1
0

Compare commits

...

4 Commits

Author SHA1 Message Date
Bruno Borges 3abac75b91 Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-07-17 14:20:10 -04:00
Bruno Borges 4e1ba8caa4 Merge origin/main into credential input updates
Resolve documentation conflicts by retaining the latest V6 examples with the explicit environment-variable input names.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

Copilot-Session: 70a3daa8-dbc9-4eb0-a57b-df198a459315
2026-07-17 12:23:18 -04:00
Bruno Borges 569f14174d Clarify credential environment variable inputs
Rename credential-related inputs to make their environment-variable semantics explicit while preserving deprecated aliases with migration warnings.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

Copilot-Session: 70a3daa8-dbc9-4eb0-a57b-df198a459315
2026-07-17 12:09:18 -04:00
Haritha 46f6294045 docs: update setup-java examples (#1131)
* docs: update setup-java examples

* docs: fix YAML example indentation

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

Copilot-Session: 190c65c4-f5aa-4595-8e2e-26266fbcb37f

* docs: note v6 development status

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

Copilot-Session: 190c65c4-f5aa-4595-8e2e-26266fbcb37f

---------

Co-authored-by: Bruno Borges <brborges@microsoft.com>
2026-07-16 14:25:45 -04:00
10 changed files with 616 additions and 513 deletions
+12 -12
View File
@@ -38,9 +38,9 @@ jobs:
distribution: 'adopt'
java-version: '11'
server-id: maven
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
server-username-env-var: MAVEN_USERNAME
server-password-env-var: MAVEN_CENTRAL_TOKEN
gpg-passphrase-env-var: MAVEN_GPG_PASSPHRASE
- name: Validate settings.xml
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@@ -93,9 +93,9 @@ jobs:
distribution: 'adopt'
java-version: '11'
server-id: maven
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
server-username-env-var: MAVEN_USERNAME
server-password-env-var: MAVEN_CENTRAL_TOKEN
gpg-passphrase-env-var: MAVEN_GPG_PASSPHRASE
- name: Validate settings.xml is overwritten
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@@ -131,10 +131,10 @@ jobs:
distribution: 'adopt'
java-version: '11'
server-id: maven
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
server-username-env-var: MAVEN_USERNAME
server-password-env-var: MAVEN_CENTRAL_TOKEN
overwrite-settings: false
gpg-passphrase: MAVEN_GPG_PASSPHRASE
gpg-passphrase-env-var: MAVEN_GPG_PASSPHRASE
- name: Validate that settings.xml is not overwritten
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@@ -164,9 +164,9 @@ jobs:
distribution: 'adopt'
java-version: '11'
server-id: maven
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
server-username-env-var: MAVEN_USERNAME
server-password-env-var: MAVEN_CENTRAL_TOKEN
gpg-passphrase-env-var: MAVEN_GPG_PASSPHRASE
settings-path: ${{ runner.temp }}
- name: Validate settings.xml location
run: |
+105 -109
View File
@@ -20,11 +20,16 @@ This action allows you to work with Java and Scala projects.
## What's new in V6
- **Migrated to ESM** to enable support for the latest `@actions/*` package versions. This is an internal implementation change only. No changes are required to your workflow configuration, and the action's behavior is unchanged. Existing workflows continue to work as before.
> [!NOTE]
> V6 is still in development (`main` branch) and is not yet recommended for production workflows.
- **Migrated to ESM** to enable support for the latest `@actions/*` package versions. This is an internal implementation change.
## Breaking changes in V6
- **The GPG passphrase is now passed to the Maven GPG Plugin through an environment variable (`gpg.passphraseEnvName`) instead of the deprecated `gpg.passphrase` server in `settings.xml`.** The `gpg-passphrase` input and its default (`GPG_PASSPHRASE`) are unchanged, so if you already set that environment variable in your build step your workflow keeps working. However, this now requires `maven-gpg-plugin` **3.2.0 or newer**; older versions do not honor `gpg.passphraseEnvName` and, because the `gpg.passphrase` server is no longer written, will not pick up the passphrase. Upgrade the plugin to 3.2.0+.
- **Renamed inputs that accept environment-variable names** to make it clear that their values are not credentials. Replace `server-username`, `server-password`, and `gpg-passphrase` with `server-username-env-var`, `server-password-env-var`, and `gpg-passphrase-env-var`, respectively. The old names remain as deprecated aliases and emit a warning when used.
- **The GPG passphrase is now passed to the Maven GPG Plugin through an environment variable (`gpg.passphraseEnvName`) instead of the deprecated `gpg.passphrase` server in `settings.xml`.** Set the environment variable name with `gpg-passphrase-env-var`, which defaults to `GPG_PASSPHRASE`. This requires `maven-gpg-plugin` **3.2.0 or newer**; older versions do not honor `gpg.passphraseEnvName` and, because the `gpg.passphrase` server is no longer written, will not pick up the passphrase. Upgrade the plugin to 3.2.0+.
See [GPG](docs/advanced-usage.md#gpg) for details.
@@ -37,79 +42,79 @@ For more details, see the full release notes on the [releases page](https://git
## Usage
- `java-version`: The Java version that is going to be set up. Takes a whole or [semver](#supported-version-syntax) Java version. If not specified, the action will expect `java-version-file` input to be specified.
- `java-version`: The Java version that is going to be set up. Takes a whole or [semver](#supported-version-syntax) Java version. If not specified, the action will expect `java-version-file` input to be specified.
- `java-version-file`: The path to a file containing java version. Supported file types are `.java-version`, `.tool-versions`, and `.sdkmanrc`. See more details in [about .java-version-file](docs/advanced-usage.md#Java-version-file).
- `java-version-file`: The path to a file containing java version. Supported file types are `.java-version`, `.tool-versions`, and `.sdkmanrc`. See more details in [about .java-version-file](docs/advanced-usage.md#Java-version-file).
- `distribution`: Java [distribution](#supported-distributions). Required unless `java-version-file` points to `.sdkmanrc` with a recognized distribution suffix (for example `java=21.0.5-tem`).
- `distribution`: Java [distribution](#supported-distributions). Required unless `java-version-file` points to `.sdkmanrc` with a recognized distribution suffix (for example `java=21.0.5-tem`).
- `java-package`: The packaging variant of the chosen distribution. Possible values: `jdk`, `jre`, `jdk+fx`, `jre+fx`. For Azul Zulu, `jdk+crac` and `jre+crac` are also supported. Default value: `jdk`.
- `java-package`: The packaging variant of the chosen distribution. Possible values: `jdk`, `jre`, `jdk+fx`, `jre+fx`. For Azul Zulu, `jdk+crac` and `jre+crac` are also supported. Default value: `jdk`.
- `architecture`: The target architecture of the package. Possible values: `x86`, `x64`, `armv7`, `aarch64`, `ppc64le`. Default value: Derived from the runner machine.
- `architecture`: The target architecture of the package. Possible values: `x86`, `x64`, `armv7`, `aarch64`, `ppc64le`. Default value: Derived from the runner machine.
- `jdk-file`: If a use-case requires a custom distribution setup-java uses the compressed JDK from the location pointed by this input and will take care of the installation and caching on the VM. Note: `distribution` must be set to 'jdkfile' (case-sensitive; all lowercase) when using this option. (The camelCase `jdkFile` input is still accepted as a deprecated alias and may be removed in a future release.)
- `jdk-file`: If a use-case requires a custom distribution setup-java uses the compressed JDK from the location pointed by this input and will take care of the installation and caching on the VM. Note: `distribution` must be set to 'jdkfile' (case-sensitive; all lowercase) when using this option. (The camelCase `jdkFile` input is still accepted as a deprecated alias and may be removed in a future release.)
- `check-latest`: Setting this option makes the action to check for the latest available version for the version spec.
- `check-latest`: Setting this option makes the action to check for the latest available version for the version spec.
- `set-default`: Set to `false` to install a JDK without making it the default. When `false`, `JAVA_HOME` and `PATH` are not updated, but `JAVA_HOME_<major>_<arch>` is still set so the JDK remains discoverable. Default value: `true`. See [Installing JDK without setting as default](docs/advanced-usage.md#Installing-JDK-without-setting-as-default) for more details.
