bamanker/setup-graalvm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bamanker:v1.2.1
Branches Tags
bamanker:main bamanker:wip/25e1 bamanker:fniephaus/file-ext-windows bamanker:fniephaus/musl-update bamanker:fniephaus/esm-ncc bamanker:fniephaus/version-fix bamanker:fniephaus/fix-latest-to-22.3.2 bamanker:fniephaus/404-error-message bamanker:composite
bamanker:v1 bamanker:v1.4.4 bamanker:v1.4.3 bamanker:v1.4.2 bamanker:v1.4.1 bamanker:v1.4.0 bamanker:v1.3.7 bamanker:v1.3.6 bamanker:v1.3.5 bamanker:v1.3.4 bamanker:v1.3.3 bamanker:v1.3.2 bamanker:v1.3.1 bamanker:v1.3.0 bamanker:v1.2.8 bamanker:v1.2.7 bamanker:v1.2.6 bamanker:v1.2.5 bamanker:v1.2.4.1 bamanker:v1.2.4 bamanker:v1.2.3 bamanker:v1.2.2 bamanker:v1.2.1 bamanker:v1.2.0 bamanker:v1.1.9 bamanker:v1.1.8.2 bamanker:v1.1.8.1 bamanker:v1.1.8 bamanker:v1.1.7 bamanker:v1.1.6 bamanker:v1.1.5.1 bamanker:v1.1.5 bamanker:v1.1.4.2 bamanker:v1.1.4.1 bamanker:v1.1.4 bamanker:v1.1.3.1 bamanker:v1.1.3 bamanker:v1.1.2.1 bamanker:v1.1.2 bamanker:v1.1.1 bamanker:v1.1.0 bamanker:v1.0.12 bamanker:v1.0.11 bamanker:v1.0.10 bamanker:v1.0.9 bamanker:v1.0.8 bamanker:v1.0.7 bamanker:v1.0.6 bamanker:v1.0.5 bamanker:v1.0.4 bamanker:v1.0.3 bamanker:v1.0.2 bamanker:v1.0.1 bamanker:v1.0.0 bamanker:x86_64-linux-musl-10.2.1
...
compare: bamanker:v1.2.4
Branches Tags
bamanker:wip/25e1 bamanker:main bamanker:fniephaus/file-ext-windows bamanker:fniephaus/musl-update bamanker:fniephaus/esm-ncc bamanker:fniephaus/version-fix bamanker:fniephaus/fix-latest-to-22.3.2 bamanker:fniephaus/404-error-message bamanker:composite
bamanker:v1 bamanker:v1.4.4 bamanker:v1.4.3 bamanker:v1.4.2 bamanker:v1.4.1 bamanker:v1.4.0 bamanker:v1.3.7 bamanker:v1.3.6 bamanker:v1.3.5 bamanker:v1.3.4 bamanker:v1.3.3 bamanker:v1.3.2 bamanker:v1.3.1 bamanker:v1.3.0 bamanker:v1.2.8 bamanker:v1.2.7 bamanker:v1.2.6 bamanker:v1.2.5 bamanker:v1.2.4.1 bamanker:v1.2.4 bamanker:v1.2.3 bamanker:v1.2.2 bamanker:v1.2.1 bamanker:v1.2.0 bamanker:v1.1.9 bamanker:v1.1.8.2 bamanker:v1.1.8.1 bamanker:v1.1.8 bamanker:v1.1.7 bamanker:v1.1.6 bamanker:v1.1.5.1 bamanker:v1.1.5 bamanker:v1.1.4.2 bamanker:v1.1.4.1 bamanker:v1.1.4 bamanker:v1.1.3.1 bamanker:v1.1.3 bamanker:v1.1.2.1 bamanker:v1.1.2 bamanker:v1.1.1 bamanker:v1.1.0 bamanker:v1.0.12 bamanker:v1.0.11 bamanker:v1.0.10 bamanker:v1.0.9 bamanker:v1.0.8 bamanker:v1.0.7 bamanker:v1.0.6 bamanker:v1.0.5 bamanker:v1.0.4 bamanker:v1.0.3 bamanker:v1.0.2 bamanker:v1.0.1 bamanker:v1.0.0 bamanker:x86_64-linux-musl-10.2.1

14 Commits
v1.2.1 ... v1.2.4

Author SHA1 Message Date
Fabio Niephaus
6f327093bb Bump version to 1.2.4. 2024-10-15 15:02:57 +02:00
Fabio Niephaus
4873ae0b28 Add support for Oracle GraalVM via GDS. 2024-10-14 17:35:04 +02:00
Fabio Niephaus
c3163945bd Update dependency. 2024-10-14 17:35:04 +02:00
Fabio Niephaus
c60701d448 Upgrade to macos-12. 
