Fix prettier formatting in base installer test

- Refactor setJavaDefault to delegate shared output/env logic to
  setJavaEnvironment, avoiding duplication between the two.
- Document that set-default applies to all JDKs in a multiline
  java-version, and that installed JDKs remain registered in Maven
  toolchains regardless of set-default.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

.github/workflows/e2e-versions.yml

@@ -545,3 +545,77 @@ jobs:
       - name: Verify Java
         run: bash __tests__/verify-java.sh "17.0.10" "${{ steps.setup-java.outputs.path }}"
         shell: bash
+
+  setup-java-set-default:
+    name: set-default option - ${{ matrix.os }}
+    needs: setup-java-major-versions
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Setup Java 17 as default
+        uses: ./
+        id: setup-java-17
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Java 21 without setting as default
+        uses: ./
+        id: setup-java-21
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          set-default: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Verify JAVA_HOME still points to Java 17
+        run: |
+          echo "JAVA_HOME=$JAVA_HOME"
+          echo "Java 17 path=${{ steps.setup-java-17.outputs.path }}"
+          if [ "$JAVA_HOME" != "${{ steps.setup-java-17.outputs.path }}" ]; then
+            echo "JAVA_HOME should still point to Java 17"
+            exit 1
+          fi
+        shell: bash
+      - name: Verify java -version reports Java 17
+        run: |
+          JAVA_VERSION=$(java -version 2>&1 | head -1)
+          echo "java -version: $JAVA_VERSION"
+          if ! echo "$JAVA_VERSION" | grep -q "17"; then
+            echo "Default java should still be version 17"
+            exit 1
+          fi
+        shell: bash
+      - name: Verify JAVA_HOME_21 env var is set
+        run: |
+          $envName = "JAVA_HOME_21_${env:RUNNER_ARCH}"
+          $JavaVersionPath = [Environment]::GetEnvironmentVariable($envName)
+          if (-not $JavaVersionPath) {
+            Write-Host "$envName is not set"
+            exit 1
+          }
+          if (-not (Test-Path "$JavaVersionPath")) {
+            Write-Host "$envName path does not exist: $JavaVersionPath"
+            exit 1
+          }
+          Write-Host "$envName=$JavaVersionPath"
+        shell: pwsh
+      - name: Verify Java 21 outputs are set
+        run: |
+          echo "Java 21 path=${{ steps.setup-java-21.outputs.path }}"
+          echo "Java 21 version=${{ steps.setup-java-21.outputs.version }}"
+          if [ -z "${{ steps.setup-java-21.outputs.path }}" ]; then
+            echo "Java 21 path output should be set"
+            exit 1
+          fi
+          if [ -z "${{ steps.setup-java-21.outputs.version }}" ]; then
+            echo "Java 21 version output should be set"
+            exit 1
+          fi
+        shell: bash

README.md

@@ -41,6 +41,8 @@ For more details,  see the full release notes on the [releases page](https://git
 
   - `check-latest`: Setting this option makes the action to check for the latest available version for the version spec.
 
+  - `set-default`: Set to `false` to install a JDK without making it the default. When `false`, `JAVA_HOME` and `PATH` are not updated, but `JAVA_HOME_<major>_<arch>` is still set so the JDK remains discoverable. Default value: `true`. See [Installing JDK without setting as default](docs/advanced-usage.md#Installing-JDK-without-setting-as-default) for more details.
+
   - `cache`: Quick [setup caching](#caching-packages-dependencies) for the dependencies managed through one of the predefined package managers. It can be one of "maven", "gradle" or "sbt".
 
   - `cache-dependency-path`: The path to a dependency file: pom.xml, build.gradle, build.sbt, etc. This option can be used with the `cache` option. If this option is omitted, the action searches for the dependency file in the entire repository. This option supports wildcards and a list of file names for caching multiple dependencies.
@@ -76,7 +78,7 @@ steps:
   with:
     distribution: 'temurin' # See 'Supported distributions' for available options
     java-version: '25'
-- run: java HelloWorldApp.java
+- run: java --version
 ```
 
 #### Azul Zulu OpenJDK
@@ -87,7 +89,7 @@ steps:
   with:
     distribution: 'zulu' # See 'Supported distributions' for available options
     java-version: '25'
-- run: java HelloWorldApp.java
+- run: java --version
 ```
 