- `set-default`: Set to `false` to install a JDK without making it the default. When `false`, `JAVA_HOME` and `PATH` are not updated, but `JAVA_HOME_<major>_<arch>` is still set so the JDK remains discoverable. Default value: `true`. See [Installing JDK without setting as default](docs/advanced-usage.md#Installing-JDK-without-setting-as-default) for more details.
- `problem-matcher`: Set to `false` to disable Java problem matcher annotations (compiler diagnostics and uncaught exceptions). Default value: `true`. See [Java problem matcher](docs/advanced-usage.md#java-problem-matcher-compiler-annotations) for details and annotation limits.
- `problem-matcher`: Set to `false` to disable Java problem matcher annotations (compiler diagnostics and uncaught exceptions). Default value: `true`. See [Java problem matcher](docs/advanced-usage.md#java-problem-matcher-compiler-annotations) for details and annotation limits.
- `verify-signature`: Verifies downloaded Java package signatures when supported by the selected distribution. Currently supported for `temurin` and `microsoft`. If set to `true` for unsupported distributions, the action fails.
- `verify-signature`: Verifies downloaded Java package signatures when supported by the selected distribution. Currently supported for `temurin` and `microsoft`. If set to `true` for unsupported distributions, the action fails.
- `verify-signature-public-key`: ASCII-armored GPG public key used to verify the downloaded package signature. Overrides the default bundled key for the selected distribution.
- `verify-signature-public-key`: ASCII-armored GPG public key used to verify the downloaded package signature. Overrides the default bundled key for the selected distribution.
- `token`: The token used to authenticate when fetching version manifests hosted on GitHub.com. Defaults to `${{ github.token }}` when running on GitHub.com; defaults to an empty string on GitHub Enterprise Server. On GHES, provide a GitHub.com personal access token if manifest requests are rate-limited. See [Using Microsoft distribution on GHES](docs/advanced-usage.md#using-microsoft-distribution-on-ghes) for more details.
- `token`: The token used to authenticate when fetching version manifests hosted on GitHub.com. Defaults to `${{ github.token }}` when running on GitHub.com; defaults to an empty string on GitHub Enterprise Server. On GHES, provide a GitHub.com personal access token if manifest requests are rate-limited. See [Using Microsoft distribution on GHES](docs/advanced-usage.md#using-microsoft-distribution-on-ghes) for more details.
- `cache`: Quick [setup caching](#caching-packages-dependencies) for the dependencies managed through one of the predefined package managers. It can be one of "maven", "gradle" or "sbt".
- `cache`: Quick [setup caching](#caching-packages-dependencies) for the dependencies managed through one of the predefined package managers. It can be one of "maven", "gradle" or "sbt".
- `cache-dependency-path`: The path to a dependency file: pom.xml, build.gradle, build.sbt, etc. This option can be used with the `cache` option. If this option is omitted, the action searches for the dependency file in the entire repository. This option supports wildcards and a list of file names for caching multiple dependencies.
- `cache-dependency-path`: The path to a dependency file: pom.xml, build.gradle, build.sbt, etc. This option can be used with the `cache` option. If this option is omitted, the action searches for the dependency file in the entire repository. This option supports wildcards and a list of file names for caching multiple dependencies.
#### Maven options
The action has a bunch of inputs to generate maven's [settings.xml](https://maven.apache.org/settings.html) on the fly and pass the values to Apache Maven GPG Plugin as well as Apache Maven Toolchains. See [advanced usage](docs/advanced-usage.md) for more.
- `overwrite-settings`: By default action overwrites the settings.xml. In order to skip generation of file if it exists, set this to `false`.
- `overwrite-settings`: By default action overwrites the settings.xml. In order to skip generation of file if it exists, set this to `false`.
- `server-id`: ID of the distributionManagement repository in the pom.xml file. Default is `github`.
- `server-id`: ID of the distributionManagement repository in the pom.xml file. Default is `github`.
- `server-username`: Environment variable name for the username for authentication to the Apache Maven repository. Default is GITHUB_ACTOR.
- `server-username-env-var`: Environment variable name for the username for authentication to the Apache Maven repository. Default is GITHUB\_ACTOR.
- `server-password`: Environment variable name for password or token for authentication to the Apache Maven repository. Default is GITHUB_TOKEN.
- `server-password-env-var`: Environment variable name for password or token for authentication to the Apache Maven repository. Default is GITHUB\_TOKEN.
- `settings-path`: Maven related setting to point to the directory where the settings.xml file will be written. Default is ~/.m2.
- `settings-path`: Maven related setting to point to the directory where the settings.xml file will be written. Default is \~/.m2.
- `gpg-private-key`: GPG private key to import. Default is empty string.
- `gpg-private-key`: GPG private key to import. Default is empty string.
- `gpg-passphrase`: Environment variable name for the GPG private key passphrase. Default is GPG_PASSPHRASE.
- `gpg-passphrase-env-var`: Environment variable name for the GPG private key passphrase. Default is GPG\_PASSPHRASE.
- `mvn-toolchain-id`: Name of Maven Toolchain ID if the default name of `${distribution}_${java-version}` is not wanted.
- `mvn-toolchain-id`: Name of Maven Toolchain ID if the default name of `${distribution}_${java-version}` is not wanted.
- `mvn-toolchain-vendor`: Name of Maven Toolchain Vendor if the default name of `${distribution}` is not wanted.
- `mvn-toolchain-vendor`: Name of Maven Toolchain Vendor if the default name of `${distribution}` is not wanted.
- `show-download-progress`: Set to `true` to keep Maven artifact download and transfer progress in build logs. Default value: `false`. By default, the action adds `-ntp` (`--no-transfer-progress`) to `MAVEN_ARGS`. This input has no effect on non-Maven builds. See [Maven transfer progress](docs/advanced-usage.md#maven-transfer-progress-download-logs) for more details.
- `show-download-progress`: Set to `true` to keep Maven artifact download and transfer progress in build logs. Default value: `false`. By default, the action adds `-ntp` (`--no-transfer-progress`) to `MAVEN_ARGS`. This input has no effect on non-Maven builds. See [Maven transfer progress](docs/advanced-usage.md#maven-transfer-progress-download-logs) for more details.
### Basic Configuration
#### Eclipse Temurin
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin' # See 'Supported distributions' for available options
java-version: '25'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin' # See 'Supported distributions' for available options
java-version: '25'
- run: java --version
```
#### Azul Zulu OpenJDK
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'zulu' # See 'Supported distributions' for available options
java-version: '25'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'zulu' # See 'Supported distributions' for available options
java-version: '25'
- run: java --version
```
#### Supported version syntax
@@ -180,16 +185,16 @@ The cache input is optional, and caching is turned off by default.
#### Caching gradle dependencies
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
cache: 'gradle'
cache-dependency-path: | # optional
sub-project/*.gradle*
sub-project/**/gradle-wrapper.properties
- run: ./gradlew build --no-daemon
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
cache: 'gradle'
cache-dependency-path: | # optional
sub-project/*.gradle*
sub-project/**/gradle-wrapper.properties
- run: ./gradlew build --no-daemon
```
Using the `cache: gradle` provides a simple and effective way to cache Gradle dependencies with minimal configuration.
@@ -202,15 +207,15 @@ For setup details and a comprehensive overview of all available features, visit
#### Caching maven dependencies
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'
cache-dependency-path: 'sub-project/pom.xml' # optional
- name: Build with Maven
run: mvn package --file pom.xml
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'
cache-dependency-path: 'sub-project/pom.xml' # optional
- name: Build with Maven
run: mvn package --file pom.xml
```
> [!NOTE]
@@ -223,17 +228,17 @@ steps:
#### Caching sbt dependencies
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
cache: 'sbt'
cache-dependency-path: | # optional
sub-project/build.sbt
sub-project/project/build.properties
- name: Build with SBT
run: sbt package
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
cache: 'sbt'
cache-dependency-path: | # optional
sub-project/build.sbt
sub-project/project/build.properties
- name: Build with SBT
run: sbt package
```
#### Cache segment restore timeout
@@ -243,13 +248,13 @@ Usually, cache gets downloaded in multiple segments of fixed sizes. Sometimes, a
env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: '5'
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
cache: 'gradle'
- run: ./gradlew build --no-daemon
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
cache: 'gradle'
- run: ./gradlew build --no-daemon
```
### Check latest
@@ -263,13 +268,13 @@ For Java distributions that are not cached on Hosted images, `check-latest` alwa
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
check-latest: true
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
check-latest: true
- run: java --version
```
### Testing against different Java versions
@@ -282,9 +287,9 @@ jobs:
java: [ '8', '11', '17', '21', '25' ]
name: Java ${{ matrix.Java }} sample
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- name: Setup java
uses: actions/setup-java@v5
uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: ${{ matrix.java }}
@@ -293,11 +298,11 @@ jobs:
### Install multiple JDKs
All configured Java versions are added to the PATH. The last one added to the PATH (i.e., the last JDK set up by this action) will be used as the default and available globally. Other Java versions can be accessed through environment variables such as 'JAVA_HOME_{{ MAJOR_VERSION }}_{{ ARCHITECTURE }}'. To use a specific Java version, set the JAVA_HOME environment variable accordingly and prepend its bin directory to the PATH to ensure it takes priority during execution.