`macos-11` was removed in June 2024:
https://github.blog/changelog/2024-05-20-actions-upcoming-changes-to-github-hosted-macos-runners/
 2024-08-12 11:44:53 +02:00
Fabio Niephaus
22cc13fe88 Bump version to 1.2.3. 2024-08-09 15:00:57 +02:00
Fabio Niephaus
6bb7c0d4f1 Update dist files. 2024-08-09 15:00:57 +02:00
Fabio Niephaus
ee6894e12f Polish native-image-pr-reports-update-existing. 2024-08-09 15:00:57 +02:00
Lauri Huotari (Github Mrflatt)
cc51024a44 Add input option to merge pr reports 2024-08-09 15:00:57 +02:00
Fabio Niephaus
2911b2304b Bump version to 1.2.1. 2024-06-18 17:53:39 +02:00
Fabio Niephaus
00a7ff5258 Update dist files. 2024-06-18 17:53:39 +02:00
Fabio Niephaus
010c924385 Adjust to updated GDS behavior. 2024-06-18 17:53:39 +02:00
Fabio Niephaus
bafd5b75bd Mention some newer Java versions. 2024-06-18 17:53:39 +02:00
dependabot[bot]
e92be2ccca Bump braces from 3.0.2 to 3.0.3 
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-18 10:58:38 +02:00
dependabot[bot]
809512d83d Bump undici from 5.28.3 to 5.28.4 
Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-28 18:37:22 +02:00
14 changed files with 975 additions and 169 deletions
Expand all files Collapse all files

16
.github/workflows/test.yml vendored
View File

@@ -29,10 +29,11 @@ jobs:
distribution: ['graalvm', 'graalvm-community']
os: [
ubuntu-latest,
macos-14, # macOS on Apple silicon
macos-12, # macOS on Intel
macos-latest, # macOS on Apple silicon
macos-12, # macOS on Intel
windows-latest
]
set-gds-token: [false]
components: ['']
include:
- java-version: 'latest-ea'
@@ -54,6 +55,14 @@ jobs:
- java-version: '21.0.0' # test for GA version (see #63)
distribution: 'graalvm'
os: ubuntu-latest
- java-version: '17'
distribution: 'graalvm'
os: ubuntu-latest
set-gds-token: true
- java-version: '17.0.12' # Upgrade to '17.0.13' after Oct 2024
distribution: 'graalvm'
os: ubuntu-latest
set-gds-token: true
steps:
- uses: actions/checkout@v4
- name: Run setup-graalvm action
@@ -63,6 +72,7 @@ jobs:
distribution: ${{ matrix.distribution }}
github-token: ${{ secrets.GITHUB_TOKEN }}
components: ${{ matrix.components }}
gds-token: ${{ matrix.set-gds-token && secrets.GDS_TOKEN || '' }}
- name: Check environment
run: |
echo "GRAALVM_HOME: $GRAALVM_HOME"
@@ -109,7 +119,7 @@ jobs:
- version: '22.3.1'
java-version: '11' # for JDK 11 notification
components: 'native-image'
os: macos-11
os: macos-12
- version: '22.3.1'
java-version: '17'
components: 'native-image'

96
README.md
View File

@@ -80,8 +80,7 @@ jobs:
path: helloworld*
```
<details>
<summary><h4>Template for Oracle GraalVM Early Access (EA) builds</h4></summary>
### Template for Oracle GraalVM Early Access (EA) builds
```yml
name: Oracle GraalVM Early Access build
@@ -93,18 +92,36 @@ jobs:
- uses: actions/checkout@v4
- uses: graalvm/setup-graalvm@v1
with:
java-version: '23-ea' # or 'latest-ea' for the latest Java version available
java-version: '24-ea' # or 'latest-ea' for the latest Java version available
distribution: 'graalvm'
github-token: ${{ secrets.GITHUB_TOKEN }}
```
</details>
<details>
<summary><h4>Template for older GraalVM releases</h4></summary>
<summary><h4>Template for Oracle GraalVM via GraalVM Download Service</h4></summary>
#### Prerequisites
1. Obtain a token for the GraalVM Download Service. For this, replace `your@email.com` with your email address and run the following `curl` command:
```bash
curl -sS -X POST "https://gds.oracle.com/api/20220101/licenseAcceptance" \
-H "Content-Type: application/json" \
-d "{ \"email\": \"your@email.com\", \"licenseId\": \"D53FA58D12817B3CE0530F15000A74CA\", \"type\": \"GENERATE_TOKEN_AND_ACCEPT_LICENSE\"}"
```
The response should look like this:
```json
{"token":"<your-token>","status":"UNVERIFIED"}
```
2. Store the value of `<your-token>` as a [GitHub Action secret][gha-secrets]. For the following template, we use the name `GDS_TOKEN`.
3. Check your emails and accept the license to activate the token.
4. Use `java-version: '17'` (or a specific version such as `17.0.13`) and provide the `GDS_TOKEN` as shown in the following template:
```yml
name: GraalVM build
name: Build with Oracle GraalVM for JDK 17 via GDS
on: [push, pull_request]
jobs:
build:
@@ -113,10 +130,14 @@ jobs:
- uses: actions/checkout@v4
- uses: graalvm/setup-graalvm@v1
with:
version: '22.3.2' # GraalVM version
distribution: 'graalvm'
java-version: '17'
components: 'native-image'
gds-token: ${{ secrets.GDS_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Example step
run: |
java --version
native-image --version
```
</details>
@@ -129,7 +150,7 @@ jobs:
1. Download the version of [GraalVM Enterprise Edition (EE)][graalvm-ee] you want to run on GitHub Actions.
2. Use the [GraalVM Updater][gu] to install the GraalVM components you need on GitHub Actions and accept the corresponding licenses.
