Merge branch 'main' into support-kona-jdk

This commit is contained in:
Bruno Borges
2026-07-02 14:22:42 -04:00
committed by GitHub
27 changed files with 1755 additions and 151 deletions
@@ -464,6 +464,24 @@ describe('setupJava', () => {
}
);
it('should fail when verify-signature is enabled for unsupported distributions', async () => {
mockJavaBase = new EmptyJavaBase({
version: '11',
architecture: 'x86',
packageType: 'jdk',
checkLatest: false,
verifySignature: true
});
await expect(mockJavaBase.setupJava()).rejects.toThrow(
"Input 'verify-signature' is not supported for distribution 'Empty'."
);
expect(spyTcFindAllVersions).not.toHaveBeenCalled();
expect(spyCoreAddPath).not.toHaveBeenCalled();
expect(spyCoreExportVariable).not.toHaveBeenCalled();
expect(spyCoreSetOutput).not.toHaveBeenCalled();
});
it.each([
[
{
@@ -1,8 +1,15 @@
import {MicrosoftDistributions} from '../../src/distributions/microsoft/installer';
import {
MicrosoftDistributions,
MICROSOFT_PUBLIC_KEY
} from '../../src/distributions/microsoft/installer';
import os from 'os';
import data from '../data/microsoft.json';
import * as httpm from '@actions/http-client';
import * as core from '@actions/core';
import * as tc from '@actions/tool-cache';
import * as gpg from '../../src/gpg';
import * as util from '../../src/util';
import fs from 'fs';
describe('findPackageForDownload', () => {
let distribution: MicrosoftDistributions;
@@ -102,6 +109,7 @@ describe('findPackageForDownload', () => {
.replace('{{OS_TYPE}}', os)
.replace('{{ARCHIVE_TYPE}}', archive);
expect(result.url).toBe(url);
expect(result.signatureUrl).toBe(`${url}.sig`);
});
it.each([
@@ -187,4 +195,153 @@ describe('findPackageForDownload', () => {
/No matching version found for SemVer */
);
});
it('uses manifest-provided signature URL when available', async () => {
spyGetManifestFromRepo.mockReturnValue({
result: [
{
version: '17.0.10',
stable: true,
release_url: 'https://example.test',
files: [
{
filename: 'microsoft-jdk-17.0.10-linux-x64.tar.gz',
arch: 'x64',
platform: 'linux',
download_url: 'https://example.test/jdk.tar.gz',
signature_url: 'https://example.test/jdk.tar.gz.custom.sig'
}
]
}
],
statusCode: 200,
headers: {}
});
jest.spyOn(os, 'platform').mockReturnValue('linux');
const result = await distribution['findPackageForDownload']('17.0.10');
expect(result.signatureUrl).toBe(
'https://example.test/jdk.tar.gz.custom.sig'
);
});
});
describe('downloadTool', () => {
let spyDownloadTool: jest.SpyInstance;
let spyExtractJdkFile: jest.SpyInstance;
let spyCacheDir: jest.SpyInstance;
let spyVerifySignature: jest.SpyInstance;
let distribution: MicrosoftDistributions;
beforeEach(() => {
jest
.spyOn(os, 'platform')
.mockReturnValue(process.platform as ReturnType<typeof os.platform>);
distribution = new MicrosoftDistributions({
version: '17',
architecture: 'x64',
packageType: 'jdk',
checkLatest: false
});
spyDownloadTool = jest.spyOn(tc, 'downloadTool');
spyDownloadTool.mockImplementation(async () => {
return '/tmp/jdk.tar.gz';
});
spyExtractJdkFile = jest.spyOn(util, 'extractJdkFile');
spyExtractJdkFile.mockImplementation(async () => {
return '/tmp/unpacked';
});
jest.spyOn(fs, 'readdirSync').mockReturnValue(['jdk'] as any);
spyCacheDir = jest.spyOn(tc, 'cacheDir');
spyCacheDir.mockImplementation(async () => {
return '/tmp/cached';
});
jest
.spyOn(util, 'renameWinArchive')
.mockImplementation((archivePath: string) => `${archivePath}.zip`);
spyVerifySignature = jest.spyOn(gpg, 'verifyPackageSignature');
spyVerifySignature.mockImplementation(async () => {});
});
afterEach(() => {
jest.restoreAllMocks();
});
it('verifies signature when enabled', async () => {
const signedDistribution = new MicrosoftDistributions({
version: '17',
architecture: 'x64',
packageType: 'jdk',
checkLatest: false,
verifySignature: true
});
await signedDistribution['downloadTool']({
version: '17.0.14+7',
url: 'https://example.com/jdk.tar.gz',
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
});
expect(spyVerifySignature).toHaveBeenCalledWith(
'/tmp/jdk.tar.gz',
'https://example.com/jdk.tar.gz.sig',
MICROSOFT_PUBLIC_KEY
);
});
it('uses custom public key when verifySignaturePublicKey is provided', async () => {
const customKey =
'-----BEGIN PGP PUBLIC KEY BLOCK-----\ncustom\n-----END PGP PUBLIC KEY BLOCK-----';
const signedDistribution = new MicrosoftDistributions({
version: '17',
architecture: 'x64',
packageType: 'jdk',
checkLatest: false,
verifySignature: true,
verifySignaturePublicKey: customKey
});
await signedDistribution['downloadTool']({
version: '17.0.14+7',
url: 'https://example.com/jdk.tar.gz',
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
});
expect(spyVerifySignature).toHaveBeenCalledWith(
'/tmp/jdk.tar.gz',
'https://example.com/jdk.tar.gz.sig',
customKey
);
});
it('fails when signature is missing and verification is enabled', async () => {
const signedDistribution = new MicrosoftDistributions({
version: '17',
architecture: 'x64',
packageType: 'jdk',
checkLatest: false,
verifySignature: true
});
await expect(
signedDistribution['downloadTool']({
version: '17.0.14+7',
url: 'https://example.com/jdk.tar.gz'
})
).rejects.toThrow(
"Input 'verify-signature' is enabled, but no signature URL was found for Microsoft Build of OpenJDK version 17.0.14+7."