All configured Java versions are added to the PATH. The last one added to the PATH (i.e., the last JDK set up by this action) will be used as the default and available globally. Other Java versions can be accessed through environment variables such as 'JAVA\_HOME\_{{ MAJOR\_VERSION }}\_{{ ARCHITECTURE }}'. To use a specific Java version, set the JAVA\_HOME environment variable accordingly and prepend its bin directory to the PATH to ensure it takes priority during execution.
```yaml
steps:
- uses: actions/setup-java@v5
steps:
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: |
@@ -312,19 +317,19 @@ In the example above multiple JDKs are installed for the same job. The result af
### Advanced Configuration
- [Selecting a Java distribution](docs/advanced-usage.md#Selecting-a-Java-distribution)
- [Eclipse Temurin](docs/advanced-usage.md#Eclipse-Temurin)
- [Adopt](docs/advanced-usage.md#Adopt)
- [Zulu](docs/advanced-usage.md#Zulu)
- [Liberica](docs/advanced-usage.md#Liberica)
- [Liberica Native Image Kit](docs/advanced-usage.md#Liberica-Native-Image-Kit)
- [Microsoft](docs/advanced-usage.md#Microsoft)
- [Amazon Corretto](docs/advanced-usage.md#Amazon-Corretto)
- [Oracle](docs/advanced-usage.md#Oracle)
- [Alibaba Dragonwell](docs/advanced-usage.md#Alibaba-Dragonwell)
- [SapMachine](docs/advanced-usage.md#SapMachine)
- [GraalVM](docs/advanced-usage.md#GraalVM)
- [JetBrains](docs/advanced-usage.md#JetBrains)
- [Tencent Kona](docs/advanced-usage.md#Tencent-Kona)
- [Eclipse Temurin](docs/advanced-usage.md#Eclipse-Temurin)
- [Adopt](docs/advanced-usage.md#Adopt)
- [Zulu](docs/advanced-usage.md#Zulu)
- [Liberica](docs/advanced-usage.md#Liberica)
- [Liberica Native Image Kit](docs/advanced-usage.md#Liberica-Native-Image-Kit)
- [Microsoft](docs/advanced-usage.md#Microsoft)
- [Amazon Corretto](docs/advanced-usage.md#Amazon-Corretto)
- [Oracle](docs/advanced-usage.md#Oracle)
- [Alibaba Dragonwell](docs/advanced-usage.md#Alibaba-Dragonwell)
- [SapMachine](docs/advanced-usage.md#SapMachine)
- [GraalVM](docs/advanced-usage.md#GraalVM)
- [JetBrains](docs/advanced-usage.md#JetBrains)
- [Tencent Kona](docs/advanced-usage.md#Tencent-Kona)
- [Installing custom Java package type](docs/advanced-usage.md#Installing-custom-Java-package-type)
- [Installing custom Java architecture](docs/advanced-usage.md#Installing-custom-Java-architecture)
- [Installing custom Java distribution from local file](docs/advanced-usage.md#Installing-Java-from-local-file)
@@ -337,15 +342,6 @@ In the example above multiple JDKs are installed for the same job. The result af
- [Modifying Maven Toolchains](docs/advanced-usage.md#Modifying-Maven-Toolchains)
- [Java Version File](docs/advanced-usage.md#Java-version-file)
## V2 vs V1
Examples in this README use `actions/setup-java@v5`, but the main migration note from V1 still applies to all later major versions (`v2`, `v3`, `v4`, and `v5`):
- Starting with V2, the action supports custom distributions. V1 supports only Azul Zulu OpenJDK.
- Starting with V2, you must specify distribution along with the version. V1 defaults to Azul Zulu OpenJDK, so only version input is required. Follow [the migration guide](docs/switching-to-v2.md) to switch from V1 to V2.
For information about the latest releases, recent updates, and newly supported distributions, please refer to the `setup-java` [Releases](https://github.com/actions/setup-java/releases).
## Recommended permissions
When using the `setup-java` action in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
+51
View File
@@ -270,4 +270,55 @@ describe('auth tests', () => {
expectedSettings
);
});
it('uses deprecated input aliases and warns', () => {
const mockGetInput = core.getInput as jest.MockedFunction<
typeof core.getInput
>;
const mockWarning = core.warning as jest.MockedFunction<
typeof core.warning
>;
mockGetInput.mockImplementation(name =>
name === 'server-username' ? 'LEGACY_USERNAME' : ''
);
expect(
auth.getInputWithDeprecatedAlias(
'server-username-env-var',
'server-username',
'GITHUB_ACTOR'
)
).toBe('LEGACY_USERNAME');
expect(mockWarning).toHaveBeenCalledWith(
"The 'server-username' input is deprecated and may be removed in a future release. Please use 'server-username-env-var' instead."
);
mockGetInput.mockReset();
mockWarning.mockReset();
});
it('prefers the replacement input over its deprecated alias', () => {
const mockGetInput = core.getInput as jest.MockedFunction<
typeof core.getInput
>;
mockGetInput.mockImplementation(name => {
const inputs: Record<string, string> = {
'server-password-env-var': 'NEW_PASSWORD',
'server-password': 'LEGACY_PASSWORD'
};
return inputs[name] || '';
});
expect(
auth.getInputWithDeprecatedAlias(
'server-password-env-var',
'server-password',
'GITHUB_TOKEN'
)
).toBe('NEW_PASSWORD');
expect(core.warning).toHaveBeenCalled();
mockGetInput.mockReset();
(core.warning as jest.Mock).mockReset();
});
});
+12 -5
View File
@@ -46,16 +46,20 @@ inputs:
file. Default is `github`'
required: false
default: 'github'
server-username:
server-username-env-var:
description: 'Environment variable name for the username for authentication
to the Apache Maven repository. Default is $GITHUB_ACTOR'
required: false
default: 'GITHUB_ACTOR'
server-password:
server-username:
description: 'Deprecated alias for server-username-env-var'
required: false
server-password-env-var:
description: 'Environment variable name for password or token for
authentication to the Apache Maven repository. Default is $GITHUB_TOKEN'
required: false
default: 'GITHUB_TOKEN'
server-password:
description: 'Deprecated alias for server-password-env-var'
required: false
settings-path:
description: 'Path to where the settings.xml file will be written. Default is ~/.m2.'
required: false
@@ -67,8 +71,11 @@ inputs:
description: 'GPG private key to import. Default is empty string.'
required: false
default: ''
gpg-passphrase-env-var:
description: 'Environment variable name for the GPG private key passphrase. Defaults to GPG_PASSPHRASE when gpg-private-key is set.'
required: false
gpg-passphrase:
description: 'Environment variable name for the GPG private key passphrase. Defaults to GPG_PASSPHRASE when gpg-private-key is set; ignored otherwise.'
description: 'Deprecated alias for gpg-passphrase-env-var'
required: false
cache:
description: 'Name of the build platform to cache dependencies. It can be "maven", "gradle" or "sbt".'