3. Run `$GRAALVM_HOME/bin/gu --show-ee-token` to display your token for the GraalVM Download Service.
4. Store this token as a [GitHub Action secret][gha-secrets]. For this template, we use the name `GDS_TOKEN`.
4. Store this token as a [GitHub Action secret][gha-secrets]. In the following template, we use the name `GDS_TOKEN`.
```yml
name: GraalVM Enterprise Edition build
@@ -155,6 +176,39 @@ jobs:
</details>
## Options
| Name | Default | Description |
|-----------------|:--------:|-------------|
| `java-version`<br>*(required)* | n/a | Java version <ul><li>major versions: `'21'`, `'17'`, `'11'`, `'8'`</li><li>specific versions: `'21.0.3'`, `'17.0.11'`</li><li>early access (EA) builds: `'23-ea'` *(requires `distribution: 'graalvm'`)*</li><li>latest EA build: `'latest-ea'` *(requires `distribution: 'graalvm'`)*</li><li>dev builds: `'dev'`</li></ul> |
| `distribution` | `'graalvm'` | GraalVM distribution <ul><li>Oracle GraalVM: `'graalvm'`</li><li>GraalVM Community Edition: `'graalvm-community'`</li><li>Mandrel: `'mandrel'`</li><li>Liberica: `'liberica'`</li></ul> |
| `java-package` | `'jdk'` | The package type (`'jdk'` or `'jdk+fx'`). Currently applies to Liberica only. |
| `github-token` | `'${{ github.token }}'` | Token for communication with the GitHub API. Please set this to `${{ secrets.GITHUB_TOKEN }}` (see [templates](#templates)) to allow the action to authenticate with the GitHub API, which helps reduce rate-limiting issues. |
| `set-java-home` | `'true'` | If set to `'true'`, instructs the action to set `$JAVA_HOME` to the path of the GraalVM installation. Overrides any previous action or command that sets `$JAVA_HOME`. |
| `cache` | `''` | Name of the build platform to cache dependencies. Turned off by default (`''`). It can also be `'maven'`, `'gradle'`, or `'sbt'` and works the same way as described in [actions/setup-java][setup-java-caching]. |
| `check-for-updates` | `'true'` | [Annotate jobs][gha-annotations] with update notifications, for example when a new GraalVM release is available. |
| `native-image-musl` | `'false'` | If set to `'true'`, sets up [musl] to build [static binaries][native-image-static] with GraalVM Native Image *(Linux only)*. [Example usage][native-image-musl-build] (be sure to replace `uses: ./` with `uses: graalvm/setup-graalvm@v1`). |
| `native-image-job-reports` *) | `'false'` | If set to `'true'`, post a job summary containing a Native Image build report. |
| `native-image-pr-reports` *) | `'false'` | If set to `'true'`, post a comment containing a Native Image build report on pull requests. Requires `write` permissions for the [`pull-requests` scope][gha-permissions]. |
| `native-image-pr-reports-update-existing` *) | `'false'` | Instead of posting another comment, update an existing PR comment with the latest Native Image build report. Requires `native-image-pr-reports` to be `true`. |
| `components` | `''` | Comma-separated list of GraalVM components (e.g., `native-image` or `ruby,nodejs`) that will be installed by the [GraalVM Updater][gu]. |
| `version` | `''` | `X.Y.Z` (e.g., `22.3.0`) for a specific [GraalVM release][releases] up to `22.3.2`<br>`mandrel-X.Y.Z.W` or `X.Y.Z.W-Final` (e.g., `mandrel-21.3.0.0-Final` or `21.3.0.0-Final`) for a specific [Mandrel release][mandrel-releases],<br>`mandrel-latest` or `latest` for the latest Mandrel stable release. |
| `gds-token` | `''` | Download token for the GraalVM Download Service. at <> Store this token as a [GitHub Action secret][gha-secrets]. For thie followingtemplate, we use the name `GDS_TOKEN`.. If a non-empty token is provided, the action will set up GraalVM Enterprise Edition (see [GraalVM EE template](#template-for-graalvm-enterprise-edition)). |
**) Make sure that Native Image is used only once per build job. Otherwise, the report is only generated for the last Native Image build.*
## Notes on Oracle GraalVM for JDK 17
GraalVM for JDK 17.0.12 is the [last release of Oracle GraalVM for JDK 17 under the GFTC](https://blogs.oracle.com/java/post/jdk-17-approaches-endofpermissive-license).
Updates after September 2024 will be licensed under the [GraalVM OTN License Including License for Early Adopter Versions](https://www.oracle.com/downloads/licenses/graalvm-otn-license.html) (GOTN) and production use beyond the limited free grants of the GraalVM OTN license will require a fee.