 #### Supported version syntax
@@ -221,7 +223,7 @@ steps:
     distribution: 'temurin'
     java-version: '25'
     check-latest: true
-- run: java HelloWorldApp.java
+- run: java --version
 ```
 
 ### Testing against different Java versions
@@ -240,7 +242,7 @@ jobs:
         with:
           distribution: '<distribution>'
           java-version: ${{ matrix.java }}
-      - run: java HelloWorldApp.java
+      - run: java --version
 ```
 
 ### Install multiple JDKs

__tests__/distributors/base-installer.test.ts

@@ -545,6 +545,110 @@ describe('setupJava', () => {
     expect(spyCoreExportVariable).not.toHaveBeenCalled();
     expect(spyCoreSetOutput).not.toHaveBeenCalled();
   });
+
+  it('should not set JAVA_HOME and PATH when setDefault is false', async () => {
+    mockJavaBase = new EmptyJavaBase({
+      version: '11',
+      architecture: 'x86',
+      packageType: 'jdk',
+      checkLatest: false,
+      setDefault: false
+    });
+    await expect(mockJavaBase.setupJava()).resolves.toEqual({
+      version: installedJavaVersion,
+      path: javaPath
+    });
+    expect(spyCoreExportVariable).not.toHaveBeenCalledWith(
+      'JAVA_HOME',
+      expect.anything()
+    );
+    expect(spyCoreAddPath).not.toHaveBeenCalled();
+    expect(spyCoreExportVariable).toHaveBeenCalledWith(
+      'JAVA_HOME_11_X86',
+      javaPath
+    );
+    expect(spyCoreSetOutput).toHaveBeenCalledWith(
+      'version',
+      installedJavaVersion
+    );
+    expect(spyCoreSetOutput).toHaveBeenCalledWith('path', javaPath);
+    expect(spyCoreSetOutput).toHaveBeenCalledWith('distribution', 'Empty');
+    expect(spyCoreInfo).toHaveBeenCalledWith(
+      `Installing Java ${installedJavaVersion} (not setting as default)`
+    );
+  });
+
+  it('should set JAVA_HOME and PATH when setDefault is true', async () => {
+    mockJavaBase = new EmptyJavaBase({
+      version: '11',
+      architecture: 'x86',
+      packageType: 'jdk',
+      checkLatest: false,
+      setDefault: true
+    });
+    await expect(mockJavaBase.setupJava()).resolves.toEqual({
+      version: installedJavaVersion,
+      path: javaPath
+    });
+    expect(spyCoreExportVariable).toHaveBeenCalledWith('JAVA_HOME', javaPath);
+    expect(spyCoreAddPath).toHaveBeenCalledWith(path.join(javaPath, 'bin'));
+    expect(spyCoreExportVariable).toHaveBeenCalledWith(
+      'JAVA_HOME_11_X86',
+      javaPath
+    );
+    expect(spyCoreInfo).toHaveBeenCalledWith(
+      `Setting Java ${installedJavaVersion} as the default`
+    );
+  });
+
+  it('should default to setting as default when setDefault is not specified', async () => {
+    mockJavaBase = new EmptyJavaBase({
+      version: '11',
+      architecture: 'x86',
+      packageType: 'jdk',
+      checkLatest: false
+    });
+    await expect(mockJavaBase.setupJava()).resolves.toEqual({
+      version: installedJavaVersion,
+      path: javaPath
+    });
+    expect(spyCoreExportVariable).toHaveBeenCalledWith('JAVA_HOME', javaPath);
+    expect(spyCoreAddPath).toHaveBeenCalledWith(path.join(javaPath, 'bin'));
+    expect(spyCoreInfo).toHaveBeenCalledWith(
+      `Setting Java ${installedJavaVersion} as the default`
+    );
+  });
+
+  it('should download and not set default when setDefault is false', async () => {
+    mockJavaBase = new EmptyJavaBase({
+      version: '11',
+      architecture: 'x64',
+      packageType: 'jdk',
+      checkLatest: false,
+      setDefault: false
+    });
+    await expect(mockJavaBase.setupJava()).resolves.toEqual({
+      version: '11.0.9',
+      path: path.join('toolcache', 'Java_Empty_jdk', '11.0.9', 'x64')
+    });
+    expect(spyCoreExportVariable).not.toHaveBeenCalledWith(
+      'JAVA_HOME',
+      expect.anything()
+    );
+    expect(spyCoreAddPath).not.toHaveBeenCalled();
+    expect(spyCoreExportVariable).toHaveBeenCalledWith(
+      'JAVA_HOME_11_X64',
+      path.join('toolcache', 'Java_Empty_jdk', '11.0.9', 'x64')
+    );
+    expect(spyCoreSetOutput).toHaveBeenCalledWith('version', '11.0.9');
+    expect(spyCoreSetOutput).toHaveBeenCalledWith(
+      'path',
+      path.join('toolcache', 'Java_Empty_jdk', '11.0.9', 'x64')
+    );
+    expect(spyCoreInfo).toHaveBeenCalledWith(
+      'Installing Java 11.0.9 (not setting as default)'
+    );
+  });
 });
 