+8 -3
View File
@@ -95928,12 +95928,17 @@ const INPUT_PROBLEM_MATCHER = 'problem-matcher';
const INPUT_VERIFY_SIGNATURE = 'verify-signature';
const INPUT_VERIFY_SIGNATURE_PUBLIC_KEY = 'verify-signature-public-key';
const INPUT_SERVER_ID = 'server-id';
const INPUT_SERVER_USERNAME = 'server-username';
const INPUT_SERVER_PASSWORD = 'server-password';
const INPUT_SERVER_USERNAME_ENV_VAR = 'server-username-env-var';
const INPUT_SERVER_PASSWORD_ENV_VAR = 'server-password-env-var';
const INPUT_SERVER_USERNAME_DEPRECATED = 'server-username';
const INPUT_SERVER_PASSWORD_DEPRECATED = 'server-password';
const INPUT_SETTINGS_PATH = 'settings-path';
const INPUT_OVERWRITE_SETTINGS = 'overwrite-settings';
const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
const INPUT_GPG_PASSPHRASE = 'gpg-passphrase';
const INPUT_GPG_PASSPHRASE_ENV_VAR = 'gpg-passphrase-env-var';
const INPUT_GPG_PASSPHRASE_DEPRECATED = 'gpg-passphrase';
const INPUT_DEFAULT_SERVER_USERNAME = 'GITHUB_ACTOR';
const INPUT_DEFAULT_SERVER_PASSWORD = 'GITHUB_TOKEN';
const INPUT_DEFAULT_GPG_PRIVATE_KEY = (/* unused pure expression or super */ null && (undefined));
const INPUT_DEFAULT_GPG_PASSPHRASE = 'GPG_PASSPHRASE';
// The default name of the environment variable the maven-gpg-plugin reads the
+28 -16
View File
@@ -73287,12 +73287,17 @@ const INPUT_PROBLEM_MATCHER = 'problem-matcher';
const INPUT_VERIFY_SIGNATURE = 'verify-signature';
const INPUT_VERIFY_SIGNATURE_PUBLIC_KEY = 'verify-signature-public-key';
const INPUT_SERVER_ID = 'server-id';
const INPUT_SERVER_USERNAME = 'server-username';
const INPUT_SERVER_PASSWORD = 'server-password';
const INPUT_SERVER_USERNAME_ENV_VAR = 'server-username-env-var';
const INPUT_SERVER_PASSWORD_ENV_VAR = 'server-password-env-var';
const INPUT_SERVER_USERNAME_DEPRECATED = 'server-username';
const INPUT_SERVER_PASSWORD_DEPRECATED = 'server-password';
const INPUT_SETTINGS_PATH = 'settings-path';
const INPUT_OVERWRITE_SETTINGS = 'overwrite-settings';
const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
const INPUT_GPG_PASSPHRASE = 'gpg-passphrase';
const INPUT_GPG_PASSPHRASE_ENV_VAR = 'gpg-passphrase-env-var';
const INPUT_GPG_PASSPHRASE_DEPRECATED = 'gpg-passphrase';
const INPUT_DEFAULT_SERVER_USERNAME = 'GITHUB_ACTOR';
const INPUT_DEFAULT_SERVER_PASSWORD = 'GITHUB_TOKEN';
const INPUT_DEFAULT_GPG_PRIVATE_KEY = undefined;
const INPUT_DEFAULT_GPG_PASSPHRASE = 'GPG_PASSPHRASE';
// The default name of the environment variable the maven-gpg-plugin reads the
@@ -127359,34 +127364,41 @@ async function verifyPackageSignature(archivePath, signatureUrl, publicKeyConten
async function configureAuthentication() {
const id = getInput(INPUT_SERVER_ID);
const username = getInput(INPUT_SERVER_USERNAME);
const password = getInput(INPUT_SERVER_PASSWORD);
const usernameEnvVar = getInputWithDeprecatedAlias(INPUT_SERVER_USERNAME_ENV_VAR, INPUT_SERVER_USERNAME_DEPRECATED, INPUT_DEFAULT_SERVER_USERNAME);
const passwordEnvVar = getInputWithDeprecatedAlias(INPUT_SERVER_PASSWORD_ENV_VAR, INPUT_SERVER_PASSWORD_DEPRECATED, INPUT_DEFAULT_SERVER_PASSWORD);
const settingsDirectory = getInput(INPUT_SETTINGS_PATH) ||
external_path_.join(external_os_.homedir(), M2_DIR);
const overwriteSettings = util_getBooleanInput(INPUT_OVERWRITE_SETTINGS, true);
const gpgPrivateKey = getInput(INPUT_GPG_PRIVATE_KEY) ||
INPUT_DEFAULT_GPG_PRIVATE_KEY;
const gpgPassphrase = getInput(INPUT_GPG_PASSPHRASE) ||
(gpgPrivateKey ? INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
const gpgPassphraseEnvVar = getInputWithDeprecatedAlias(INPUT_GPG_PASSPHRASE_ENV_VAR, INPUT_GPG_PASSPHRASE_DEPRECATED, gpgPrivateKey ? INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
if (gpgPrivateKey) {
core_setSecret(gpgPrivateKey);
}
await createAuthenticationSettings(id, username, password, settingsDirectory, overwriteSettings, gpgPassphrase);
await createAuthenticationSettings(id, usernameEnvVar, passwordEnvVar, settingsDirectory, overwriteSettings, gpgPassphraseEnvVar);
if (gpgPrivateKey) {
info('Importing private gpg key');
const keyFingerprint = (await importKey(gpgPrivateKey)) || '';
saveState(STATE_GPG_PRIVATE_KEY_FINGERPRINT, keyFingerprint);
}
}
async function createAuthenticationSettings(id, username, password, settingsDirectory, overwriteSettings, gpgPassphrase = undefined) {
function getInputWithDeprecatedAlias(inputName, deprecatedInputName, defaultValue) {
const value = getInput(inputName);
const deprecatedValue = getInput(deprecatedInputName);
if (deprecatedValue) {
warning(`The '${deprecatedInputName}' input is deprecated and may be removed in a future release. Please use '${inputName}' instead.`);
}
return value || deprecatedValue || defaultValue || '';
}
async function createAuthenticationSettings(id, usernameEnvVar, passwordEnvVar, settingsDirectory, overwriteSettings, gpgPassphraseEnvVar = undefined) {
info(`Creating ${MVN_SETTINGS_FILE} with server-id: ${id}`);
// when an alternate m2 location is specified use only that location (no .m2 directory)
// otherwise use the home/.m2/ path
await mkdirP(settingsDirectory);
await write(settingsDirectory, generate(id, username, password, gpgPassphrase), overwriteSettings);
await write(settingsDirectory, generate(id, usernameEnvVar, passwordEnvVar, gpgPassphraseEnvVar), overwriteSettings);
}
// only exported for testing purposes
function generate(id, username, password, gpgPassphrase) {
function generate(id, usernameEnvVar, passwordEnvVar, gpgPassphraseEnvVar) {
const xmlObj = {
settings: {
'@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0',
@@ -127397,8 +127409,8 @@ function generate(id, username, password, gpgPassphrase) {
server: [
{
id: id,
username: `\${env.${username}}`,
password: `\${env.${password}}`
username: `\${env.${usernameEnvVar}}`,
password: `\${env.${passwordEnvVar}}`
}
]
}
@@ -127410,13 +127422,13 @@ function generate(id, username, password, gpgPassphrase) {
// otherwise the plugin already reads the right variable and no extra settings
// are needed. Writing `gpg.passphrase` to settings.xml is deprecated and fails
// when the plugin's `bestPractices` mode is enabled.
if (gpgPassphrase &&
gpgPassphrase !== MAVEN_GPG_PASSPHRASE_DEFAULT_ENV) {
if (gpgPassphraseEnvVar &&
gpgPassphraseEnvVar !== MAVEN_GPG_PASSPHRASE_DEFAULT_ENV) {
xmlObj.settings.profiles = {
profile: {
id: GPG_PASSPHRASE_PROFILE_ID,
properties: {
'gpg.passphraseEnvName': gpgPassphrase
'gpg.passphraseEnvName': gpgPassphraseEnvVar
}
}
};
+329 -329
View File
@@ -39,12 +39,12 @@ Inputs `java-version` and `distribution` are mandatory and needs to be provided.
