cicd/setup-java
1
0
Fork 0
mirror of https://github.com/actions/setup-java.git synced 2026-06-15 21:04:45 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee757a2a67620eb84e5032d6df47b790dc77b73b
setup-java/src/util.ts
T
John 43120bc3c3 Implement pagination with link headers for Adoptium based apis (#1014) 
* Use Link headers for Adoptium pagination

* Fix nullable pagination URL types and rebuild dist

* Add 1000-page safeguard for JetBrains pagination

* Adjust plan for pagination safeguard scope

* Move pagination safeguard to non-JetBrains installers

* Add 1000-page safeguard to Adopt Temurin and Semeru pagination

* Fix Prettier formatting in adopt, semeru, and temurin installer files

* Fix CI audit failure by updating vulnerable transitive deps

* Address PR review: RFC-compliant Link parsing, SSRF validation, centralized constant

- Make getNextPageUrlFromLinkHeader RFC 8288 compliant by splitting
  link-values and checking for rel=next anywhere in the parameters,
  not just as the first parameter after the semicolon.
- Add validatePaginationUrl utility to reject pagination URLs that
  point to unexpected origins (SSRF mitigation).
- Centralize MAX_PAGINATION_PAGES in util.ts instead of duplicating
  across Adopt, Semeru, and Temurin installers.
- Add tests for rel not being the first parameter, and for URL
  origin validation.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address code review feedback on pagination implementation

- Tighten rel regex with word boundary to prevent false positives
  (e.g., rel="nextsomething" no longer matches).
- Use parsed.origin comparison in validatePaginationUrl to correctly
  handle explicit default ports (e.g., :443 for HTTPS).
- Fix pagination safeguard tests to use same-origin URLs so they
  actually exercise the 1000-page limit instead of being rejected
  by origin validation on the first request.
- Add test for rel="nextsomething" not matching.
- Add test for explicit default port acceptance.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix prettier formatting in util.test.ts

