mirror of
https://github.com/actions/setup-java.git
synced 2026-07-08 16:20:44 +03:00
Merge branch 'main' into support-kona-jdk
This commit is contained in:
@@ -464,6 +464,24 @@ describe('setupJava', () => {
|
||||
}
|
||||
);
|
||||
|
||||
it('should fail when verify-signature is enabled for unsupported distributions', async () => {
|
||||
mockJavaBase = new EmptyJavaBase({
|
||||
version: '11',
|
||||
architecture: 'x86',
|
||||
packageType: 'jdk',
|
||||
checkLatest: false,
|
||||
verifySignature: true
|
||||
});
|
||||
|
||||
await expect(mockJavaBase.setupJava()).rejects.toThrow(
|
||||
"Input 'verify-signature' is not supported for distribution 'Empty'."
|
||||
);
|
||||
expect(spyTcFindAllVersions).not.toHaveBeenCalled();
|
||||
expect(spyCoreAddPath).not.toHaveBeenCalled();
|
||||
expect(spyCoreExportVariable).not.toHaveBeenCalled();
|
||||
expect(spyCoreSetOutput).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it.each([
|
||||
[
|
||||
{
|
||||
|
||||
@@ -1,8 +1,15 @@
|
||||
import {MicrosoftDistributions} from '../../src/distributions/microsoft/installer';
|
||||
import {
|
||||
MicrosoftDistributions,
|
||||
MICROSOFT_PUBLIC_KEY
|
||||
} from '../../src/distributions/microsoft/installer';
|
||||
import os from 'os';
|
||||
import data from '../data/microsoft.json';
|
||||
import * as httpm from '@actions/http-client';
|
||||
import * as core from '@actions/core';
|
||||
import * as tc from '@actions/tool-cache';
|
||||
import * as gpg from '../../src/gpg';
|
||||
import * as util from '../../src/util';
|
||||
import fs from 'fs';
|
||||
|
||||
describe('findPackageForDownload', () => {
|
||||
let distribution: MicrosoftDistributions;
|
||||
@@ -102,6 +109,7 @@ describe('findPackageForDownload', () => {
|
||||
.replace('{{OS_TYPE}}', os)
|
||||
.replace('{{ARCHIVE_TYPE}}', archive);
|
||||
expect(result.url).toBe(url);
|
||||
expect(result.signatureUrl).toBe(`${url}.sig`);
|
||||
});
|
||||
|
||||
it.each([
|
||||
@@ -187,4 +195,153 @@ describe('findPackageForDownload', () => {
|
||||
/No matching version found for SemVer */
|
||||
);
|
||||
});
|
||||
|
||||
it('uses manifest-provided signature URL when available', async () => {
|
||||
spyGetManifestFromRepo.mockReturnValue({
|
||||
result: [
|
||||
{
|
||||
version: '17.0.10',
|
||||
stable: true,
|
||||
release_url: 'https://example.test',
|
||||
files: [
|
||||
{
|
||||
filename: 'microsoft-jdk-17.0.10-linux-x64.tar.gz',
|
||||
arch: 'x64',
|
||||
platform: 'linux',
|
||||
download_url: 'https://example.test/jdk.tar.gz',
|
||||
signature_url: 'https://example.test/jdk.tar.gz.custom.sig'
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
statusCode: 200,
|
||||
headers: {}
|
||||
});
|
||||
jest.spyOn(os, 'platform').mockReturnValue('linux');
|
||||
|
||||
const result = await distribution['findPackageForDownload']('17.0.10');
|
||||
|
||||
expect(result.signatureUrl).toBe(
|
||||
'https://example.test/jdk.tar.gz.custom.sig'
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
describe('downloadTool', () => {
|
||||
let spyDownloadTool: jest.SpyInstance;
|
||||
let spyExtractJdkFile: jest.SpyInstance;
|
||||
let spyCacheDir: jest.SpyInstance;
|
||||
let spyVerifySignature: jest.SpyInstance;
|
||||
let distribution: MicrosoftDistributions;
|
||||
|
||||
beforeEach(() => {
|
||||
