting as default
-
-When installing multiple JDKs, the last one installed becomes the default (`JAVA_HOME`, `PATH`). Use the `set-default` option to install a JDK without overriding the default. The installed JDK is still discoverable via the `JAVA_HOME_<major>_<arch>` environment variable (e.g. `JAVA_HOME_21_X64`).
-
-```yaml
-steps:
-- uses: actions/checkout@v6
-- uses: actions/setup-java@v5
-  with:
-    distribution: 'temurin'
-    java-version: '17'
-- uses: actions/setup-java@v5
-  id: setup-java-21
-  with:
-    distribution: 'temurin'
-    java-version: '21'
-    set-default: false
-- run: |
-    echo "Default java:"
-    java -version
-    echo "Java 21 home: $JAVA_HOME_21_X64"
-    echo "Java 21 path from output: ${{ steps.setup-java-21.outputs.path }}"
-```
-
-In this example, `JAVA_HOME` and `java` on `PATH` point to Java 17, while Java 21 is available via `JAVA_HOME_21_X64` or the step output `path`.
-
-> **Note:** When a single step installs multiple JDKs via a multiline `java-version`, the `set-default` value applies to all of them. With `set-default: false`, none of those JDKs become the default; each remains discoverable through its `JAVA_HOME_<major>_<arch>` variable. Regardless of `set-default`, installed JDKs are still registered in the Maven toolchains file, so they can be selected via Maven toolchains.
-
 ## Installing Java from local file
 If your use-case requires a custom distribution or a version that is not provided by setup-java, you can download it manually and setup-java will take care of the installation and caching on the VM:
 
+> [!NOTE]
+> This approach also lets you use builds that setup-java does not provide directly, such as **Early Access (EA)** or other unreleased JDK builds (for example, an upcoming feature release or a Loom/Valhalla preview build). Download the desired archive in a prior step and point `jdkFile` at it; setup-java will extract, install, and cache it just like a supported distribution. When targeting multiple architectures, select the correct binary per architecture in your workflow (for example, with a build matrix).
+
 ```yaml
 steps:
 - run: |
@@ -314,6 +304,23 @@ steps:
 - run: java --version
 ```
 
+For example, to use an **Early Access** build from [jdk.java.net](https://jdk.java.net/), download the archive for your runner OS/architecture and install it via `distribution: 'jdkfile'` (example below assumes Linux x64):
+
+```yaml
+steps:
+- run: |
+    download_url="https://download.java.net/java/early_access/jdk25/36/GPL/openjdk-25-ea+36_linux-x64_bin.tar.gz"
+    wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
+- uses: actions/setup-java@v5
+  with:
+    distribution: 'jdkfile'
+    jdkFile: ${{ runner.temp }}/java_package.tar.gz
+    java-version: '25.0.0-ea.36'
+    architecture: x64
+
+- run: java --version
+```
+
 If your use-case requires a custom distribution (in the example, alpine-linux is used) or a version that is not provided by setup-java and you want to always install the latest version during runtime, then you can use the following code to auto-download the latest JDK, determine the semver needed for setup-java, and setup-java will take care of the installation and caching on the VM:
 
 ```yaml

src/constants.ts

@@ -6,7 +6,6 @@ export const INPUT_JAVA_PACKAGE = 'java-package';
 export const INPUT_DISTRIBUTION = 'distribution';
 export const INPUT_JDK_FILE = 'jdkFile';
 export const INPUT_CHECK_LATEST = 'check-latest';
-export const INPUT_SET_DEFAULT = 'set-default';
 export const INPUT_SERVER_ID = 'server-id';
 export const INPUT_SERVER_USERNAME = 'server-username';
 export const INPUT_SERVER_PASSWORD = 'server-password';

src/distributions/base-installer.ts