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
- run: java --version
```
### Adopt
@@ -52,38 +52,38 @@ steps:
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'adopt-hotspot'
java-version: '11'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'adopt-hotspot'
java-version: '11'
- run: java --version
```
### Zulu
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'zulu'
java-version: '25'
java-package: jdk # optional (jdk, jre, jdk+fx, jre+fx, jdk+crac, or jre+crac) - defaults to jdk
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'zulu'
java-version: '25'
java-package: jdk # optional (jdk, jre, jdk+fx, jre+fx, jdk+crac, or jre+crac) - defaults to jdk
- run: java --version
```
### Liberica
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'liberica'
java-version: '25'
java-package: jdk # optional (jdk, jre, jdk+fx or jre+fx) - defaults to jdk
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'liberica'
java-version: '25'
java-package: jdk # optional (jdk, jre, jdk+fx or jre+fx) - defaults to jdk
- run: java --version
```
### Liberica Native Image Kit
@@ -91,25 +91,25 @@ Liberica Native Image Kit (NIK) is a GraalVM-based distribution. `java-version`
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'liberica-nik'
java-version: '25'
java-package: jdk # optional (jdk or jdk+fx) - defaults to jdk
- run: native-image --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'liberica-nik'
java-version: '25'
java-package: jdk # optional (jdk or jdk+fx) - defaults to jdk
- run: native-image --version
```
### Microsoft
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'microsoft'
java-version: '25'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'microsoft'
java-version: '25'
- run: java --version
```
### Using Microsoft distribution on GHES
@@ -119,7 +119,7 @@ steps:
To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action:
```yaml
uses: actions/setup-java@v5
uses: actions/setup-java@v6
with:
token: ${{ secrets.GH_DOTCOM_TOKEN }}
distribution: 'microsoft'
@@ -133,12 +133,12 @@ If the runner is not able to access github.com, any Java versions requested duri
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'corretto'
java-version: '25'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'corretto'
java-version: '25'
- run: java --version
```
### Oracle
@@ -146,12 +146,12 @@ steps:
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'oracle'
java-version: '25'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'oracle'
java-version: '25'
- run: java --version
```
### Alibaba Dragonwell
@@ -159,24 +159,24 @@ steps:
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'dragonwell'
java-version: '8'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'dragonwell'
java-version: '8'
- run: java --version
```
### SapMachine
**NOTE:** An OpenJDK release maintained and supported by SAP
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'sapmachine'
java-version: '25'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'sapmachine'
java-version: '25'
- run: java --version
```
### GraalVM
@@ -184,14 +184,14 @@ steps:
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'graalvm'
java-version: '25'
- run: |
java --version
native-image --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'graalvm'
java-version: '25'
- run: |
java --version
native-image --version
```
### GraalVM Community
@@ -199,14 +199,14 @@ steps:
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'graalvm-community'
java-version: '21'
- run: |
java --version
native-image --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'graalvm-community'
java-version: '21'
- run: |
java --version
native-image --version
```
### JetBrains
@@ -218,12 +218,12 @@ For example, `11.0.24` is not available but `11.0.16` is.
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'jetbrains'
java-version: '11'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'jetbrains'
java-version: '11'
- run: java --version
```
The JetBrains installer uses the GitHub API to fetch the latest version. If you believe your project is going to be running into rate limits, you can provide a
@@ -231,15 +231,15 @@ GitHub token to the action to increase the rate limit. Set the `GITHUB_TOKEN` en
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'jetbrains'
java-version: '17'
java-package: 'jdk' # optional (jdk, jre, jdk+jcef, jre+jcef, jdk+ft, or jre+ft) - defaults to jdk
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'jetbrains'
java-version: '17'
java-package: 'jdk' # optional (jdk, jre, jdk+jcef, jre+jcef, jdk+ft, or jre+ft) - defaults to jdk
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: java --version
```
You can specify your package type (as shown in the [releases page](https://github.com/JetBrains/JetBrainsRuntime/releases/)) in the `java-package` parameter.
@@ -257,24 +257,24 @@ The available package types are:
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'kona'
java-version: '21'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'kona'
java-version: '21'
- run: java --version
```
## Installing custom Java package type
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: '25'
java-package: jdk # optional (jdk or jre) - defaults to jdk
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: '25'
java-package: jdk # optional (jdk or jre) - defaults to jdk
- run: java --version
```
### JavaFX Maven project
@@ -283,15 +283,15 @@ For JavaFX projects that use Maven, use `jdk+fx` (or `jre+fx`) as the `java-pack
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'zulu'
java-version: '25'
java-package: jdk+fx
cache: maven
- name: Build with Maven
run: mvn --no-transfer-progress compile
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'zulu'
java-version: '25'
java-package: jdk+fx
cache: maven
- name: Build with Maven
run: mvn --no-transfer-progress compile
```
To run the JavaFX application in CI:
@@ -348,16 +348,16 @@ the full set):
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'
- name: Seed the Maven cache
run: mvn dependency:go-offline dependency:resolve-plugins
- name: Build with Maven
run: mvn verify --file pom.xml
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'
- name: Seed the Maven cache
run: mvn dependency:go-offline dependency:resolve-plugins
- name: Build with Maven
run: mvn verify --file pom.xml
```
Separate seed job — useful for a matrix where different legs run different goals
@@ -371,14 +371,14 @@ jobs:
seed-cache:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'
- name: Seed the Maven cache
run: mvn dependency:go-offline dependency:resolve-plugins
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'
- name: Seed the Maven cache
run: mvn dependency:go-offline dependency:resolve-plugins
build:
needs: seed-cache
@@ -387,14 +387,14 @@ jobs:
matrix:
goal: ['test', 'verify', 'test -Pprofile1']
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'
- name: Build
run: mvn ${{ matrix.goal }} --file pom.xml
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'
- name: Build
run: mvn ${{ matrix.goal }} --file pom.xml
```
### Caveats
@@ -428,13 +428,13 @@ jobs:
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: '25'
architecture: x86 # optional - default value derived from the runner machine
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: '25'
architecture: x86 # optional - default value derived from the runner machine
- run: java --version
```
## Installing JDK without setting as default
@@ -443,22 +443,22 @@ When installing multiple JDKs, the last one installed becomes the default (`JAVA
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '17'
- uses: actions/setup-java@v5
id: setup-java-21
with:
distribution: 'temurin'
java-version: '21'
set-default: false
- run: |
echo "Default java:"
java -version
echo "Java 21 home: $JAVA_HOME_21_X64"
echo "Java 21 path from output: ${{ steps.setup-java-21.outputs.path }}"
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '17'
- uses: actions/setup-java@v6
id: setup-java-21
with:
distribution: 'temurin'
java-version: '21'
set-default: false
- run: |
echo "Default java:"
java -version
echo "Java 21 home: $JAVA_HOME_21_X64"
echo "Java 21 path from output: ${{ steps.setup-java-21.outputs.path }}"
```
In this example, `JAVA_HOME` and `java` on `PATH` point to Java 17, while Java 21 is available via `JAVA_HOME_21_X64` or the step output `path`.