 describe('normalizeVersion', () => {

action.yml

@@ -26,6 +26,10 @@ inputs:
     description: 'Set this option if you want the action to check for the latest available version that satisfies the version spec'
     required: false
     default: false
+  set-default:
+    description: 'Set this option to false if you want to install a JDK but not make it the default. When false, JAVA_HOME and PATH are not updated, but JAVA_HOME_<major>_<arch> is still set.'
+    required: false
+    default: true
   server-id:
     description: 'ID of the distributionManagement repository in the pom.xml
        file. Default is `github`'

dist/cleanup/index.js

@@ -52241,7 +52241,7 @@ else {
 "use strict";
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
+exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_SET_DEFAULT = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
 exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
 exports.INPUT_JAVA_VERSION = 'java-version';
 exports.INPUT_JAVA_VERSION_FILE = 'java-version-file';
@@ -52250,6 +52250,7 @@ exports.INPUT_JAVA_PACKAGE = 'java-package';
 exports.INPUT_DISTRIBUTION = 'distribution';
 exports.INPUT_JDK_FILE = 'jdkFile';
 exports.INPUT_CHECK_LATEST = 'check-latest';
+exports.INPUT_SET_DEFAULT = 'set-default';
 exports.INPUT_SERVER_ID = 'server-id';
 exports.INPUT_SERVER_USERNAME = 'server-username';
 exports.INPUT_SERVER_PASSWORD = 'server-password';