@@ -20,7 +20,6 @@ export abstract class JavaBase {
   protected packageType: string;
   protected stable: boolean;
   protected checkLatest: boolean;
-  protected setDefault: boolean;
 
   constructor(
     protected distribution: string,
@@ -37,10 +36,6 @@ export abstract class JavaBase {
     this.architecture = installerOptions.architecture || os.arch();
     this.packageType = installerOptions.packageType;
     this.checkLatest = installerOptions.checkLatest;
-    this.setDefault =
-      installerOptions.setDefault !== undefined
-        ? installerOptions.setDefault
-        : true;
   }
 
   protected abstract downloadTool(
@@ -174,15 +169,8 @@ export abstract class JavaBase {
       foundJava.path = macOSPostfixPath;
     }
 
-    if (this.setDefault) {
     core.info(`Setting Java ${foundJava.version} as the default`);
     this.setJavaDefault(foundJava.version, foundJava.path);
-    } else {
-      core.info(
-        `Installing Java ${foundJava.version} (not setting as default)`
-      );
-      this.setJavaEnvironment(foundJava.version, foundJava.path);
-    }
 
     return foundJava;
   }
@@ -310,13 +298,9 @@ export abstract class JavaBase {
   }
 
   protected setJavaDefault(version: string, toolPath: string) {
+    const majorVersion = version.split('.')[0];
     core.exportVariable('JAVA_HOME', toolPath);
     core.addPath(path.join(toolPath, 'bin'));
-    this.setJavaEnvironment(version, toolPath);
-  }
-
-  protected setJavaEnvironment(version: string, toolPath: string) {
-    const majorVersion = version.split('.')[0];
     core.setOutput('distribution', this.distribution);
     core.setOutput('path', toolPath);
     core.setOutput('version', version);

src/distributions/base-models.ts

@@ -3,7 +3,6 @@ export interface JavaInstallerOptions {
   architecture: string;
   packageType: string;
   checkLatest: boolean;
-  setDefault?: boolean;
 }
 
 export interface JavaInstallerResults {

src/distributions/distribution-factory.ts

@@ -11,7 +11,10 @@ import {CorrettoDistribution} from './corretto/installer';
 import {OracleDistribution} from './oracle/installer';
 import {DragonwellDistribution} from './dragonwell/installer';
 import {SapMachineDistribution} from './sapmachine/installer';
-import {GraalVMDistribution} from './graalvm/installer';
+import {
+  GraalVMCommunityDistribution,
+  GraalVMDistribution
+} from './graalvm/installer';
 import {JetBrainsDistribution} from './jetbrains/installer';
 
 enum JavaDistribution {
@@ -29,6 +32,7 @@ enum JavaDistribution {
   Dragonwell = 'dragonwell',
   SapMachine = 'sapmachine',
   GraalVM = 'graalvm',
+  GraalVMCommunity = 'graalvm-community',
   JetBrains = 'jetbrains'
 }
 
@@ -74,6 +78,8 @@ export function getJavaDistribution(
       return new SapMachineDistribution(installerOptions);
     case JavaDistribution.GraalVM:
       return new GraalVMDistribution(installerOptions);
+    case JavaDistribution.GraalVMCommunity:
+      return new GraalVMCommunityDistribution(installerOptions);
     case JavaDistribution.JetBrains:
       return new JetBrainsDistribution(installerOptions);
     default:

src/distributions/graalvm/installer.ts

@@ -2,6 +2,7 @@ import * as core from '@actions/core';
 import * as tc from '@actions/tool-cache';
 import fs from 'fs';
 import path from 'path';
+import semver from 'semver';
 import {JavaBase} from '../base-installer';
 import {HttpCodes} from '@actions/http-client';
 import {GraalVMEAVersion} from './models';
@@ -11,14 +12,26 @@ import {
   JavaInstallerResults
 } from '../base-models';
 import {
+  convertVersionToSemver,
   extractJdkFile,
   getDownloadArchiveExtension,
   getGitHubHttpHeaders,
-  renameWinArchive
