cicd/setup-java
1
0
Fork 0
mirror of https://github.com/actions/setup-java.git synced 2026-06-24 00:30:28 +03:00
Code Issues Packages Projects Releases Wiki Activity
494 Commits 30 Branches 58 Tags
1bcf9fb12cf4aa7d266a90ae39939e61372fe520
Commit Graph

10 Commits

Author SHA1 Message Date
Bruno Borges 1d25252804 chore: Harden workflows: least-privilege permissions + zizmor integration (#1039) 
* Harden workflows with least-privilege permissions and zizmor

Apply GitHub Actions security best practices to the action's own
workflows and integrate zizmor to catch regressions.

- Add explicit least-privilege `permissions:` to every workflow
  (contents: read for read-only workflows; default-deny `{}` with
  job-scoped grants for codeql, publish-immutable-actions and
  update-config-files).
- Set `persist-credentials: false` on all checkout steps that don't
  need the GITHUB_TOKEN afterwards.
- Move `${{ ... }}` expansions out of `run:` blocks into `env:` vars
  to avoid template injection.
- Pin the alpine container image (alpine:latest -> alpine:3.21).
- Add a zizmor CI workflow that uploads SARIF to code scanning, plus a
  `.github/zizmor.yml` pinning policy (ref-pin for actions/* and
  github/*, hash-pin for third-party actions).

zizmor now reports no findings (offline and online).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Fix indentation of if: in zizmor SARIF upload step

The `if:` key on the "Upload SARIF results to code scanning" step had no
indentation, producing invalid YAML ("Nested mappings are not allowed in
compact mappings"). This broke `npm run format-check` (prettier) in Basic
validation.

Indent `if:` to 8 spaces so it nests under the step alongside uses/with.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-06-23 18:10:17 +01:00
dependabot[bot] bf0c0e6df3 Bump actions/checkout from 6 to 7 (#1032) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bruno Borges <brborges@microsoft.com>
 2026-06-22 17:15:27 -04:00
dependabot[bot] f7a6fefba9 Bump actions/checkout from 5 to 6 (#961) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-21 20:37:24 -06:00
dependabot[bot] dded088883 Bump actions/checkout from 4 to 5 (#896) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-20 21:56:38 -05:00
K.B.Dharun Krishna a2374547df feat: bump actions/checkout and actions/setup-java to v4 (#533) 
* eat: bump to use node20 runtime, actions/checkout to v4

* docs: update version of setup-java in documentation and e2e tests

---------

Co-authored-by: Ivan Zosimov <ivanzosimov@github.com>
 2023-12-01 11:16:32 +01:00
IvanZosimov 1eb7169fc2 Update workflows 2022-12-15 16:10:53 +01:00
Dmitry Shibanov cd35109007 Bump actions to v3 (#314) 2022-04-07 12:25:49 +02:00
Jochen Schalanda 4b1b3d4a82 Add support for Eclipse Temurin (#201) 
* Add support for Adoptium OpenJDK

Refs https://github.com/actions/setup-java/issues/191

* Rename distribution to Eclipse Temurin

* Update end-to-end tests in GitHub workflows

* Exclude e2e tests for Temurin JREs for now

* fix version

* Update e2e-versions.yml

* Handle Eclipse Temurin version suffixes ("beta")

* Add test for new version suffix "beta"

* Add updated `index.js`

* fix an issue

Co-authored-by: Maxim Lobanov <maxim-lobanov@github.com>
 2021-08-06 13:12:36 +03:00
Maxim Lobanov 8764a52df1 Rename v2-preview to v2 in docs and tests (#151) 2021-04-05 13:14:38 +03:00
Maxim Lobanov b53500dabc Merge "v2-preview" branch into "main" (#150) 
* actions/setup-java@v2 - Support different distributions (#132)

* Implement support for custom vendors in setup-java

* minor improvements

* minor refactoring

* Add unit tests and e2e tests

* Update documentation for setup-java@v2 release

* minor improvements

* regenerate dist

* fix comments

* resolve comments

* resolve comments

* fix tests

* Update README.md

Co-authored-by: George Adams <george.adams@microsoft.com>

* Apply suggestions from code review

Co-authored-by: Konrad Pabjan <konradpabjan@github.com>

* fix minor nitpicks

* handle 4th digit

* pull latest main

* Update README.md

* rename adoptium to adopt

* rename adoptium to adopt

* rename adoptium to adopt

* Update README.md

* make java-version and distribution required for action

* update readme

* fix tests

* fix e2e tests

Co-authored-by: George Adams <george.adams@microsoft.com>
Co-authored-by: Konrad Pabjan <konradpabjan@github.com>

* Add "overwrite-settings" input parameter (#136)

* add overwrite-settings parameter

* fix e2e tests

* print debug

* fix e2e tests

* add comment

* remove comment

* Add "Contents/Home" postfix on macOS if provider creates it (#139)

* Update e2e-versions.yml

* Update e2e-versions.yml

* implement fix

* Update e2e-versions.yml

* Update installer.ts

* fix filter logic

* Update e2e-versions.yml

* remove extra logic

* Update e2e-versions.yml

* Add check-latest flag (#141)

* add changes for check-latest

* run prerelease script

* resolving comments

* fixing tests

* fix spelling

* improve core.info messages

* run format

* run prerelease

* change version to fix test

* resolve comment for check-latest

* Update README.md

* added hosted tool cache section

* Apply suggestions from code review

Co-authored-by: Maxim Lobanov <v-malob@microsoft.com>
Co-authored-by: Konrad Pabjan <konradpabjan@github.com>

* Avoid "+" sign in Java path in v2-preview (#145)

* try to handle _ versions

* more logs

* more debug

* test 1

* more fixes

* fix typo

* Update e2e-versions.yml

* add unit-tests

* remove debug info from tests

* debug pre-cached versions

* change e2e tests to ubuntu-latest

* update npm licenses

Co-authored-by: George Adams <george.adams@microsoft.com>
Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
Co-authored-by: Dmitry Shibanov <dmitry-shibanov@github.com>
 2021-04-05 13:02:27 +03:00