docs: add post-install keytool import for the JDK cacerts trust store

Document how to make the installed JDK trust an internal CA at application
runtime by importing it into $JAVA_HOME/lib/security/cacerts with keytool
after setup-java runs. Clarifies this is the runtime trust layer, distinct
from the download/transport layer (NODE_EXTRA_CA_CERTS), and notes hosted vs
self-hosted persistence caveats.

Refs #640 #1035

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

README.md

@@ -129,7 +129,7 @@ Currently, the following distributions are supported:
 The action has a built-in functionality for caching and restoring dependencies. It uses [toolkit/cache](https://github.com/actions/toolkit/tree/main/packages/cache) under hood for caching dependencies but requires less configuration settings. Supported package managers are gradle, maven and sbt. The format of the used cache key is `setup-java-${{ platform }}-${{ packageManager }}-${{ fileHash }}`, where the hash is based on the following files:
 
 - gradle: `**/*.gradle*`, `**/gradle-wrapper.properties`, `buildSrc/**/Versions.kt`, `buildSrc/**/Dependencies.kt`, `gradle/*.versions.toml`, and `**/versions.properties`
-- maven: `**/pom.xml`, `**/.mvn/wrapper/maven-wrapper.properties`, and `**/.mvn/extensions.xml`
+- maven: `**/pom.xml` and `**/.mvn/wrapper/maven-wrapper.properties`
 - sbt: all sbt build definition files `**/*.sbt`, `**/project/build.properties`, `**/project/**.scala`, `**/project/**.sbt`
 
 When the option `cache-dependency-path` is specified, the hash is based on the matching file. This option supports wildcards and a list of file names, and is especially useful for monorepos.

__tests__/cache.test.ts

@@ -96,11 +96,11 @@ describe('dependency cache', () => {
     });
 
     describe('for maven', () => {
-      it('throws error if no pom.xml, maven-wrapper.properties, or extensions.xml found', async () => {
+      it('throws error if no pom.xml or maven-wrapper.properties found', async () => {
         await expect(restore('maven', '')).rejects.toThrow(
           `No file in ${projectRoot(
             workspace
-          )} matched to [**/pom.xml,**/.mvn/wrapper/maven-wrapper.properties,**/.mvn/extensions.xml], make sure you have checked out the target repository`
+          )} matched to [**/pom.xml,**/.mvn/wrapper/maven-wrapper.properties], make sure you have checked out the target repository`
         );
       });
       it('downloads cache based on pom.xml', async () => {
@@ -115,7 +115,7 @@ describe('dependency cache', () => {
           expect.any(String)
         );
         expect(spyGlobHashFiles).toHaveBeenCalledWith(
-          '**/pom.xml\n**/.mvn/wrapper/maven-wrapper.properties\n**/.mvn/extensions.xml'
+          '**/pom.xml\n**/.mvn/wrapper/maven-wrapper.properties'
         );
         expect(spyWarning).not.toHaveBeenCalled();
         expect(spyInfo).toHaveBeenCalledWith('maven cache is not found');
@@ -136,25 +136,7 @@ describe('dependency cache', () => {
           expect.any(String)
         );
         expect(spyGlobHashFiles).toHaveBeenCalledWith(
-          '**/pom.xml\n**/.mvn/wrapper/maven-wrapper.properties\n**/.mvn/extensions.xml'
+          '**/pom.xml\n**/.mvn/wrapper/maven-wrapper.properties'
-        );
-        expect(spyWarning).not.toHaveBeenCalled();
-        expect(spyInfo).toHaveBeenCalledWith('maven cache is not found');
-      });
-      it('downloads cache based on extensions.xml', async () => {
-        createDirectory(join(workspace, '.mvn'));
-        createFile(join(workspace, '.mvn', 'extensions.xml'));
-
-        await restore('maven', '');
-        expect(spyCacheRestore).toHaveBeenCalledWith(
-          [
-            join(os.homedir(), '.m2', 'repository'),
-            join(os.homedir(), '.m2', 'wrapper', 'dists')
-          ],
-          expect.any(String)
-        );
-        expect(spyGlobHashFiles).toHaveBeenCalledWith(
-          '**/pom.xml\n**/.mvn/wrapper/maven-wrapper.properties\n**/.mvn/extensions.xml'
         );
         expect(spyWarning).not.toHaveBeenCalled();
         expect(spyInfo).toHaveBeenCalledWith('maven cache is not found');

dist/cleanup/index.js

@@ -51973,11 +51973,7 @@ const supportedPackageManager = [
             (0, path_1.join)(os_1.default.homedir(), '.m2', 'wrapper', 'dists')
         ],
         // https://github.com/actions/cache/blob/0638051e9af2c23d10bb70fa9beffcad6cff9ce3/examples.md#java---maven
-        pattern: [
+        pattern: ['**/pom.xml', '**/.mvn/wrapper/maven-wrapper.properties']
-            '**/pom.xml',
-            '**/.mvn/wrapper/maven-wrapper.properties',
-            '**/.mvn/extensions.xml'
-        ]
     },
     {
         id: 'gradle',

dist/setup/index.js

@@ -77837,11 +77837,7 @@ const supportedPackageManager = [
             (0, path_1.join)(os_1.default.homedir(), '.m2', 'wrapper', 'dists')
         ],
         // https://github.com/actions/cache/blob/0638051e9af2c23d10bb70fa9beffcad6cff9ce3/examples.md#java---maven
-        pattern: [
+        pattern: ['**/pom.xml', '**/.mvn/wrapper/maven-wrapper.properties']
-            '**/pom.xml',
-            '**/.mvn/wrapper/maven-wrapper.properties',
-            '**/.mvn/extensions.xml'
-        ]
     },
     {
         id: 'gradle',

src/cache.ts

@@ -28,11 +28,7 @@ const supportedPackageManager: PackageManager[] = [
       join(os.homedir(), '.m2', 'wrapper', 'dists')
     ],
     // https://github.com/actions/cache/blob/0638051e9af2c23d10bb70fa9beffcad6cff9ce3/examples.md#java---maven
-    pattern: [
+    pattern: ['**/pom.xml', '**/.mvn/wrapper/maven-wrapper.properties']
-      '**/pom.xml',
-      '**/.mvn/wrapper/maven-wrapper.properties',
-      '**/.mvn/extensions.xml'
-    ]
   },
   {
     id: 'gradle',