+  getNextPageUrlFromLinkHeader,
+  isVersionSatisfies,
+  MAX_PAGINATION_PAGES,
+  renameWinArchive,
+  validatePaginationUrl
 } from '../../util';
 
 const GRAALVM_DL_BASE = 'https://download.oracle.com/graalvm';
 const GRAALVM_DOWNLOAD_URL = 'https://www.graalvm.org/downloads/';
+const GRAALVM_COMMUNITY_RELEASES_URL =
+  'https://api.github.com/repos/graalvm/graalvm-ce-builds/releases?per_page=100';
+const GRAALVM_COMMUNITY_RELEASES_PAGE_ORIGIN = 'https://api.github.com';
+const GRAALVM_COMMUNITY_DOWNLOAD_URL =
+  'https://github.com/graalvm/graalvm-ce-builds/releases';
+const GRAALVM_COMMUNITY_ASSET_PREFIX = 'graalvm-community-jdk-';
+const GRAALVM_COMMUNITY_VERSION_PATTERN = /^\d+(?:\.\d+)*$/;
 const IS_WINDOWS = process.platform === 'win32';
 const GRAALVM_PLATFORM = IS_WINDOWS ? 'windows' : process.platform;
 const GRAALVM_MIN_VERSION = 17;
@@ -26,9 +39,23 @@ const SUPPORTED_ARCHITECTURES = ['x64', 'aarch64'] as const;
 type SupportedArchitecture = (typeof SUPPORTED_ARCHITECTURES)[number];
 type OsVersions = 'linux' | 'macos' | 'windows';
 
+interface GraalVMCommunityAsset {
+  name: string;
+  browser_download_url: string;
+}
+
+interface GraalVMCommunityRelease {
+  draft: boolean;
+  prerelease: boolean;
+  assets: GraalVMCommunityAsset[];
+}
+
 export class GraalVMDistribution extends JavaBase {
-  constructor(installerOptions: JavaInstallerOptions) {
-    super('GraalVM', installerOptions);
+  constructor(
+    installerOptions: JavaInstallerOptions,
+    distributionName = 'GraalVM'
+  ) {
+    super(distributionName, installerOptions);
   }
 
   protected async downloadTool(
@@ -85,40 +112,14 @@ export class GraalVMDistribution extends JavaBase {
   protected async findPackageForDownload(
     range: string
   ): Promise<JavaDownloadRelease> {
-    // Add input validation
-    if (!range || typeof range !== 'string') {
-      throw new Error('Version range is required and must be a string');
-    }
-
-    const arch = this.distributionArchitecture();
-    if (!SUPPORTED_ARCHITECTURES.includes(arch as SupportedArchitecture)) {
-      throw new Error(
-        `Unsupported architecture: ${this.architecture}. Supported architectures are: ${SUPPORTED_ARCHITECTURES.join(', ')}`
-      );
-    }
+    this.validateVersionRange(range);
+    const arch = this.getSupportedArchitecture();
 
     if (!this.stable) {
       return this.findEABuildDownloadUrl(`${range}-ea`);
     }
 
-    if (this.packageType !== 'jdk') {
-      throw new Error('GraalVM provides only the `jdk` package type');
-    }
-
-    const platform = this.getPlatform();
-    const extension = getDownloadArchiveExtension();
-    const major = range.includes('.') ? range.split('.')[0] : range;
-    const majorVersion = parseInt(major);
-
-    if (isNaN(majorVersion)) {
-      throw new Error(`Invalid version format: ${range}`);
-    }
-
-    if (majorVersion < GRAALVM_MIN_VERSION) {
-      throw new Error(
-        `GraalVM is only supported for JDK ${GRAALVM_MIN_VERSION} and later. Requested version: ${major}`
-      );
-    }
+    const {platform, extension, major} = this.validateStableBuildRequest(range);
 
     const fileUrl = this.constructFileUrl(
       range,
@@ -134,6 +135,56 @@ export class GraalVMDistribution extends JavaBase {
     return {url: fileUrl, version: range};
   }
 
+  protected validateVersionRange(range: string): void {
+    if (!range || typeof range !== 'string') {
+      throw new Error('Version range is required and must be a string');
+    }
+  }
+
+  protected getSupportedArchitecture(): SupportedArchitecture {
+    const arch = this.distributionArchitecture();
+    if (!SUPPORTED_ARCHITECTURES.includes(arch as SupportedArchitecture)) {
+      throw new Error(