* Rebuild dist/ to fix check-dist CI failure

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-12 11:50:16 +01:00

263 lines
7.4 KiB
TypeScript
Raw Blame History

import os from 'os';
import path from 'path';
import * as fs from 'fs';
import * as semver from 'semver';
import * as cache from '@actions/cache';
import * as core from '@actions/core';
import * as tc from '@actions/tool-cache';
import {INPUT_JOB_STATUS, DISTRIBUTIONS_ONLY_MAJOR_VERSION} from './constants';
import {OutgoingHttpHeaders} from 'http';
export function getTempDir() {
const tempDirectory = process.env['RUNNER_TEMP'] || os.tmpdir();
return tempDirectory;
}
export function getBooleanInput(inputName: string, defaultValue = false) {
return (
(core.getInput(inputName) || String(defaultValue)).toUpperCase() === 'TRUE'
);
}
export function getVersionFromToolcachePath(toolPath: string) {
if (toolPath) {
return path.basename(path.dirname(toolPath));
}
return toolPath;
}
export async function extractJdkFile(toolPath: string, extension?: string) {
if (!extension) {
extension = toolPath.endsWith('.tar.gz')
? 'tar.gz'
: path.extname(toolPath);
if (extension.startsWith('.')) {
extension = extension.substring(1);
}
}
switch (extension) {
case 'tar.gz':
case 'tar':
return await tc.extractTar(toolPath);
case 'zip':
return await tc.extractZip(toolPath);
default:
return await tc.extract7z(toolPath);
}
}
export function getDownloadArchiveExtension() {
return process.platform === 'win32' ? 'zip' : 'tar.gz';
}
export function isVersionSatisfies(range: string, version: string): boolean {
if (semver.valid(range)) {
// if full version with build digit is provided as a range (such as '1.2.3+4')
// we should check for exact equal via compareBuild
// since semver.satisfies doesn't handle 4th digit
const semRange = semver.parse(range);
if (semRange && semRange.build?.length > 0) {
return semver.compareBuild(range, version) === 0;
}
}
return semver.satisfies(version, range);
}
export function getToolcachePath(
toolName: string,
version: string,
architecture: string
) {
const toolcacheRoot = process.env['RUNNER_TOOL_CACHE'] ?? '';
const fullPath = path.join(toolcacheRoot, toolName, version, architecture);
if (fs.existsSync(fullPath)) {
return fullPath;
}
return null;
}
export function isJobStatusSuccess() {
const jobStatus = core.getInput(INPUT_JOB_STATUS);
return jobStatus === 'success';
}
export function isGhes(): boolean {
const ghUrl = new URL(
process.env['GITHUB_SERVER_URL'] || 'https://github.com'
);
const hostname = ghUrl.hostname.trimEnd().toUpperCase();
const isGitHubHost = hostname === 'GITHUB.COM';
const isGitHubEnterpriseCloudHost = hostname.endsWith('.GHE.COM');
const isLocalHost = hostname.endsWith('.LOCALHOST');
return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
}
export function isCacheFeatureAvailable(): boolean {
if (cache.isFeatureAvailable()) {
return true;
}
if (isGhes()) {
core.warning(
'Caching is only supported on GHES version >= 3.5. If you are on a version >= 3.5, please check with your GHES admin if the Actions cache service is enabled or not.'
);
return false;
}
core.warning(
'The runner was not able to contact the cache service. Caching will be skipped'
);
return false;
}
export function getVersionFromFileContent(
content: string,
distributionName: string,
versionFile: string
): string | null {
let javaVersionRegExp: RegExp;
function getFileName(versionFile: string) {
return path.basename(versionFile);
}
const versionFileName = getFileName(versionFile);
if (versionFileName == '.tool-versions') {
javaVersionRegExp =
/^java\s+(?:\S*-)?(?<version>\d+(?:\.\d+)*([+_.-](?:openj9[-._]?\d[\w.-]*|java\d+|jre[-_\w]*|OpenJDK\d+[\w_.-]*|[a-z0-9]+))*)/im;
} else if (versionFileName == '.sdkmanrc') {
javaVersionRegExp = /^java\s*=\s*(?<version>[^-]+)/m;
} else {
javaVersionRegExp = /(?<version>(?<=(^|\s|-))(\d+\S*))(\s|$)/;
}
const capturedVersion = content.match(javaVersionRegExp)?.groups?.version
? (content.match(javaVersionRegExp)?.groups?.version as string)
: '';
core.debug(
`Parsed version '${capturedVersion}' from file '${versionFileName}'`
);
if (!capturedVersion) {
return null;
}
const tentativeVersion = avoidOldNotation(capturedVersion);
const rawVersion = tentativeVersion.split('-')[0];
let version = semver.validRange(rawVersion)
? tentativeVersion
: semver.coerce(tentativeVersion);
core.debug(`Range version from file is '${version}'`);
if (!version) {
return null;
}
if (DISTRIBUTIONS_ONLY_MAJOR_VERSION.includes(distributionName)) {
const coerceVersion = semver.coerce(version) ?? version;
version = semver.major(coerceVersion).toString();
}
return version.toString();
}
// By convention, action expects version 8 in the format `8.*` instead of `1.8`
function avoidOldNotation(content: string): string {
return content.startsWith('1.') ? content.substring(2) : content;
}
export function convertVersionToSemver(version: number[] | string) {
// Some distributions may use semver-like notation (12.10.2.1, 12.10.2.1.1)
const versionArray = Array.isArray(version) ? version : version.split('.');
const mainVersion = versionArray.slice(0, 3).join('.');
if (versionArray.length > 3) {
return `${mainVersion}+${versionArray.slice(3).join('.')}`;
}
return mainVersion;
}
export function getGitHubHttpHeaders(): OutgoingHttpHeaders {
const resolvedToken = core.getInput('token') || process.env.GITHUB_TOKEN;
const auth = !resolvedToken ? undefined : `token ${resolvedToken}`;
const headers: OutgoingHttpHeaders = {
accept: 'application/vnd.github.VERSION.raw'
};
if (auth) {
headers.authorization = auth;
}
return headers;
}
export const MAX_PAGINATION_PAGES = 1000;
export function getNextPageUrlFromLinkHeader(
headers?: Record<string, string | string[] | undefined>
): string | null {
if (!headers) {
return null;
}
const linkHeader = headers.link ?? headers.Link;
if (!linkHeader) {
return null;
}
const normalizedLinkHeader = Array.isArray(linkHeader)
? linkHeader.join(',')
: linkHeader;
// Split into individual link-values and find the one with rel="next"
// RFC 8288 allows rel to appear anywhere among the parameters
const linkValues = normalizedLinkHeader.split(/,(?=\s*<)/);
for (const linkValue of linkValues) {
const urlMatch = linkValue.match(/<([^>]+)>/);
if (!urlMatch) continue;
const params = linkValue.slice(urlMatch[0].length);
// Use word boundary to match "next" as a standalone relation type
// RFC 8288 allows space-separated relation types like rel="next prev"
if (/;\s*rel="?[^"]*\bnext\b/i.test(params)) {
return urlMatch[1];
}
}
return null;
}
export function validatePaginationUrl(
url: string,
allowedOrigin: string
): boolean {
try {
const parsed = new URL(url);
const allowed = new URL(allowedOrigin);
return parsed.origin === allowed.origin;
} catch {
return false;
}
}
// Rename archive to add extension because after downloading
// archive does not contain extension type and it leads to some issues
// on Windows runners without PowerShell Core.
//
// For default PowerShell Windows it should contain extension type to unpack it.
export function renameWinArchive(javaArchivePath: string): string {
const javaArchivePathRenamed = `${javaArchivePath}.zip`;
fs.renameSync(javaArchivePath, javaArchivePathRenamed);
return javaArchivePathRenamed;
}
Reference in New Issue View Git Blame Copy Permalink