@@ -473,59 +473,59 @@ If your use-case requires a custom distribution or a version that is not provide
```yaml
steps:
- run: |
download_url="https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.10%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz"
wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
- uses: actions/setup-java@v5
with:
distribution: 'jdkfile'
jdk-file: ${{ runner.temp }}/java_package.tar.gz
java-version: '11.0.0'
architecture: x64
- run: |
download_url="https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.10%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz"
wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
- uses: actions/setup-java@v6
with:
distribution: 'jdkfile'
jdk-file: ${{ runner.temp }}/java_package.tar.gz
java-version: '11.0.0'
architecture: x64
- run: java --version
- run: java --version
```
For example, to use an **Early Access** build from [jdk.java.net](https://jdk.java.net/), download the archive for your runner OS/architecture and install it via `distribution: 'jdkfile'` (example below assumes Linux x64):
```yaml
steps:
- run: |
download_url="https://download.java.net/java/early_access/jdk25/36/GPL/openjdk-25-ea+36_linux-x64_bin.tar.gz"
wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
- uses: actions/setup-java@v5
with:
distribution: 'jdkfile'
jdk-file: ${{ runner.temp }}/java_package.tar.gz
java-version: '25.0.0-ea.36'
architecture: x64
- run: |
download_url="https://download.java.net/java/early_access/jdk25/36/GPL/openjdk-25-ea+36_linux-x64_bin.tar.gz"
wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
- uses: actions/setup-java@v6
with:
distribution: 'jdkfile'
jdk-file: ${{ runner.temp }}/java_package.tar.gz
java-version: '25.0.0-ea.36'
architecture: x64
- run: java --version
- run: java --version
```
If your use-case requires a custom distribution (in the example, alpine-linux is used) or a version that is not provided by setup-java and you want to always install the latest version during runtime, then you can use the following code to auto-download the latest JDK, determine the semver needed for setup-java, and setup-java will take care of the installation and caching on the VM:
```yaml
steps:
- name: fetch latest temurin JDK
id: fetch_latest_jdk
run: |
major_version={{ env.JAVA_VERSION }} # Example 16 or 21 or 22
cd $RUNNER_TEMP
response=$(curl -s "https://api.github.com/repos/adoptium/temurin${major_version}-binaries/releases")
latest_jdk_download_url=$(echo "$response" | jq -r '.[0].assets[] | select(.name | contains("jdk_x64_alpine-linux") and endswith(".tar.gz")) | .browser_download_url')
curl -Ls "$latest_jdk_download_url" -o java_package.tar.gz
latest_jdk_json_url=$(jdk_download_url "$response" | jq -r '.[0].assets[] | select(.name | contains("jdk_x64_alpine-linux") and endswith(".tar.gz.json")) | .browser_download_url')
latest_semver_version=$(curl -sL $latest_jdk_json_url | jq -r 'version.semver')
echo "java_version=$latest_semver_version" >> "$GITHUB_OUTPUT"
steps:
- name: fetch latest temurin JDK
id: fetch_latest_jdk
run: |
major_version={{ env.JAVA_VERSION }} # Example 16 or 21 or 22
cd $RUNNER_TEMP
response=$(curl -s "https://api.github.com/repos/adoptium/temurin${major_version}-binaries/releases")
latest_jdk_download_url=$(echo "$response" | jq -r '.[0].assets[] | select(.name | contains("jdk_x64_alpine-linux") and endswith(".tar.gz")) | .browser_download_url')
curl -Ls "$latest_jdk_download_url" -o java_package.tar.gz
latest_jdk_json_url=$(jdk_download_url "$response" | jq -r '.[0].assets[] | select(.name | contains("jdk_x64_alpine-linux") and endswith(".tar.gz.json")) | .browser_download_url')
latest_semver_version=$(curl -sL $latest_jdk_json_url | jq -r 'version.semver')
echo "java_version=$latest_semver_version" >> "$GITHUB_OUTPUT"
- uses: actions/setup-java@v5
with:
distribution: 'jdkfile'
jdk-file: ${{ runner.temp }}/java_package.tar.gz
java-version: {{ steps.fetch_latest_jdk.outputs.java_version }}
architecture: x64
- run: java --version
- uses: actions/setup-java@v6
with:
distribution: 'jdkfile'
jdk-file: ${{ runner.temp }}/java_package.tar.gz
java-version: {{ steps.fetch_latest_jdk.outputs.java_version }}
architecture: x64
- run: java --version
```
## Testing against different Java distributions
@@ -540,9 +540,9 @@ jobs:
java: [ '8', '11' ]
name: Java ${{ matrix.Java }} (${{ matrix.distribution }}) sample
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- name: Setup java
uses: actions/setup-java@v5
uses: actions/setup-java@v6
with:
distribution: ${{ matrix.distribution }}
java-version: ${{ matrix.java }}
@@ -560,9 +560,9 @@ jobs:
os: [ 'ubuntu-latest', 'macos-latest', 'windows-latest' ]
name: Java ${{ matrix.Java }} (${{ matrix.os }}) sample
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- name: Setup java
uses: actions/setup-java@v5
uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
@@ -577,37 +577,37 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up JDK 11
uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: '11'
- uses: actions/checkout@v7
- name: Set up JDK 11
uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: '11'
- name: Build with Maven
run: mvn package --file pom.xml
- name: Build with Maven
run: mvn package --file pom.xml
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy
env:
GITHUB_TOKEN: ${{ github.token }} # GITHUB_TOKEN is the default env for the password
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy
env:
GITHUB_TOKEN: ${{ github.token }} # GITHUB_TOKEN is the default env for the password
- name: Set up Apache Maven Central
uses: actions/setup-java@v5
with: # running setup-java again overwrites the settings.xml
distribution: 'temurin'
java-version: '11'
server-id: maven # Value of the distributionManagement/repository/id field of the pom.xml
server-username: MAVEN_USERNAME # env variable for username in deploy
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
- name: Set up Apache Maven Central
uses: actions/setup-java@v6
with: # running setup-java again overwrites the settings.xml
distribution: 'temurin'
java-version: '11'
server-id: maven # Value of the distributionManagement/repository/id field of the pom.xml
server-username-env-var: MAVEN_USERNAME # env variable for username in deploy
server-password-env-var: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
- name: Publish to Apache Maven Central
run: mvn deploy -Dgpg.signer=bc # requires maven-gpg-plugin >= 3.2.0 (bc signer support)
env:
MAVEN_USERNAME: maven_username123
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # ASCII-armored secret key (TSK), e.g. from `gpg --armor --export-secret-keys YOUR_ID`
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Publish to Apache Maven Central
run: mvn deploy -Dgpg.signer=bc # requires maven-gpg-plugin >= 3.2.0 (bc signer support)
env:
MAVEN_USERNAME: maven_username123
MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # ASCII-armored secret key (TSK), e.g. from `gpg --armor --export-secret-keys YOUR_ID`
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
```
The two `settings.xml` files created from the above example look like the following.
@@ -660,21 +660,21 @@ See the help docs on [Publishing a Package](https://help.github.com/en/github/ma
#### Legacy / alternative: let setup-java import the key
If you prefer signing with the `gpg` executable (for example because you are using `maven-gpg-plugin` older than 3.2.0), you can let setup-java import the key instead by providing the `gpg-private-key` and `gpg-passphrase` inputs. The private key is written to a file in the runner's temp directory, imported into the GPG keychain, and the file is promptly removed before proceeding with the rest of the setup process. A cleanup step removes the imported private key from the GPG keychain after the job completes regardless of the job status. This ensures that the private key is no longer accessible on self-hosted runners and cannot "leak" between jobs (hosted runners are always clean instances).
If you prefer signing with the `gpg` executable (for example because you are using `maven-gpg-plugin` older than 3.2.0), you can let setup-java import the key instead by providing the `gpg-private-key` and `gpg-passphrase-env-var` inputs. The private key is written to a file in the runner's temp directory, imported into the GPG keychain, and the file is promptly removed before proceeding with the rest of the setup process. A cleanup step removes the imported private key from the GPG keychain after the job completes regardless of the job status. This ensures that the private key is no longer accessible on self-hosted runners and cannot "leak" between jobs (hosted runners are always clean instances).
setup-java imports the key independently of the plugin version, but the generated passphrase profile described below uses `gpg.passphraseEnvName`, which requires `maven-gpg-plugin` 3.2.0 or newer. Since `gpg-passphrase` defaults to `GPG_PASSPHRASE`, setup-java writes that profile unless you override the input to `MAVEN_GPG_PASSPHRASE`.
setup-java imports the key independently of the plugin version, but the generated passphrase profile described below uses `gpg.passphraseEnvName`, which requires `maven-gpg-plugin` 3.2.0 or newer. Since `gpg-passphrase-env-var` defaults to `GPG_PASSPHRASE`, setup-java writes that profile unless you override the input to `MAVEN_GPG_PASSPHRASE`.
```yaml
- name: Set up Apache Maven Central
uses: actions/setup-java@v5
uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '11'
server-id: maven # Value of the distributionManagement/repository/id field of the pom.xml
server-username: MAVEN_USERNAME # env variable for username in deploy
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
server-username-env-var: MAVEN_USERNAME # env variable for username in deploy
server-password-env-var: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
gpg-passphrase-env-var: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
- name: Publish to Apache Maven Central
run: mvn deploy
@@ -684,10 +684,10 @@ setup-java imports the key independently of the plugin version, but the generate
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
```
The `gpg-passphrase` input is the **name of the environment variable** that holds the passphrase (not the passphrase itself). It defaults to `GPG_PASSPHRASE`. The [Maven GPG Plugin](https://maven.apache.org/plugins/maven-gpg-plugin/) reads the passphrase from the environment variable named by its `gpg.passphraseEnvName` property, whose own default is `MAVEN_GPG_PASSPHRASE`.