jest
|
||||
.spyOn(os, 'platform')
|
||||
.mockReturnValue(process.platform as ReturnType<typeof os.platform>);
|
||||
|
||||
distribution = new MicrosoftDistributions({
|
||||
version: '17',
|
||||
architecture: 'x64',
|
||||
packageType: 'jdk',
|
||||
checkLatest: false
|
||||
});
|
||||
|
||||
spyDownloadTool = jest.spyOn(tc, 'downloadTool');
|
||||
spyDownloadTool.mockImplementation(async () => {
|
||||
return '/tmp/jdk.tar.gz';
|
||||
});
|
||||
|
||||
spyExtractJdkFile = jest.spyOn(util, 'extractJdkFile');
|
||||
spyExtractJdkFile.mockImplementation(async () => {
|
||||
return '/tmp/unpacked';
|
||||
});
|
||||
|
||||
jest.spyOn(fs, 'readdirSync').mockReturnValue(['jdk'] as any);
|
||||
spyCacheDir = jest.spyOn(tc, 'cacheDir');
|
||||
spyCacheDir.mockImplementation(async () => {
|
||||
return '/tmp/cached';
|
||||
});
|
||||
|
||||
jest
|
||||
.spyOn(util, 'renameWinArchive')
|
||||
.mockImplementation((archivePath: string) => `${archivePath}.zip`);
|
||||
|
||||
spyVerifySignature = jest.spyOn(gpg, 'verifyPackageSignature');
|
||||
spyVerifySignature.mockImplementation(async () => {});
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
jest.restoreAllMocks();
|
||||
});
|
||||
|
||||
it('verifies signature when enabled', async () => {
|
||||
const signedDistribution = new MicrosoftDistributions({
|
||||
version: '17',
|
||||
architecture: 'x64',
|
||||
packageType: 'jdk',
|
||||
checkLatest: false,
|
||||
verifySignature: true
|
||||
});
|
||||
|
||||
await signedDistribution['downloadTool']({
|
||||
version: '17.0.14+7',
|
||||
url: 'https://example.com/jdk.tar.gz',
|
||||
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
|
||||
});
|
||||
|
||||
expect(spyVerifySignature).toHaveBeenCalledWith(
|
||||
'/tmp/jdk.tar.gz',
|
||||
'https://example.com/jdk.tar.gz.sig',
|
||||
MICROSOFT_PUBLIC_KEY
|
||||
);
|
||||
});
|
||||
|
||||
it('uses custom public key when verifySignaturePublicKey is provided', async () => {
|
||||
const customKey =
|
||||
'-----BEGIN PGP PUBLIC KEY BLOCK-----\ncustom\n-----END PGP PUBLIC KEY BLOCK-----';
|
||||
const signedDistribution = new MicrosoftDistributions({
|
||||
version: '17',
|
||||
architecture: 'x64',
|
||||
packageType: 'jdk',
|
||||
checkLatest: false,
|
||||
verifySignature: true,
|
||||
verifySignaturePublicKey: customKey
|
||||
});
|
||||
|
||||
await signedDistribution['downloadTool']({
|
||||
version: '17.0.14+7',
|
||||
url: 'https://example.com/jdk.tar.gz',
|
||||
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
|
||||
});
|
||||
|
||||
expect(spyVerifySignature).toHaveBeenCalledWith(
|
||||
'/tmp/jdk.tar.gz',
|
||||
'https://example.com/jdk.tar.gz.sig',
|
||||
customKey
|
||||
);
|
||||
});
|
||||
|
||||
it('fails when signature is missing and verification is enabled', async () => {
|
||||
const signedDistribution = new MicrosoftDistributions({
|
||||
version: '17',
|
||||
architecture: 'x64',
|
||||
packageType: 'jdk',
|
||||
checkLatest: false,
|
||||
verifySignature: true
|
||||
});
|
||||
|
||||
await expect(
|
||||
signedDistribution['downloadTool']({
|
||||
version: '17.0.14+7',
|
||||
url: 'https://example.com/jdk.tar.gz'
|
||||
})
|
||||
).rejects.toThrow(
|
||||
"Input 'verify-signature' is enabled, but no signature URL was found for Microsoft Build of OpenJDK version 17.0.14+7."