dist/setup/index.js

@@ -78000,7 +78000,7 @@ function isProbablyGradleDaemonProblem(packageManager, error) {
 "use strict";
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
+exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_SET_DEFAULT = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
 exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
 exports.INPUT_JAVA_VERSION = 'java-version';
 exports.INPUT_JAVA_VERSION_FILE = 'java-version-file';
@@ -78009,6 +78009,7 @@ exports.INPUT_JAVA_PACKAGE = 'java-package';
 exports.INPUT_DISTRIBUTION = 'distribution';
 exports.INPUT_JDK_FILE = 'jdkFile';
 exports.INPUT_CHECK_LATEST = 'check-latest';
+exports.INPUT_SET_DEFAULT = 'set-default';
 exports.INPUT_SERVER_ID = 'server-id';
 exports.INPUT_SERVER_USERNAME = 'server-username';
 exports.INPUT_SERVER_PASSWORD = 'server-password';
@@ -78317,6 +78318,10 @@ class JavaBase {
         this.architecture = installerOptions.architecture || os_1.default.arch();
         this.packageType = installerOptions.packageType;
         this.checkLatest = installerOptions.checkLatest;
+        this.setDefault =
+            installerOptions.setDefault !== undefined
+                ? installerOptions.setDefault
+                : true;
     }
     setupJava() {
         var _a, _b;
@@ -78432,8 +78437,14 @@ class JavaBase {
             if (process.platform === 'darwin' && fs.existsSync(macOSPostfixPath)) {
                 foundJava.path = macOSPostfixPath;
             }
-            core.info(`Setting Java ${foundJava.version} as the default`);
-            this.setJavaDefault(foundJava.version, foundJava.path);
+            if (this.setDefault) {
+                core.info(`Setting Java ${foundJava.version} as the default`);
+                this.setJavaDefault(foundJava.version, foundJava.path);
+            }
+            else {
+                core.info(`Installing Java ${foundJava.version} (not setting as default)`);
+                this.setJavaEnvironment(foundJava.version, foundJava.path);
+            }
             return foundJava;
         });
     }
@@ -78531,9 +78542,12 @@ class JavaBase {
         return error;
     }
     setJavaDefault(version, toolPath) {
-        const majorVersion = version.split('.')[0];
         core.exportVariable('JAVA_HOME', toolPath);
         core.addPath(path_1.default.join(toolPath, 'bin'));
+        this.setJavaEnvironment(version, toolPath);
+    }
+    setJavaEnvironment(version, toolPath) {
+        const majorVersion = version.split('.')[0];
         core.setOutput('distribution', this.distribution);
         core.setOutput('path', toolPath);
         core.setOutput('version', version);
@@ -79730,8 +79744,14 @@ class LocalDistribution extends base_installer_1.JavaBase {
             if (process.platform === 'darwin' && fs_1.default.existsSync(macOSPostfixPath)) {
                 foundJava.path = macOSPostfixPath;
             }
-            core.info(`Setting Java ${foundJava.version} as default`);
-            this.setJavaDefault(foundJava.version, foundJava.path);
+            if (this.setDefault) {
+                core.info(`Setting Java ${foundJava.version} as the default`);
+                this.setJavaDefault(foundJava.version, foundJava.path);
+            }
+            else {
+                core.info(`Installing Java ${foundJava.version} (not setting as default)`);
+                this.setJavaEnvironment(foundJava.version, foundJava.path);
+            }
             return foundJava;
         });
     }
@@ -80955,6 +80975,7 @@ function run() {
             const cache = core.getInput(constants.INPUT_CACHE);
             const cacheDependencyPath = core.getInput(constants.INPUT_CACHE_DEPENDENCY_PATH);
             const checkLatest = (0, util_1.getBooleanInput)(constants.INPUT_CHECK_LATEST, false);
+            const setDefault = (0, util_1.getBooleanInput)(constants.INPUT_SET_DEFAULT, true);
             let toolchainIds = core.getMultilineInput(constants.INPUT_MVN_TOOLCHAIN_ID);
             core.startGroup('Installed distributions');
             if (versions.length !== toolchainIds.length) {
@@ -80967,6 +80988,7 @@ function run() {
                 architecture,
                 packageType,
                 checkLatest,
+                setDefault,
                 distributionName,
                 jdkFile,
                 toolchainIds
@@ -81000,11 +81022,12 @@ function run() {
 run();
 function installVersion(version, options, toolchainId = 0) {
     return __awaiter(this, void 0, void 0, function* () {
-        const { distributionName, jdkFile, architecture, packageType, checkLatest, toolchainIds } = options;
+        const { distributionName, jdkFile, architecture, packageType, checkLatest, setDefault, toolchainIds } = options;
         const installerOptions = {
             architecture,
             packageType,
             checkLatest,
+            setDefault,
             version
         };
         const distribution = (0, distribution_factory_1.getJavaDistribution)(distributionName, installerOptions, jdkFile);

docs/advanced-usage.md

@@ -12,7 +12,9 @@
   - [GraalVM](#GraalVM)
   - [JetBrains](#JetBrains)
 - [Installing custom Java package type](#Installing-custom-Java-package-type)
+  - [JavaFX Maven project](#JavaFX-Maven-project)
 - [Installing custom Java architecture](#Installing-custom-Java-architecture)
+- [Installing JDK without setting as default](#Installing-JDK-without-setting-as-default)
 - [Installing custom Java distribution from local file](#Installing-Java-from-local-file)
 - [Testing against different Java distributions](#Testing-against-different-Java-distributions)
 - [Testing against different platforms](#Testing-against-different-platforms)
@@ -21,6 +23,7 @@
 - [Hosted Tool Cache](#Hosted-Tool-Cache)
 - [Modifying Maven Toolchains](#Modifying-Maven-Toolchains)
 - [Java-version file](#Java-version-file)
+- [Self-signed certificates and internal CAs (GitHub Enterprise)](#Self-signed-certificates-and-internal-CAs-GitHub-Enterprise)
 
 See [action.yml](../action.yml) for more details on task inputs.
 