The `gpg-passphrase-env-var` input is the **name of the environment variable** that holds the passphrase (not the passphrase itself). It defaults to `GPG_PASSPHRASE`. The [Maven GPG Plugin](https://maven.apache.org/plugins/maven-gpg-plugin/) reads the passphrase from the environment variable named by its `gpg.passphraseEnvName` property, whose own default is `MAVEN_GPG_PASSPHRASE`.
- If `gpg-passphrase` is `MAVEN_GPG_PASSPHRASE`, the plugin already reads that variable by default, so setup-java writes nothing extra to `settings.xml`.
- Otherwise (including the default `GPG_PASSPHRASE`), setup-java configures `gpg.passphraseEnvName` through an active profile in the generated `settings.xml` so the plugin reads the passphrase from that variable. For the default `gpg-passphrase: GPG_PASSPHRASE`:
- If `gpg-passphrase-env-var` is `MAVEN_GPG_PASSPHRASE`, the plugin already reads that variable by default, so setup-java writes nothing extra to `settings.xml`.
- Otherwise (including the default `GPG_PASSPHRASE`), setup-java configures `gpg.passphraseEnvName` through an active profile in the generated `settings.xml` so the plugin reads the passphrase from that variable. For the default `gpg-passphrase-env-var: GPG_PASSPHRASE`:
```xml
<profiles>
@@ -703,7 +703,7 @@ The `gpg-passphrase` input is the **name of the environment variable** that hold
</activeProfiles>
```
> **Note:** Earlier versions of setup-java wrote a `gpg.passphrase` server to `settings.xml`. That mechanism is deprecated by the Maven GPG Plugin and fails when its `bestPractices` mode is enabled, so setup-java now relies on `gpg.passphraseEnvName` instead. The `gpg-passphrase` input and its `GPG_PASSPHRASE` default are unchanged, so existing workflows that set the `GPG_PASSPHRASE` environment variable keep working.
> **Note:** Earlier versions of setup-java wrote a `gpg.passphrase` server to `settings.xml`. That mechanism is deprecated by the Maven GPG Plugin and fails when its `bestPractices` mode is enabled, so setup-java now relies on `gpg.passphraseEnvName` instead. Set the environment variable name with `gpg-passphrase-env-var`, which defaults to `GPG_PASSPHRASE`.
> **Compatibility note:** Reading the passphrase from an environment variable (`gpg.passphraseEnvName`) requires `maven-gpg-plugin` 3.2.0 or newer. Older versions do not honor this property and will not pick up the passphrase, because setup-java no longer writes the deprecated `gpg.passphrase` server to `settings.xml`. If you are pinned to `maven-gpg-plugin` older than 3.2.0, upgrade to 3.2.0+.
@@ -733,22 +733,22 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up JDK 11 for Shared Runner
uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: '11'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- uses: actions/checkout@v7
- name: Set up JDK 11 for Shared Runner
uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: '11'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Build with Maven
run: mvn package --file pom.xml
- name: Build with Maven
run: mvn package --file pom.xml
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
env:
GITHUB_TOKEN: ${{ github.token }}
```
## Maven transfer progress (download logs)
@@ -765,15 +765,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: '21'
show-download-progress: true # keep Maven download/transfer progress in the logs
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: '21'
show-download-progress: true # keep Maven download/transfer progress in the logs
- name: Build with Maven
run: mvn package --file pom.xml
- name: Build with Maven
run: mvn package --file pom.xml
```
***NOTES***:
@@ -801,15 +801,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: '21'
problem-matcher: false
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: '21'
problem-matcher: false
- name: Build with Maven
run: mvn package --file pom.xml
- name: Build with Maven
run: mvn package --file pom.xml
```
Disabling the matcher only stops annotations from being created. Compiler output remains in the log, and compilation errors still fail the build step.
@@ -822,22 +822,22 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- name: Set up JDK 11
uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: '11'
- name: Set up JDK 11
uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: '11'
- name: Build with Gradle
run: gradle build
- name: Build with Gradle
run: gradle build
- name: Publish to GitHub Packages
run: gradle publish
env:
USERNAME: ${{ github.actor }}
PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Publish to GitHub Packages
run: gradle publish
env:
USERNAME: ${{ github.actor }}
PASSWORD: ${{ secrets.GITHUB_TOKEN }}
```
***NOTE: The `USERNAME` and `PASSWORD` need to correspond to the credentials environment variables used in the publishing section of your `build.gradle`.***
@@ -861,17 +861,17 @@ Toolchain entries are always merged non-destructively: existing JDK, custom, and
```yaml
steps:
- uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: |
8
11
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: |
8
11
- uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: '15'
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: '15'
```
The result is a Toolchain with entries for JDKs 8, 11 and 15. You can even combine this with custom JDKs of arbitrary versions:
@@ -880,7 +880,7 @@ The result is a Toolchain with entries for JDKs 8, 11 and 15. You can even combi
- run: |
download_url="https://example.com/java/jdk/6u45-b06/jdk-6u45-linux-x64.tar.gz"
wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
- uses: actions/setup-java@v5
- uses: actions/setup-java@v6
with:
distribution: 'jdkfile'
jdk-file: ${{ runner.temp }}/java_package.tar.gz
@@ -897,7 +897,7 @@ Each JDK provider will receive a default `vendor` using the `distribution` input
- run: |
download_url="https://example.com/java/jdk/6u45-b06/jdk-6u45-linux-x64.tar.gz"
wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
- uses: actions/setup-java@v5
- uses: actions/setup-java@v6
with:
distribution: 'jdkfile'
jdk-file: ${{ runner.temp }}/java_package.tar.gz
@@ -912,13 +912,13 @@ In case you install multiple versions of Java at once with multi-line `java-vers
```yaml
steps:
- uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: |
8
11
mvn-toolchain-vendor: Eclipse Temurin
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: |
8
11
mvn-toolchain-vendor: Eclipse Temurin
```
### Modifying The Toolchain ID For JDKs
@@ -926,28 +926,28 @@ Each JDK provider will receive a default `id` based on the combination of `distr
```yaml
steps:
- uses: actions/checkout@v6
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'some_other_id'
- run: java --version
- uses: actions/checkout@v7
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '11'
mvn-toolchain-id: 'some_other_id'
- run: java --version
```
In case you install multiple versions of Java at once you can use the same syntax as used in `java-versions`. Please note that you have to declare an ID for all Java versions that will be installed or the `mvn-toolchain-id` instruction will be skipped wholesale due to mapping ambiguities.
```yaml
steps:
- uses: actions/setup-java@v5
with:
distribution: '<distribution>'
java-version: |
8
11
mvn-toolchain-id: |
something_else
something_other
- uses: actions/setup-java@v6
with:
distribution: '<distribution>'
java-version: |
8
11
mvn-toolchain-id: |
something_else
something_other
```
## Java version file
@@ -1001,7 +1001,7 @@ steps:
**Example step using `Sdkman!`** (distribution inferred from `.sdkmanrc`):
```yml
- name: Setup java
uses: actions/setup-java@v5
uses: actions/setup-java@v6
with:
java-version-file: '.sdkmanrc'
```
@@ -1014,7 +1014,7 @@ java=17.0.7-tem
**Example step using `asdf`** (distribution inferred from `.tool-versions`):
```yml
- name: Setup java
uses: actions/setup-java@v5
uses: actions/setup-java@v6
with:
java-version-file: '.tool-versions'
```
@@ -1058,7 +1058,7 @@ steps:
- name: Trust the internal CA
run: echo "NODE_EXTRA_CA_CERTS=/etc/ssl/certs/internal-ca.pem" >> "$GITHUB_ENV"
- uses: actions/setup-java@v5
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '21'
@@ -1073,7 +1073,7 @@ steps:
echo "${{ secrets.INTERNAL_CA_PEM }}" > "${RUNNER_TEMP}/internal-ca.pem"
echo "NODE_EXTRA_CA_CERTS=${RUNNER_TEMP}/internal-ca.pem" >> "$GITHUB_ENV"
- uses: actions/setup-java@v5
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '21'
@@ -1101,7 +1101,7 @@ The JDK keeps its own trust store — a keystore named `cacerts` under `$JAVA_HO
```yaml
steps:
- uses: actions/setup-java@v5
- uses: actions/setup-java@v6
with:
distribution: 'temurin'
java-version: '21'
+16 -16
View File
@@ -4,13 +4,13 @@ The major breaking change in V2 is the new mandatory `distribution` input. This
Use the `zulu` keyword if you would like to continue using the same distribution as in V1.