|
||||
);
|
||||
expect(spyVerifySignature).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('supports signature verification', () => {
|
||||
expect(distribution['supportsSignatureVerification']()).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,10 +1,15 @@
|
||||
import {HttpClient} from '@actions/http-client';
|
||||
import * as tc from '@actions/tool-cache';
|
||||
import fs from 'fs';
|
||||
import os from 'os';
|
||||
import {
|
||||
TemurinDistribution,
|
||||
TemurinImplementation
|
||||
TemurinImplementation,
|
||||
ADOPTIUM_PUBLIC_KEY
|
||||
} from '../../src/distributions/temurin/installer';
|
||||
import {JavaInstallerOptions} from '../../src/distributions/base-models';
|
||||
import * as util from '../../src/util';
|
||||
import * as gpg from '../../src/gpg';
|
||||
|
||||
import manifestData from '../data/temurin.json';
|
||||
import * as core from '@actions/core';
|
||||
@@ -231,6 +236,7 @@ describe('findPackageForDownload', () => {
|
||||
distribution['getAvailableVersions'] = async () => manifestData as any;
|
||||
const resolvedVersion = await distribution['findPackageForDownload'](input);
|
||||
expect(resolvedVersion.version).toBe(expected);
|
||||
expect(resolvedVersion.signatureUrl).toBeDefined();
|
||||
});
|
||||
|
||||
it('version is found but binaries list is empty', async () => {
|
||||
@@ -281,3 +287,109 @@ describe('findPackageForDownload', () => {
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
describe('downloadTool', () => {
|
||||
let spyDownloadTool: jest.SpyInstance;
|
||||
let spyVerifySignature: jest.SpyInstance;
|
||||
let spyExtractJdkFile: jest.SpyInstance;
|
||||
let spyCacheDir: jest.SpyInstance;
|
||||
let spyReadDirSync: jest.SpyInstance;
|
||||
let spyRenameWinArchive: jest.SpyInstance;
|
||||
|
||||
beforeEach(() => {
|
||||
spyDownloadTool = jest.spyOn(tc, 'downloadTool');
|
||||
spyDownloadTool.mockResolvedValue('/tmp/jdk.tar.gz');
|
||||
spyVerifySignature = jest.spyOn(gpg, 'verifyPackageSignature');
|
||||
spyVerifySignature.mockResolvedValue(undefined);
|
||||
spyExtractJdkFile = jest.spyOn(util, 'extractJdkFile');
|
||||
spyExtractJdkFile.mockResolvedValue('/tmp/extracted');
|
||||
spyCacheDir = jest.spyOn(tc, 'cacheDir');
|
||||
spyCacheDir.mockResolvedValue('/tmp/toolcache');
|
||||
spyReadDirSync = jest.spyOn(fs, 'readdirSync');
|
||||
spyReadDirSync.mockReturnValue(['jdk-17'] as any);
|
||||
spyRenameWinArchive = jest.spyOn(util, 'renameWinArchive');
|
||||
spyRenameWinArchive.mockReturnValue('/tmp/jdk.tar.gz.zip');
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
jest.resetAllMocks();
|
||||
jest.clearAllMocks();
|
||||
jest.restoreAllMocks();
|
||||
});
|
||||
|
||||
it('verifies signature when enabled', async () => {
|
||||
const distribution = new TemurinDistribution(
|
||||
{
|
||||
version: '17',
|
||||
architecture: 'x64',
|
||||
packageType: 'jdk',
|
||||
checkLatest: false,
|
||||
verifySignature: true
|
||||
},
|
||||
TemurinImplementation.Hotspot
|
||||
);
|
||||
|
||||
await distribution['downloadTool']({
|
||||
version: '17.0.14+7',
|
||||
url: 'https://example.com/jdk.tar.gz',
|
||||
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
|
||||
});
|
||||
|
||||
expect(spyVerifySignature).toHaveBeenCalledWith(
|
||||
'/tmp/jdk.tar.gz',
|
||||
'https://example.com/jdk.tar.gz.sig',
|
||||
ADOPTIUM_PUBLIC_KEY
|
||||
);
|
||||
});
|
||||
|
||||
it('fails when signature is missing and verification is enabled', async () => {
|
||||
const distribution = new TemurinDistribution(
|
||||
{
|
||||
version: '17',
|
||||
architecture: 'x64',
|
||||
packageType: 'jdk',
|
||||
checkLatest: false,
|
||||
verifySignature: true
|
||||
},
|
||||
TemurinImplementation.Hotspot
|
||||
);
|
||||
|
||||
await expect(
|
||||
distribution['downloadTool']({
|
||||
version: '17.0.14+7',
|
||||
url: 'https://example.com/jdk.tar.gz'
|
||||
})
|
||||
).rejects.toThrow(
|
||||
"Input 'verify-signature' is enabled, but no signature URL was found"
|
||||
);
|
||||
expect(spyVerifySignature).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('uses custom public key when verifySignaturePublicKey is provided', async () => {
|
||||
const customKey =
|
||||
'-----BEGIN PGP PUBLIC KEY BLOCK-----\ncustom\n-----END PGP PUBLIC KEY BLOCK-----';
|
||||
const distribution = new TemurinDistribution(
|
||||
{
|
||||
version: '17',
|
||||
architecture: 'x64',
|
||||
packageType: 'jdk',
|
||||
checkLatest: false,
|
||||
verifySignature: true,
|
||||
verifySignaturePublicKey: customKey
|
||||
},
|
||||
TemurinImplementation.Hotspot
|
||||
);
|
||||
|
||||
await distribution['downloadTool']({
|
||||
version: '17.0.14+7',
|
||||
url: 'https://example.com/jdk.tar.gz',
|
||||
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
|
||||
});
|
||||
|
||||
expect(spyVerifySignature).toHaveBeenCalledWith(
|
||||
'/tmp/jdk.tar.gz',
|
||||
'https://example.com/jdk.tar.gz.sig',
|
||||
customKey
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user