);
expect(spyVerifySignature).not.toHaveBeenCalled();
});
it('supports signature verification', () => {
expect(distribution['supportsSignatureVerification']()).toBe(true);
});
});
@@ -1,10 +1,15 @@
import {HttpClient} from '@actions/http-client';
import * as tc from '@actions/tool-cache';
import fs from 'fs';
import os from 'os';
import {
TemurinDistribution,
TemurinImplementation
TemurinImplementation,
ADOPTIUM_PUBLIC_KEY
} from '../../src/distributions/temurin/installer';
import {JavaInstallerOptions} from '../../src/distributions/base-models';
import * as util from '../../src/util';
import * as gpg from '../../src/gpg';
import manifestData from '../data/temurin.json';
import * as core from '@actions/core';
@@ -231,6 +236,7 @@ describe('findPackageForDownload', () => {
distribution['getAvailableVersions'] = async () => manifestData as any;
const resolvedVersion = await distribution['findPackageForDownload'](input);
expect(resolvedVersion.version).toBe(expected);
expect(resolvedVersion.signatureUrl).toBeDefined();
});
it('version is found but binaries list is empty', async () => {
@@ -281,3 +287,109 @@ describe('findPackageForDownload', () => {
);
});
});
describe('downloadTool', () => {
let spyDownloadTool: jest.SpyInstance;
let spyVerifySignature: jest.SpyInstance;
let spyExtractJdkFile: jest.SpyInstance;
let spyCacheDir: jest.SpyInstance;
let spyReadDirSync: jest.SpyInstance;
let spyRenameWinArchive: jest.SpyInstance;
beforeEach(() => {
spyDownloadTool = jest.spyOn(tc, 'downloadTool');
spyDownloadTool.mockResolvedValue('/tmp/jdk.tar.gz');
spyVerifySignature = jest.spyOn(gpg, 'verifyPackageSignature');
spyVerifySignature.mockResolvedValue(undefined);
spyExtractJdkFile = jest.spyOn(util, 'extractJdkFile');
spyExtractJdkFile.mockResolvedValue('/tmp/extracted');
spyCacheDir = jest.spyOn(tc, 'cacheDir');
spyCacheDir.mockResolvedValue('/tmp/toolcache');
spyReadDirSync = jest.spyOn(fs, 'readdirSync');
spyReadDirSync.mockReturnValue(['jdk-17'] as any);
spyRenameWinArchive = jest.spyOn(util, 'renameWinArchive');
spyRenameWinArchive.mockReturnValue('/tmp/jdk.tar.gz.zip');
});
afterEach(() => {
jest.resetAllMocks();
jest.clearAllMocks();
jest.restoreAllMocks();
});
it('verifies signature when enabled', async () => {
const distribution = new TemurinDistribution(
{
version: '17',
architecture: 'x64',
packageType: 'jdk',
checkLatest: false,
verifySignature: true
},
TemurinImplementation.Hotspot
);
await distribution['downloadTool']({
version: '17.0.14+7',
url: 'https://example.com/jdk.tar.gz',
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
});
expect(spyVerifySignature).toHaveBeenCalledWith(
'/tmp/jdk.tar.gz',
'https://example.com/jdk.tar.gz.sig',
ADOPTIUM_PUBLIC_KEY
);
});
it('fails when signature is missing and verification is enabled', async () => {
const distribution = new TemurinDistribution(
{
version: '17',
architecture: 'x64',
packageType: 'jdk',
checkLatest: false,
verifySignature: true
},
TemurinImplementation.Hotspot
);
await expect(
distribution['downloadTool']({
version: '17.0.14+7',
url: 'https://example.com/jdk.tar.gz'
})
).rejects.toThrow(
"Input 'verify-signature' is enabled, but no signature URL was found"
);
expect(spyVerifySignature).not.toHaveBeenCalled();
});
it('uses custom public key when verifySignaturePublicKey is provided', async () => {
const customKey =
'-----BEGIN PGP PUBLIC KEY BLOCK-----\ncustom\n-----END PGP PUBLIC KEY BLOCK-----';
const distribution = new TemurinDistribution(
{
version: '17',
architecture: 'x64',
packageType: 'jdk',
checkLatest: false,
verifySignature: true,
verifySignaturePublicKey: customKey
},
TemurinImplementation.Hotspot
);
await distribution['downloadTool']({
version: '17.0.14+7',
url: 'https://example.com/jdk.tar.gz',
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
});
expect(spyVerifySignature).toHaveBeenCalledWith(
'/tmp/jdk.tar.gz',
'https://example.com/jdk.tar.gz.sig',
customKey
);
});
});