@@ -36,7 +39,7 @@ steps:
   with:
     distribution: 'temurin'
     java-version: '21'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### Adopt
@@ -49,7 +52,7 @@ steps:
   with:
     distribution: 'adopt-hotspot'
     java-version: '11'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### Zulu
@@ -62,7 +65,7 @@ steps:
     distribution: 'zulu'
     java-version: '21'
     java-package: jdk # optional (jdk, jre, jdk+fx or jre+fx) - defaults to jdk
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### Liberica
@@ -75,7 +78,7 @@ steps:
     distribution: 'liberica'
     java-version: '21'
     java-package: jdk # optional (jdk, jre, jdk+fx or jre+fx) - defaults to jdk
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### Microsoft
@@ -87,7 +90,7 @@ steps:
   with:
     distribution: 'microsoft'
     java-version: '21'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### Using Microsoft distribution on GHES
@@ -116,7 +119,7 @@ steps:
   with:
     distribution: 'corretto'
     java-version: '21'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### Oracle
@@ -129,7 +132,7 @@ steps:
   with:
     distribution: 'oracle'
     java-version: '21'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### Alibaba Dragonwell
@@ -142,7 +145,7 @@ steps:
   with:
     distribution: 'dragonwell'
     java-version: '8'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### SapMachine
@@ -154,7 +157,7 @@ steps:
   with:
     distribution: 'sapmachine'
     java-version: '21'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 ### GraalVM
@@ -168,8 +171,8 @@ steps:
     distribution: 'graalvm'
     java-version: '21'
 - run: |
-    java -cp java HelloWorldApp
-    native-image -cp java HelloWorldApp
+    java --version
+    native-image --version
 ```
 
 ### JetBrains
@@ -186,7 +189,7 @@ steps:
   with:
     distribution: 'jetbrains'
     java-version: '11'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 The JetBrains installer uses the GitHub API to fetch the latest version. If you believe your project is going to be running into rate limits, you can provide a
@@ -202,7 +205,7 @@ steps:
     java-package: 'jdk' # optional (jdk, jre, jdk+jcef, jre+jcef, jdk+ft, or jre+ft) - defaults to jdk
   env:
     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 You can specify your package type (as shown in the [releases page](https://github.com/JetBrains/JetBrainsRuntime/releases/)) in the `java-package` parameter. 
@@ -225,7 +228,31 @@ steps:
     distribution: '<distribution>'
     java-version: '11'
     java-package: jdk # optional (jdk or jre) - defaults to jdk
-- run: java -cp java HelloWorldApp
+- run: java --version
+```
+
+### JavaFX Maven project
+
+For JavaFX projects that use Maven, use `jdk+fx` (or `jre+fx`) as the `java-package` value together with a distribution that supports it (e.g. `zulu` or `liberica`). Then include the [`javafx-maven-plugin`](https://openjfx.io/openjfx-docs/#maven) in your `pom.xml` as described in the [Getting Started with JavaFX](https://openjfx.io/openjfx-docs/#maven) guide.
+
+```yaml
+steps:
+- uses: actions/checkout@v6
+- uses: actions/setup-java@v5
+  with:
+    distribution: 'zulu'
+    java-version: '21'
+    java-package: jdk+fx
+    cache: maven
+- name: Build with Maven
+  run: mvn --no-transfer-progress compile
+```
+
+To run the JavaFX application in CI:
+
+```yaml
+- name: Run with Maven
+  run: mvn --no-transfer-progress javafx:run
 ```
 
 ## Installing custom Java architecture
@@ -238,9 +265,37 @@ steps:
     distribution: '<distribution>'
     java-version: '11'
     architecture: x86 # optional - default value derived from the runner machine
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
+## Installing JDK without setting as default
+
+When installing multiple JDKs, the last one installed becomes the default (`JAVA_HOME`, `PATH`). Use the `set-default` option to install a JDK without overriding the default. The installed JDK is still discoverable via the `JAVA_HOME_<major>_<arch>` environment variable (e.g. `JAVA_HOME_21_X64`).
+
+```yaml
+steps:
+- uses: actions/checkout@v6
+- uses: actions/setup-java@v5
+  with:
+    distribution: 'temurin'
+    java-version: '17'
+- uses: actions/setup-java@v5
+  id: setup-java-21
+  with:
+    distribution: 'temurin'
+    java-version: '21'
+    set-default: false
+- run: |
+    echo "Default java:"
+    java -version
+    echo "Java 21 home: $JAVA_HOME_21_X64"
+    echo "Java 21 path from output: ${{ steps.setup-java-21.outputs.path }}"
+```
+
+In this example, `JAVA_HOME` and `java` on `PATH` point to Java 17, while Java 21 is available via `JAVA_HOME_21_X64` or the step output `path`.
+
+> **Note:** When a single step installs multiple JDKs via a multiline `java-version`, the `set-default` value applies to all of them. With `set-default: false`, none of those JDKs become the default; each remains discoverable through its `JAVA_HOME_<major>_<arch>` variable. Regardless of `set-default`, installed JDKs are still registered in the Maven toolchains file, so they can be selected via Maven toolchains.
+
 ## Installing Java from local file
 If your use-case requires a custom distribution or a version that is not provided by setup-java, you can download it manually and setup-java will take care of the installation and caching on the VM:
 