As a user of `setup-graalvm`, you have the following options:
- *Recommended*: Upgrade to Oracle GraalVM for JDK 21 or later to receive new updates.
- *Not recommended*: Instead of `java-version: '17'`, use `java-version: '17.0.12'` in your workflow to keep using the last release under GFTC. This will also disable the warning. Note that switching to GraalVM Community Edition or other GraalVM distributions might provide you with even older releases of GraalVM.
- Provide a `gds-token` to access Oracle GraalVM for JDK 17 under GOTN (see [Oracle GraalVM via GDS template](#template-for-oracle-graalvm-via-graalvm-download-service)).
## Migrating from GraalVM 22.3 or Earlier to the New GraalVM for JDK 17 and Later
The [GraalVM for JDK 17 and JDK 20 release](https://medium.com/graalvm/a-new-graalvm-release-and-new-free-license-4aab483692f5) aligns the GraalVM version scheme with OpenJDK.
@@ -183,27 +237,6 @@ can be replaced with:
```
## Options
| Name | Default | Description |
|-----------------|:--------:|-------------|
| `java-version`<br>*(required)* | n/a | Java version <ul><li>major versions: `'21'`, `'17'`, `'11'`, `'8'`</li><li>specific versions: `'21.0.2'`, `'17.0.7'`</li><li>early access (EA) builds: `'22-ea'` *(requires `distribution: 'graalvm'`)*</li><li>latest EA build: `'latest-ea'` *(requires `distribution: 'graalvm'`)*</li><li>dev builds: `'dev'`</li></ul> |
| `distribution` | `'graalvm'` | GraalVM distribution <ul><li>Oracle GraalVM: `'graalvm'`</li><li>GraalVM Community Edition: `'graalvm-community'`</li><li>Mandrel: `'mandrel'`</li><li>Liberica: `'liberica'`</li></ul> |
| `java-package` | `'jdk'` | The package type (`'jdk'` or `'jdk+fx'`). Currently applies to Liberica only. |
| `github-token` | `'${{ github.token }}'` | Token for communication with the GitHub API. Please set this to `${{ secrets.GITHUB_TOKEN }}` (see [templates](#templates)) to allow the action to authenticate with the GitHub API, which helps reduce rate-limiting issues. |
| `set-java-home` | `'true'` | If set to `'true'`, instructs the action to set `$JAVA_HOME` to the path of the GraalVM installation. Overrides any previous action or command that sets `$JAVA_HOME`. |
| `cache` | `''` | Name of the build platform to cache dependencies. Turned off by default (`''`). It can also be `'maven'`, `'gradle'`, or `'sbt'` and works the same way as described in [actions/setup-java][setup-java-caching]. |
| `check-for-updates` | `'true'` | [Annotate jobs][gha-annotations] with update notifications, for example when a new GraalVM release is available. |
| `native-image-musl` | `'false'` | If set to `'true'`, sets up [musl] to build [static binaries][native-image-static] with GraalVM Native Image *(Linux only)*. [Example usage][native-image-musl-build] (be sure to replace `uses: ./` with `uses: graalvm/setup-graalvm@v1`). |
| `native-image-job-reports` *) | `'false'` | If set to `'true'`, post a job summary containing a Native Image build report. |
| `native-image-pr-reports` *) | `'false'` | If set to `'true'`, post a comment containing a Native Image build report on pull requests. Requires `write` permissions for the [`pull-requests` scope][gha-permissions]. |
| `components` | `''` | Comma-separated list of GraalVM components (e.g., `native-image` or `ruby,nodejs`) that will be installed by the [GraalVM Updater][gu]. |
| `version` | `''` | `X.Y.Z` (e.g., `22.3.0`) for a specific [GraalVM release][releases] up to `22.3.2`<br>`mandrel-X.Y.Z.W` or `X.Y.Z.W-Final` (e.g., `mandrel-21.3.0.0-Final` or `21.3.0.0-Final`) for a specific [Mandrel release][mandrel-releases],<br>`mandrel-latest` or `latest` for the latest Mandrel stable release. |
| `gds-token` | `''` | Download token for the GraalVM Download Service. If a non-empty token is provided, the action will set up GraalVM Enterprise Edition (see [GraalVM EE template](#template-for-graalvm-enterprise-edition)). |
**) Make sure that Native Image is used only once per build job. Otherwise, the report is only generated for the last Native Image build.*
## Contributing
We welcome code contributions. To get started, you will need to sign the [Oracle Contributor Agreement][oca] (OCA).