```yaml
steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'zulu'
java-version: '11'
java-package: jdk # optional (jdk or jre) - defaults to jdk
- run: java -cp java HelloWorldApp
- uses: actions/checkout@v2
- uses: actions/setup-java@v2
with:
distribution: 'zulu'
java-version: '11'
java-package: jdk # optional (jdk or jre) - defaults to jdk
- run: java -cp java HelloWorldApp
```
**General recommendation** — configure CI with the same distribution that is used on your local dev machine.
@@ -19,15 +19,15 @@ steps:
Since the `distribution` input is required in V2, you should specify it using `jdkfile` to continue installing Java from a local file on the runner
```yaml
steps:
- run: |
download_url="https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.10%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz"
wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
- uses: actions/setup-java@v2
with:
distribution: 'jdkfile'
jdkFile: ${{ runner.temp }}/java_package.tar.gz
java-version: '11.0.0'
architecture: x64
- run: |
download_url="https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.10%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz"
wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
- uses: actions/setup-java@v2
with:
distribution: 'jdkfile'
jdkFile: ${{ runner.temp }}/java_package.tar.gz
java-version: '11.0.0'
architecture: x64
```
## Dropping legacy Java version syntax 1.x
+47 -20
View File
@@ -12,8 +12,16 @@ import {getBooleanInput} from './util.js';
export async function configureAuthentication() {
const id = core.getInput(constants.INPUT_SERVER_ID);
const username = core.getInput(constants.INPUT_SERVER_USERNAME);
const password = core.getInput(constants.INPUT_SERVER_PASSWORD);
const usernameEnvVar = getInputWithDeprecatedAlias(
constants.INPUT_SERVER_USERNAME_ENV_VAR,
constants.INPUT_SERVER_USERNAME_DEPRECATED,
constants.INPUT_DEFAULT_SERVER_USERNAME
);
const passwordEnvVar = getInputWithDeprecatedAlias(
constants.INPUT_SERVER_PASSWORD_ENV_VAR,
constants.INPUT_SERVER_PASSWORD_DEPRECATED,
constants.INPUT_DEFAULT_SERVER_PASSWORD
);
const settingsDirectory =
core.getInput(constants.INPUT_SETTINGS_PATH) ||
path.join(os.homedir(), constants.M2_DIR);
@@ -24,9 +32,11 @@ export async function configureAuthentication() {
const gpgPrivateKey =
core.getInput(constants.INPUT_GPG_PRIVATE_KEY) ||
constants.INPUT_DEFAULT_GPG_PRIVATE_KEY;
const gpgPassphrase =
core.getInput(constants.INPUT_GPG_PASSPHRASE) ||
(gpgPrivateKey ? constants.INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
const gpgPassphraseEnvVar = getInputWithDeprecatedAlias(
constants.INPUT_GPG_PASSPHRASE_ENV_VAR,
constants.INPUT_GPG_PASSPHRASE_DEPRECATED,
gpgPrivateKey ? constants.INPUT_DEFAULT_GPG_PASSPHRASE : undefined
);
if (gpgPrivateKey) {
core.setSecret(gpgPrivateKey);
@@ -34,11 +44,11 @@ export async function configureAuthentication() {
await createAuthenticationSettings(
id,
username,
password,
usernameEnvVar,
passwordEnvVar,
settingsDirectory,
overwriteSettings,
gpgPassphrase
gpgPassphraseEnvVar
);
if (gpgPrivateKey) {
@@ -48,13 +58,30 @@ export async function configureAuthentication() {
}
}
export function getInputWithDeprecatedAlias(
inputName: string,
deprecatedInputName: string,
defaultValue?: string
): string {
const value = core.getInput(inputName);
const deprecatedValue = core.getInput(deprecatedInputName);
if (deprecatedValue) {
core.warning(
`The '${deprecatedInputName}' input is deprecated and may be removed in a future release. Please use '${inputName}' instead.`
);
}
return value || deprecatedValue || defaultValue || '';
}
export async function createAuthenticationSettings(
id: string,
username: string,
password: string,
usernameEnvVar: string,
passwordEnvVar: string,
settingsDirectory: string,
overwriteSettings: boolean,
gpgPassphrase: string | undefined = undefined
gpgPassphraseEnvVar: string | undefined = undefined
) {
core.info(`Creating ${constants.MVN_SETTINGS_FILE} with server-id: ${id}`);
// when an alternate m2 location is specified use only that location (no .m2 directory)
@@ -62,7 +89,7 @@ export async function createAuthenticationSettings(
await io.mkdirP(settingsDirectory);
await write(
settingsDirectory,
generate(id, username, password, gpgPassphrase),
generate(id, usernameEnvVar, passwordEnvVar, gpgPassphraseEnvVar),
overwriteSettings
);
}
@@ -70,9 +97,9 @@ export async function createAuthenticationSettings(
// only exported for testing purposes
export function generate(
id: string,
username: string,
password: string,
gpgPassphrase?: string | undefined
usernameEnvVar: string,
passwordEnvVar: string,
gpgPassphraseEnvVar?: string | undefined
) {
const xmlObj: {[key: string]: any} = {
settings: {
@@ -85,8 +112,8 @@ export function generate(
server: [
{
id: id,
username: `\${env.${username}}`,
password: `\${env.${password}}`
username: `\${env.${usernameEnvVar}}`,
password: `\${env.${passwordEnvVar}}`
}
]
}
@@ -100,14 +127,14 @@ export function generate(
// are needed. Writing `gpg.passphrase` to settings.xml is deprecated and fails
// when the plugin's `bestPractices` mode is enabled.
if (
gpgPassphrase &&
gpgPassphrase !== constants.MAVEN_GPG_PASSPHRASE_DEFAULT_ENV
gpgPassphraseEnvVar &&
gpgPassphraseEnvVar !== constants.MAVEN_GPG_PASSPHRASE_DEFAULT_ENV
) {
xmlObj.settings.profiles = {
profile: {
id: constants.GPG_PASSPHRASE_PROFILE_ID,
properties: {
'gpg.passphraseEnvName': gpgPassphrase
'gpg.passphraseEnvName': gpgPassphraseEnvVar
}
}
};
+8 -3
View File
@@ -12,13 +12,18 @@ export const INPUT_PROBLEM_MATCHER = 'problem-matcher';
export const INPUT_VERIFY_SIGNATURE = 'verify-signature';
export const INPUT_VERIFY_SIGNATURE_PUBLIC_KEY = 'verify-signature-public-key';
export const INPUT_SERVER_ID = 'server-id';
export const INPUT_SERVER_USERNAME = 'server-username';
export const INPUT_SERVER_PASSWORD = 'server-password';
export const INPUT_SERVER_USERNAME_ENV_VAR = 'server-username-env-var';
export const INPUT_SERVER_PASSWORD_ENV_VAR = 'server-password-env-var';
export const INPUT_SERVER_USERNAME_DEPRECATED = 'server-username';
export const INPUT_SERVER_PASSWORD_DEPRECATED = 'server-password';
export const INPUT_SETTINGS_PATH = 'settings-path';
export const INPUT_OVERWRITE_SETTINGS = 'overwrite-settings';
export const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
export const INPUT_GPG_PASSPHRASE = 'gpg-passphrase';
export const INPUT_GPG_PASSPHRASE_ENV_VAR = 'gpg-passphrase-env-var';
export const INPUT_GPG_PASSPHRASE_DEPRECATED = 'gpg-passphrase';
export const INPUT_DEFAULT_SERVER_USERNAME = 'GITHUB_ACTOR';
export const INPUT_DEFAULT_SERVER_PASSWORD = 'GITHUB_TOKEN';
export const INPUT_DEFAULT_GPG_PRIVATE_KEY = undefined;
export const INPUT_DEFAULT_GPG_PASSPHRASE = 'GPG_PASSPHRASE';