@@ -256,7 +311,7 @@ steps:
     java-version: '11.0.0'
     architecture: x64
     
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 If your use-case requires a custom distribution (in the example, alpine-linux is used) or a version that is not provided by setup-java and you want to always install the latest version during runtime, then you can use the following code to auto-download the latest JDK, determine the semver needed for setup-java, and setup-java will take care of the installation and caching on the VM:
@@ -281,7 +336,7 @@ If your use-case requires a custom distribution (in the example, alpine-linux is
           jdkFile: ${{ runner.temp }}/java_package.tar.gz
           java-version: {{ steps.fetch_latest_jdk.outputs.java_version }}
           architecture: x64
-       - run: java -cp java HelloWorldApp
+       - run: java --version
 ```
 
 ## Testing against different Java distributions
@@ -302,7 +357,7 @@ jobs:
         with:
           distribution: ${{ matrix.distribution }}
           java-version: ${{ matrix.java }}
-      - run: java -cp java HelloWorldApp
+      - run: java --version
 ```
 
 #### Testing against different platforms
@@ -322,7 +377,7 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: ${{ matrix.java }}
-      - run: java -cp java HelloWorldApp
+      - run: java --version
 ```
 
 ## Publishing using Apache Maven
@@ -580,7 +635,7 @@ steps:
     distribution: 'temurin'
     java-version: '11'
     mvn-toolchain-id: 'some_other_id'
-- run: java -cp java HelloWorldApp
+- run: java --version
 ```
 
 In case you install multiple versions of Java at once you can use the same syntax as used in `java-versions`. Please note that you have to declare an ID for all Java versions that will be installed or the `mvn-toolchain-id` instruction will be skipped wholesale due to mapping ambiguities.
@@ -635,3 +690,94 @@ If the file contains multiple versions, only the first one will be recognized.
 