@@ -214,6 +247,7 @@ Only pull requests from committers that can be verified as having signed the OCA
[dev-build]: https://github.com/graalvm/graalvm-ce-dev-builds/releases/latest
[dev-builds]: https://github.com/graalvm/graalvm-ce-dev-builds
[ea-builds]: https://github.com/graalvm/oracle-graalvm-ea-builds
[gftc]: https://www.oracle.com/downloads/licenses/graal-free-license.html
[gha-annotations]: https://github.com/actions/toolkit/tree/main/packages/core#annotations
[gha-permissions]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[gha-secrets]: https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository

45
__tests__/gds.test.ts
View File

@@ -1,5 +1,10 @@
import * as path from 'path'
import {downloadGraalVMEELegacy, fetchArtifact} from '../src/gds'
import {
downloadGraalVM,
downloadGraalVMEELegacy,
fetchArtifact,
fetchArtifactEE
} from '../src/gds'
import {expect, test} from '@jest/globals'
const TEST_USER_AGENT = 'GraalVMGitHubActionTest/1.0.4'
@@ -7,7 +12,28 @@ const TEST_USER_AGENT = 'GraalVMGitHubActionTest/1.0.4'
process.env['RUNNER_TEMP'] = path.join(__dirname, 'TEMP')
test('fetch artifacts', async () => {
let artifact = await fetchArtifact(
let artifact = await fetchArtifact(TEST_USER_AGENT, 'isBase:True', '17.0.12')
expect(artifact.id).toBe('1C351E8F41BB8E9EE0631518000AE5F2')
expect(artifact.checksum).toBe(
'b6f3dace24cf1960ec790216f4c86f00d4f43df64e4e8b548f6382f04894713f'
)
artifact = await fetchArtifact(TEST_USER_AGENT, 'isBase:True', '17')
expect(artifact.checksum).toHaveLength(
'b6f3dace24cf1960ec790216f4c86f00d4f43df64e4e8b548f6382f04894713f'.length
)
})
test('errors when downloading artifacts', async () => {
await expect(downloadGraalVM('invalid', '17')).rejects.toThrow(
'The provided "gds-token" was rejected (reason: "Invalid download token", opc-request-id: '
)
await expect(downloadGraalVM('invalid', '1')).rejects.toThrow(
'Unable to find GraalVM for JDK 1'
)
})
test('fetch legacy artifacts', async () => {
let artifact = await fetchArtifactEE(
TEST_USER_AGENT,
'isBase:True',
'22.1.0',
@@ -17,25 +43,30 @@ test('fetch artifacts', async () => {
expect(artifact.checksum).toBe(
'4280782f6c7fcabe0ba707e8389cbfaf7bbe6b0cf634d309e6efcd1b172e3ce6'
)
artifact = await fetchArtifact(TEST_USER_AGENT, 'isBase:True', '22.1.0', '17')
artifact = await fetchArtifactEE(
TEST_USER_AGENT,
'isBase:True',
'22.1.0',
'17'
)
expect(artifact.id).toBe('DCECD2068882A0E9E0536E16000A9504')
expect(artifact.checksum).toBe(
'e897add7d94bc456a61e6f927e831dff759efa3392a4b69c720dd3debc8f947d'
)
await expect(
fetchArtifact(TEST_USER_AGENT, 'isBase:False', '22.1.0', '11')
fetchArtifactEE(TEST_USER_AGENT, 'isBase:False', '22.1.0', '11')
).rejects.toThrow('Found more than one GDS artifact')
await expect(
fetchArtifact(TEST_USER_AGENT, 'isBase:True', '1.0.0', '11')
fetchArtifactEE(TEST_USER_AGENT, 'isBase:True', '1.0.0', '11')
).rejects.toThrow('Unable to find JDK11-based GraalVM EE 1.0.0')
})
test('errors when downloading artifacts', async () => {
test('errors when downloading legacy artifacts', async () => {
await expect(
downloadGraalVMEELegacy('invalid', '22.1.0', '11')
).rejects.toThrow(
'The provided "gds-token" was rejected (reason: "Invalid download token", opc-request-id: /'
'The provided "gds-token" was rejected (reason: "Invalid download token", opc-request-id: '
)
await expect(
downloadGraalVMEELegacy('invalid', '1.0.0', '11')

4
action.yml
View File

@@ -47,6 +47,10 @@ inputs:
required: false
description: 'Post a comment containing a Native Image build report on pull requests.'
default: 'false'
native-image-pr-reports-update-existing:
required: false
description: 'Instead of posting another comment, update an existing PR comment with the latest Native Image build report.'
default: 'false'
version:
required: false
description: 'GraalVM version (release, latest, dev).'