+        `Unsupported architecture: ${this.architecture}. Supported architectures are: ${SUPPORTED_ARCHITECTURES.join(', ')}`
+      );
+    }
+
+    return arch as SupportedArchitecture;
+  }
+
+  protected validateStableBuildRequest(range: string): {
+    platform: OsVersions;
+    extension: string;
+    major: string;
+  } {
+    if (this.packageType !== 'jdk') {
+      throw new Error(
+        `${this.distribution} provides only the \`jdk\` package type`
+      );
+    }
+
+    const platform = this.getPlatform();
+    const extension = getDownloadArchiveExtension();
+    const major = range.includes('.') ? range.split('.')[0] : range;
+    const majorVersion = parseInt(major);
+
+    if (isNaN(majorVersion)) {
+      throw new Error(`Invalid version format: ${range}`);
+    }
+
+    if (majorVersion < GRAALVM_MIN_VERSION) {
+      throw new Error(
+        `${this.distribution} is only supported for JDK ${GRAALVM_MIN_VERSION} and later. Requested version: ${major}`
+      );
+    }
+
+    return {
+      platform,
+      major,
+      extension
+    };
+  }
+
   private constructFileUrl(
     range: string,
     major: string,
@@ -280,3 +331,144 @@ export class GraalVMDistribution extends JavaBase {
     return result;
   }
 }
+
+export class GraalVMCommunityDistribution extends GraalVMDistribution {
+  constructor(installerOptions: JavaInstallerOptions) {
+    super(installerOptions, 'GraalVM Community');
+  }
+
+  protected get toolcacheFolderName(): string {
+    return `Java_GraalVM_Community_${this.packageType}`;
+  }
+
+  protected async findPackageForDownload(
+    range: string
+  ): Promise<JavaDownloadRelease> {
+    this.validateVersionRange(range);
+
+    if (!this.stable) {
+      throw new Error('GraalVM Community does not provide early access builds');
+    }
+
+    const arch = this.getSupportedArchitecture();
+    const {platform, extension} = this.validateStableBuildRequest(range);
+    // GraalVM Community asset names embed the platform, architecture and
+    // archive type, e.g. `graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz`.
+    const assetSuffix = `_${platform}-${arch}_bin.${extension}`;
+    const availableVersions = await this.getAvailableVersions(assetSuffix);
+
+    const satisfiedVersion = availableVersions
+      .filter(item => isVersionSatisfies(range, item.version))
+      .sort((a, b) => -semver.compareBuild(a.version, b.version))[0];
+
+    if (!satisfiedVersion) {
+      const error = this.createVersionNotFoundError(
+        range,
+        availableVersions.map(item => item.version),
+        `Platform: ${platform}`
+      );
+      error.message += `\nPlease check if this version is available at ${GRAALVM_COMMUNITY_DOWNLOAD_URL}.`;
+      throw error;
+    }
+
+    return satisfiedVersion;
+  }
+
+  private async getAvailableVersions(
+    assetSuffix: string
+  ): Promise<JavaDownloadRelease[]> {
+    const headers = getGitHubHttpHeaders();
+    const versions = new Map<string, JavaDownloadRelease>();
+    let releasesUrl: string | null = GRAALVM_COMMUNITY_RELEASES_URL;
+
+    for (
+      let pageIndex = 0;
+      releasesUrl && pageIndex < MAX_PAGINATION_PAGES;
+      pageIndex++
+    ) {
+      const response = await this.http.getJson<GraalVMCommunityRelease[]>(
+        releasesUrl,
+        headers
+      );
+
+      // A successful GitHub releases listing is always a JSON array (possibly
+      // empty). Anything else indicates an unexpected/error payload (rate
+      // limiting, auth failure, etc.) that must be surfaced instead of being
+      // silently treated as "no releases", which would later look like a
+      // misleading "version not found" error.