 ***NOTE***:
 For the tool-version file, ensure that you use standard semantic versioning (semver) formats, as non-standard formats (such as jetbrains-21b212.1) may not be parsed correctly. Additionally, for complex version strings containing multiple version-like segments (for example, java semeru-openj9-11.0.15+10_openj9-0.32.0), the extraction logic may incorrectly capture the last segment (0.32.0) instead of the main version (11.0.15+10).
+
+## Self-signed certificates and internal CAs (GitHub Enterprise)
+
+When `setup-java` dynamically downloads a JDK, it makes HTTPS requests both to fetch the available version metadata and to download the JDK archive. If your runners sit behind a **TLS-inspecting corporate proxy**, or you are on **GitHub Enterprise Server (GHES)** with an internal certificate authority, those requests can fail with an error such as:
+
+```
+Error: self signed certificate in certificate chain
+```
+
+This happens because the certificate presented to the runner is signed by an **internal or self-signed CA** that is not part of the runner's default trust store. The download itself is fine — the runner simply cannot verify the certificate chain.
+
+### Recommended fix: trust your internal CA
+
+The secure way to resolve this is to make the runner trust your organization's CA, which keeps TLS verification fully enabled. `setup-java` runs on Node.js, which honors the [`NODE_EXTRA_CA_CERTS`](https://nodejs.org/api/cli.html#node_extra_ca_certsfile) environment variable. Point it at your CA bundle (in PEM format) **before** the `actions/setup-java` step:
+
+```yaml
+steps:
+  # The CA bundle is already present on the runner image in this example.
+  # Alternatively, write it from a secret in a previous step.
+  - name: Trust the internal CA
+    run: echo "NODE_EXTRA_CA_CERTS=/etc/ssl/certs/internal-ca.pem" >> "$GITHUB_ENV"
+
+  - uses: actions/setup-java@v5
+    with:
+      distribution: 'temurin'
+      java-version: '21'
+```
+
+If you keep the certificate in a secret rather than on the runner image, write it to disk first:
+
+```yaml
+steps:
+  - name: Write and trust the internal CA
+    run: |
+      echo "${{ secrets.INTERNAL_CA_PEM }}" > "${RUNNER_TEMP}/internal-ca.pem"
+      echo "NODE_EXTRA_CA_CERTS=${RUNNER_TEMP}/internal-ca.pem" >> "$GITHUB_ENV"
+
+  - uses: actions/setup-java@v5
+    with:
+      distribution: 'temurin'
+      java-version: '21'
+```
+
+For **self-hosted runners**, you can instead install your CA into the operating system's trust store (for example, `update-ca-certificates` on Debian/Ubuntu or `update-ca-trust` on RHEL). This makes the certificate trusted for all tooling on the runner, not just `setup-java`.
+
+### GitHub Enterprise customers
+
+On **GitHub Enterprise Server**, traffic from your runners frequently passes through an organization-managed proxy or terminates TLS at an appliance using a certificate from an internal CA. If your workflows hit the error above, set `NODE_EXTRA_CA_CERTS` to your enterprise CA bundle (or bake the CA into your self-hosted runner image) as shown above. Coordinate with your platform team to obtain the correct PEM bundle for your appliance and proxy chain.
+
+### Security warning: do not disable certificate verification
+
+Do **not** work around this error by disabling TLS verification (for example, by setting `NODE_TLS_REJECT_UNAUTHORIZED=0`). `setup-java` does not verify a pinned checksum or signature of the downloaded archive, so **TLS is effectively the only integrity guarantee** on the JDK download. Disabling verification would expose your workflow to a man-in-the-middle attacker who could serve a tampered JDK — which then becomes the `java` used by the rest of your pipeline, with access to your secrets and credentials. Always extend trust to your CA instead of turning verification off.
+
+### Trusting an internal CA inside the installed JDK
+
+The guidance above makes the **runner** trust your CA so that the JDK can be *downloaded*. That is a separate layer from making the **installed JDK** trust your CA at *application runtime*. If your build steps (Maven/Gradle dependency resolution, integration tests, HTTPS calls from your app, etc.) connect to internal services that present a certificate from your internal CA, the JDK will reject them with errors such as:
+
+```
+PKIX path building failed: unable to find valid certification path to requested target
+```
+
+The JDK keeps its own trust store — a keystore named `cacerts` under `$JAVA_HOME/lib/security/cacerts` — which is independent of the operating system and Node trust stores. After `setup-java` has run (so that `JAVA_HOME` points at the freshly installed JDK), import your CA into that keystore with `keytool`:
+
+```yaml
+steps:
+  - uses: actions/setup-java@v5
+    with:
+      distribution: 'temurin'
+      java-version: '21'
+
+  - name: Import internal CA into the JDK trust store
+    shell: bash
+    run: |
+      # Write the CA from a secret (or reference a file already on the runner)
+      echo "${{ secrets.INTERNAL_CA_PEM }}" > "${RUNNER_TEMP}/internal-ca.pem"
+      keytool -importcert -noprompt \
+        -alias internal-ca \
+        -file "${RUNNER_TEMP}/internal-ca.pem" \
+        -keystore "${JAVA_HOME}/lib/security/cacerts" \
+        -storepass changeit
+```
+
+Notes and caveats:
+
+- The default keystore password for `cacerts` is `changeit` unless your distribution overrides it.
+- On **hosted runners** the change applies only to the current job's JDK and is discarded when the job ends, so include the import step in every job that needs it.
+- On **self-hosted runners**, importing into a tool-cache JDK persists for as long as that cached version remains on the runner; if you want it to survive JDK reinstalls, pre-seed the CA into your runner image or re-run the import step each time.
+- Prefer giving the certificate a stable, descriptive `-alias` so re-runs are idempotent (re-importing the same alias will fail; add `keytool -delete -alias internal-ca ...` first if you re-run within a long-lived runner).
+
+This documents the post-install workflow; there is no dedicated action input for supplying a custom `cacerts` file.
+

src/constants.ts

@@ -6,6 +6,7 @@ export const INPUT_JAVA_PACKAGE = 'java-package';
 export const INPUT_DISTRIBUTION = 'distribution';
 export const INPUT_JDK_FILE = 'jdkFile';
 export const INPUT_CHECK_LATEST = 'check-latest';
+export const INPUT_SET_DEFAULT = 'set-default';
 export const INPUT_SERVER_ID = 'server-id';
 export const INPUT_SERVER_USERNAME = 'server-username';
 export const INPUT_SERVER_PASSWORD = 'server-password';