355
dist/cleanup/index.js generated vendored
View File

@@ -67431,6 +67431,132 @@ function onConnectTimeout (socket) {
module.exports = buildConnector
/***/ }),
/***/ 4462:
/***/ ((module) => {
"use strict";
/** @type {Record<string, string | undefined>} */
const headerNameLowerCasedRecord = {}
// https://developer.mozilla.org/docs/Web/HTTP/Headers
const wellknownHeaderNames = [
'Accept',
'Accept-Encoding',
'Accept-Language',
'Accept-Ranges',
'Access-Control-Allow-Credentials',
'Access-Control-Allow-Headers',
'Access-Control-Allow-Methods',
'Access-Control-Allow-Origin',
'Access-Control-Expose-Headers',
'Access-Control-Max-Age',
'Access-Control-Request-Headers',
'Access-Control-Request-Method',
'Age',
'Allow',
'Alt-Svc',
'Alt-Used',
'Authorization',
'Cache-Control',
'Clear-Site-Data',
'Connection',
'Content-Disposition',
'Content-Encoding',
'Content-Language',
'Content-Length',
'Content-Location',
'Content-Range',
'Content-Security-Policy',
'Content-Security-Policy-Report-Only',
'Content-Type',
'Cookie',
'Cross-Origin-Embedder-Policy',
'Cross-Origin-Opener-Policy',
'Cross-Origin-Resource-Policy',
'Date',
'Device-Memory',
'Downlink',
'ECT',
'ETag',
'Expect',
'Expect-CT',
'Expires',
'Forwarded',
'From',
'Host',
'If-Match',
'If-Modified-Since',
'If-None-Match',
'If-Range',
'If-Unmodified-Since',
'Keep-Alive',
'Last-Modified',
'Link',
'Location',
'Max-Forwards',
'Origin',
'Permissions-Policy',
'Pragma',
'Proxy-Authenticate',
'Proxy-Authorization',
'RTT',
'Range',
'Referer',
'Referrer-Policy',
'Refresh',
'Retry-After',
'Sec-WebSocket-Accept',
'Sec-WebSocket-Extensions',
'Sec-WebSocket-Key',
'Sec-WebSocket-Protocol',
'Sec-WebSocket-Version',
'Server',
'Server-Timing',
'Service-Worker-Allowed',
'Service-Worker-Navigation-Preload',
'Set-Cookie',
'SourceMap',
'Strict-Transport-Security',
'Supports-Loading-Mode',
'TE',
'Timing-Allow-Origin',
'Trailer',
'Transfer-Encoding',
'Upgrade',
'Upgrade-Insecure-Requests',
'User-Agent',
'Vary',
'Via',
'WWW-Authenticate',
'X-Content-Type-Options',
'X-DNS-Prefetch-Control',
'X-Frame-Options',
'X-Permitted-Cross-Domain-Policies',
'X-Powered-By',
'X-Requested-With',
'X-XSS-Protection'
]
for (let i = 0; i < wellknownHeaderNames.length; ++i) {
const key = wellknownHeaderNames[i]
const lowerCasedKey = key.toLowerCase()
headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =
lowerCasedKey
}
// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
Object.setPrototypeOf(headerNameLowerCasedRecord, null)
module.exports = {
wellknownHeaderNames,
headerNameLowerCasedRecord
}
/***/ }),
/***/ 8045:
@@ -68263,6 +68389,7 @@ const { InvalidArgumentError } = __nccwpck_require__(8045)
const { Blob } = __nccwpck_require__(4300)
const nodeUtil = __nccwpck_require__(3837)
const { stringify } = __nccwpck_require__(3477)
const { headerNameLowerCasedRecord } = __nccwpck_require__(4462)
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
@@ -68472,6 +68599,15 @@ function parseKeepAliveTimeout (val) {
return m ? parseInt(m[1], 10) * 1000 : null
}
/**
* Retrieves a header name and returns its lowercase value.
* @param {string | Buffer} value Header name
* @returns {string}
*/
function headerNameToString (value) {
return headerNameLowerCasedRecord[value] || value.toLowerCase()
}
function parseHeaders (headers, obj = {}) {
// For H2 support
if (!Array.isArray(headers)) return headers
@@ -68743,6 +68879,7 @@ module.exports = {
isIterable,
isAsyncIterable,
isDestroyed,
headerNameToString,
parseRawHeaders,
parseHeaders,
parseKeepAliveTimeout,
@@ -75390,14 +75527,18 @@ const { isBlobLike, toUSVString, ReadableStreamFrom } = __nccwpck_require__(3983
const assert = __nccwpck_require__(9491)
const { isUint8Array } = __nccwpck_require__(9830)
let supportedHashes = []
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
/** @type {import('crypto')|undefined} */
let crypto
try {
crypto = __nccwpck_require__(6113)
const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
/* c8 ignore next 3 */
} catch {
}
function responseURL (response) {
@@ -75925,66 +76066,56 @@ function bytesMatch (bytes, metadataList) {
return true
}
// 3. If parsedMetadata is the empty set, return true.
// 3. If response is not eligible for integrity validation, return false.
// TODO
// 4. If parsedMetadata is the empty set, return true.
if (parsedMetadata.length === 0) {
return true
}
// 4. Let metadata be the result of getting the strongest
// 5. Let metadata be the result of getting the strongest
// metadata from parsedMetadata.
const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo))
// get the strongest algorithm
const strongest = list[0].algo
// get all entries that use the strongest algorithm; ignore weaker
const metadata = list.filter((item) => item.algo === strongest)
const strongest = getStrongestMetadata(parsedMetadata)
const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)
// 5. For each item in metadata:
// 6. For each item in metadata:
for (const item of metadata) {
// 1. Let algorithm be the alg component of item.
const algorithm = item.algo
// 2. Let expectedValue be the val component of item.
let expectedValue = item.hash
const expectedValue = item.hash
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
// "be liberal with padding". This is annoying, and it's not even in the spec.
if (expectedValue.endsWith('==')) {
expectedValue = expectedValue.slice(0, -2)
}
// 3. Let actualValue be the result of applying algorithm to bytes.