+      if (!Array.isArray(response.result)) {
+        throw new Error(
+          `Unexpected response while listing GraalVM Community releases from ${releasesUrl} ` +
+            `(HTTP status code: ${response.statusCode}). Expected a JSON array of releases. ` +
+            `Please check if the service is available at ${GRAALVM_COMMUNITY_DOWNLOAD_URL}.`
+        );
+      }
+
+      const releases = response.result;
+      if (releases.length === 0) {
+        break;
+      }
+
+      for (const release of releases) {
+        if (release.draft || release.prerelease) {
+          continue;
+        }
+
+        for (const asset of release.assets ?? []) {
+          const version = this.extractAssetVersion(asset.name, assetSuffix);
+          if (version) {
+            versions.set(version, {
+              version,
+              url: asset.browser_download_url
+            });
+          }
+        }
+      }
+
+      releasesUrl = this.getNextReleasesUrl(response.headers);
+    }
+
+    return [...versions.values()];
+  }
+
+  // Returns the GraalVM JDK version encoded in a release asset name when it
+  // matches the requested platform/architecture/archive suffix, otherwise null.
+  private extractAssetVersion(
+    assetName: string,
+    assetSuffix: string
+  ): string | null {
+    if (
+      !assetName.startsWith(GRAALVM_COMMUNITY_ASSET_PREFIX) ||
+      !assetName.endsWith(assetSuffix)
+    ) {
+      return null;
+    }
+
+    const rawVersion = assetName.slice(
+      GRAALVM_COMMUNITY_ASSET_PREFIX.length,
+      -assetSuffix.length
+    );
+
+    if (!GRAALVM_COMMUNITY_VERSION_PATTERN.test(rawVersion)) {
+      return null;
+    }
+
+    return convertVersionToSemver(rawVersion);
+  }
+
+  private getNextReleasesUrl(
+    headers: Record<string, string | string[] | undefined>
+  ): string | null {
+    const nextUrl = getNextPageUrlFromLinkHeader(headers);
+    if (
+      nextUrl &&
+      !validatePaginationUrl(nextUrl, GRAALVM_COMMUNITY_RELEASES_PAGE_ORIGIN)
+    ) {
+      core.warning(
+        `Ignoring pagination link with unexpected origin: ${nextUrl}`
+      );
+      return null;
+    }
+    return nextUrl;
+  }
+}

src/distributions/local/installer.ts

@@ -69,15 +69,9 @@ export class LocalDistribution extends JavaBase {
       foundJava.path = macOSPostfixPath;
     }
 
-    if (this.setDefault) {
-      core.info(`Setting Java ${foundJava.version} as the default`);
+    core.info(`Setting Java ${foundJava.version} as default`);
+
     this.setJavaDefault(foundJava.version, foundJava.path);
-    } else {
-      core.info(
-        `Installing Java ${foundJava.version} (not setting as default)`
-      );
-      this.setJavaEnvironment(foundJava.version, foundJava.path);
-    }
     return foundJava;
   }
 

src/setup-java.ts

@@ -28,7 +28,6 @@ async function run() {
       constants.INPUT_CACHE_DEPENDENCY_PATH
     );
     const checkLatest = getBooleanInput(constants.INPUT_CHECK_LATEST, false);
-    const setDefault = getBooleanInput(constants.INPUT_SET_DEFAULT, true);
     let toolchainIds = core.getMultilineInput(constants.INPUT_MVN_TOOLCHAIN_ID);
 
     core.startGroup('Installed distributions');
@@ -45,7 +44,6 @@ async function run() {
       architecture,
       packageType,
       checkLatest,
-      setDefault,
       distributionName,
       jdkFile,
       toolchainIds
@@ -102,7 +100,6 @@ async function installVersion(
     architecture,
     packageType,
     checkLatest,
-    setDefault,
     toolchainIds
   } = options;
 
@@ -110,7 +107,6 @@ async function installVersion(
     architecture,
     packageType,
     checkLatest,
-    setDefault,
     version
   };
 
@@ -145,7 +141,6 @@ interface installerInputsOptions {
   architecture: string;
   packageType: string;
   checkLatest: boolean;
-  setDefault: boolean;
   distributionName: string;
   jdkFile: string;
   toolchainIds: Array<string>;