src/distributions/base-installer.ts

@@ -20,6 +20,7 @@ export abstract class JavaBase {
   protected packageType: string;
   protected stable: boolean;
   protected checkLatest: boolean;
+  protected setDefault: boolean;
 
   constructor(
     protected distribution: string,
@@ -36,6 +37,10 @@ export abstract class JavaBase {
     this.architecture = installerOptions.architecture || os.arch();
     this.packageType = installerOptions.packageType;
     this.checkLatest = installerOptions.checkLatest;
+    this.setDefault =
+      installerOptions.setDefault !== undefined
+        ? installerOptions.setDefault
+        : true;
   }
 
   protected abstract downloadTool(
@@ -169,8 +174,15 @@ export abstract class JavaBase {
       foundJava.path = macOSPostfixPath;
     }
 
-    core.info(`Setting Java ${foundJava.version} as the default`);
-    this.setJavaDefault(foundJava.version, foundJava.path);
+    if (this.setDefault) {
+      core.info(`Setting Java ${foundJava.version} as the default`);
+      this.setJavaDefault(foundJava.version, foundJava.path);
+    } else {
+      core.info(
+        `Installing Java ${foundJava.version} (not setting as default)`
+      );
+      this.setJavaEnvironment(foundJava.version, foundJava.path);
+    }
 
     return foundJava;
   }
@@ -298,9 +310,13 @@ export abstract class JavaBase {
   }
 
   protected setJavaDefault(version: string, toolPath: string) {
-    const majorVersion = version.split('.')[0];
     core.exportVariable('JAVA_HOME', toolPath);
     core.addPath(path.join(toolPath, 'bin'));
+    this.setJavaEnvironment(version, toolPath);
+  }
+
+  protected setJavaEnvironment(version: string, toolPath: string) {
+    const majorVersion = version.split('.')[0];
     core.setOutput('distribution', this.distribution);
     core.setOutput('path', toolPath);
     core.setOutput('version', version);

src/distributions/base-models.ts

@@ -3,6 +3,7 @@ export interface JavaInstallerOptions {
   architecture: string;
   packageType: string;
   checkLatest: boolean;
+  setDefault?: boolean;
 }
 
 export interface JavaInstallerResults {

src/distributions/local/installer.ts

@@ -69,9 +69,15 @@ export class LocalDistribution extends JavaBase {
       foundJava.path = macOSPostfixPath;
     }
 
-    core.info(`Setting Java ${foundJava.version} as default`);
-
-    this.setJavaDefault(foundJava.version, foundJava.path);
+    if (this.setDefault) {
+      core.info(`Setting Java ${foundJava.version} as the default`);
+      this.setJavaDefault(foundJava.version, foundJava.path);
+    } else {
+      core.info(
+        `Installing Java ${foundJava.version} (not setting as default)`
+      );
+      this.setJavaEnvironment(foundJava.version, foundJava.path);
+    }
     return foundJava;
   }
 

src/setup-java.ts

@@ -28,6 +28,7 @@ async function run() {
       constants.INPUT_CACHE_DEPENDENCY_PATH
     );
     const checkLatest = getBooleanInput(constants.INPUT_CHECK_LATEST, false);
+    const setDefault = getBooleanInput(constants.INPUT_SET_DEFAULT, true);
     let toolchainIds = core.getMultilineInput(constants.INPUT_MVN_TOOLCHAIN_ID);
 
     core.startGroup('Installed distributions');
@@ -44,6 +45,7 @@ async function run() {
       architecture,
       packageType,
       checkLatest,
+      setDefault,
       distributionName,
       jdkFile,
       toolchainIds
@@ -100,6 +102,7 @@ async function installVersion(
     architecture,
     packageType,
     checkLatest,
+    setDefault,
     toolchainIds
   } = options;
 
@@ -107,6 +110,7 @@ async function installVersion(
     architecture,
     packageType,
     checkLatest,
+    setDefault,
     version
   };
 
@@ -141,6 +145,7 @@ interface installerInputsOptions {
   architecture: string;
   packageType: string;
   checkLatest: boolean;
+  setDefault: boolean;
   distributionName: string;
   jdkFile: string;
   toolchainIds: Array<string>;