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
if (actualValue.endsWith('==')) {
actualValue = actualValue.slice(0, -2)
if (actualValue[actualValue.length - 1] === '=') {
if (actualValue[actualValue.length - 2] === '=') {
actualValue = actualValue.slice(0, -2)
} else {
actualValue = actualValue.slice(0, -1)
}
}
// 4. If actualValue is a case-sensitive match for expectedValue,
// return true.
if (actualValue === expectedValue) {
return true
}
let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')
if (actualBase64URL.endsWith('==')) {
actualBase64URL = actualBase64URL.slice(0, -2)
}
if (actualBase64URL === expectedValue) {
if (compareBase64Mixed(actualValue, expectedValue)) {
return true
}
}
// 6. Return false.
// 7. Return false.
return false
}
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
// https://www.w3.org/TR/CSP2/#source-list-syntax
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
const parseHashWithOptions = /((?<algo>sha256|sha384|sha512)-(?<hash>[A-z0-9+/]{1}.*={0,2}))( +[\x21-\x7e]?)?/i
const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i
/**
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
@@ -75998,8 +76129,6 @@ function parseMetadata (metadata) {
// 2. Let empty be equal to true.
let empty = true
const supportedHashes = crypto.getHashes()
// 3. For each token returned by splitting metadata on spaces:
for (const token of metadata.split(' ')) {
// 1. Set empty to false.
@@ -76009,7 +76138,11 @@ function parseMetadata (metadata) {
const parsedToken = parseHashWithOptions.exec(token)
// 3. If token does not parse, continue to the next token.
if (parsedToken === null || parsedToken.groups === undefined) {
if (
parsedToken === null ||
parsedToken.groups === undefined ||
parsedToken.groups.algo === undefined
) {
// Note: Chromium blocks the request at this point, but Firefox
// gives a warning that an invalid integrity was given. The
// correct behavior is to ignore these, and subsequently not
@@ -76018,11 +76151,11 @@ function parseMetadata (metadata) {
}
// 4. Let algorithm be the hash-algo component of token.
const algorithm = parsedToken.groups.algo
const algorithm = parsedToken.groups.algo.toLowerCase()
// 5. If algorithm is a hash function recognized by the user
// agent, add the parsed token to result.
if (supportedHashes.includes(algorithm.toLowerCase())) {
if (supportedHashes.includes(algorithm)) {
result.push(parsedToken.groups)
}
}
@@ -76035,6 +76168,82 @@ function parseMetadata (metadata) {
return result
}
/**
* @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
*/
function getStrongestMetadata (metadataList) {
// Let algorithm be the algo component of the first item in metadataList.
// Can be sha256
let algorithm = metadataList[0].algo
// If the algorithm is sha512, then it is the strongest
// and we can return immediately
if (algorithm[3] === '5') {
return algorithm
}
for (let i = 1; i < metadataList.length; ++i) {
const metadata = metadataList[i]
// If the algorithm is sha512, then it is the strongest
// and we can break the loop immediately
if (metadata.algo[3] === '5') {
algorithm = 'sha512'
break
// If the algorithm is sha384, then a potential sha256 or sha384 is ignored
} else if (algorithm[3] === '3') {
continue
// algorithm is sha256, check if algorithm is sha384 and if so, set it as
// the strongest
} else if (metadata.algo[3] === '3') {
algorithm = 'sha384'
}
}
return algorithm
}
function filterMetadataListByAlgorithm (metadataList, algorithm) {
if (metadataList.length === 1) {
return metadataList
}
let pos = 0
for (let i = 0; i < metadataList.length; ++i) {
if (metadataList[i].algo === algorithm) {
metadataList[pos++] = metadataList[i]
}
}
metadataList.length = pos
return metadataList
}
/**
* Compares two base64 strings, allowing for base64url
* in the second string.
*
* @param {string} actualValue always base64
* @param {string} expectedValue base64 or base64url
* @returns {boolean}
*/
function compareBase64Mixed (actualValue, expectedValue) {
if (actualValue.length !== expectedValue.length) {
return false
}
for (let i = 0; i < actualValue.length; ++i) {
if (actualValue[i] !== expectedValue[i]) {
if (
(actualValue[i] === '+' && expectedValue[i] === '-') ||
(actualValue[i] === '/' && expectedValue[i] === '_')
) {
continue
}
return false
}
}
return true
}
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
// TODO
@@ -76450,7 +76659,8 @@ module.exports = {
urlHasHttpsScheme,
urlIsHttpHttpsScheme,
readAllBytes,
normalizeMethodRecord
normalizeMethodRecord,
parseMetadata
}
@@ -78537,12 +78747,17 @@ function parseLocation (statusCode, headers) {
// https://tools.ietf.org/html/rfc7231#section-6.4.4
function shouldRemoveHeader (header, removeContent, unknownOrigin) {
return (
(header.length === 4 && header.toString().toLowerCase() === 'host') ||
(removeContent && header.toString().toLowerCase().indexOf('content-') === 0) ||
(unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') ||
(unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie')
)
if (header.length === 4) {
return util.headerNameToString(header) === 'host'
}
if (removeContent && util.headerNameToString(header).startsWith('content-')) {
return true
}
if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
const name = util.headerNameToString(header)
return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
}
return false
}
// https://tools.ietf.org/html/rfc7231#section-6.4
@@ -90199,7 +90414,8 @@ else {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ERROR_HINT = exports.ERROR_REQUEST = exports.EVENT_NAME_PULL_REQUEST = exports.ENV_GITHUB_EVENT_NAME = exports.GDS_GRAALVM_PRODUCT_ID = exports.GDS_BASE = exports.MANDREL_NAMESPACE = exports.GRAALVM_RELEASES_REPO = exports.GRAALVM_PLATFORM = exports.GRAALVM_GH_USER = exports.GRAALVM_FILE_EXTENSION = exports.GRAALVM_ARCH = exports.JDK_HOME_SUFFIX = exports.JDK_PLATFORM = exports.JDK_ARCH = exports.VERSION_LATEST = exports.VERSION_DEV = exports.DISTRIBUTION_LIBERICA = exports.DISTRIBUTION_MANDREL = exports.DISTRIBUTION_GRAALVM_COMMUNITY = exports.DISTRIBUTION_GRAALVM = exports.EXECUTABLE_SUFFIX = exports.IS_WINDOWS = exports.IS_MACOS = exports.IS_LINUX = exports.INPUT_NI_MUSL = exports.INPUT_CHECK_FOR_UPDATES = exports.INPUT_CACHE = exports.INPUT_SET_JAVA_HOME = exports.INPUT_GITHUB_TOKEN = exports.INPUT_COMPONENTS = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_JAVA_VERSION = exports.INPUT_GDS_TOKEN = exports.INPUT_VERSION = void 0;
exports.ERROR_HINT = exports.ERROR_REQUEST = exports.EVENT_NAME_PULL_REQUEST = exports.ENV_GITHUB_EVENT_NAME = exports.GDS_GRAALVM_PRODUCT_ID = exports.GDS_BASE = exports.MANDREL_NAMESPACE = exports.GRAALVM_RELEASES_REPO = exports.GRAALVM_PLATFORM = exports.GRAALVM_GH_USER = exports.GRAALVM_FILE_EXTENSION = exports.GRAALVM_ARCH = exports.JDK_HOME_SUFFIX = exports.JDK_PLATFORM = exports.JDK_ARCH = exports.VERSION_LATEST = exports.VERSION_DEV = exports.DISTRIBUTION_LIBERICA = exports.DISTRIBUTION_MANDREL = exports.DISTRIBUTION_GRAALVM_COMMUNITY = exports.DISTRIBUTION_GRAALVM = exports.EXECUTABLE_SUFFIX = exports.IS_WINDOWS = exports.IS_MACOS = exports.IS_LINUX = exports.INPUT_NI_MUSL = exports.INPUT_CHECK_FOR_UPDATES = exports.INPUT_CACHE = exports.INPUT_SET_JAVA_HOME = exports.INPUT_GITHUB_TOKEN = exports.INPUT_COMPONENTS = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_JAVA_VERSION = exports.INPUT_GDS_TOKEN = exports.INPUT_VERSION = exports.ACTION_VERSION = void 0;
exports.ACTION_VERSION = '1.2.4';
exports.INPUT_VERSION = 'version';
exports.INPUT_GDS_TOKEN = 'gds-token';
exports.INPUT_JAVA_VERSION = 'java-version';
@@ -90564,9 +90780,11 @@ const BYTES_TO_GiB = 1024 * 1024 * 1024;
const DOCS_BASE = 'https://github.com/oracle/graal/blob/master/docs/reference-manual/native-image/BuildOutput.md';
const INPUT_NI_JOB_REPORTS = 'native-image-job-reports';
const INPUT_NI_PR_REPORTS = 'native-image-pr-reports';
const INPUT_NI_PR_REPORTS_UPDATE = 'native-image-pr-reports-update-existing';
const NATIVE_IMAGE_CONFIG_FILE = (0, path_1.join)((0, os_1.tmpdir)(), 'native-image-options.properties');
const NATIVE_IMAGE_OPTIONS_ENV = 'NATIVE_IMAGE_OPTIONS';
const NATIVE_IMAGE_CONFIG_FILE_ENV = 'NATIVE_IMAGE_CONFIG_FILE';
const PR_COMMENT_TITLE = '## GraalVM Native Image Build Report';
function setUpNativeImageBuildReports(isGraalVMforJDK17OrLater, javaVersionOrDev, graalVMVersion) {
return __awaiter(this, void 0, void 0, function* () {
const isRequired = areJobReportsEnabled() || arePRReportsEnabled();
@@ -90600,7 +90818,16 @@ function generateReports() {
core.summary.write();
}
if (arePRReportsEnabled()) {
(0, utils_1.createPRComment)(report);
if (arePRReportsUpdateEnabled()) {
const commentId = yield (0, utils_1.findExistingPRCommentId)(PR_COMMENT_TITLE);
if (commentId) {
return (0, utils_1.updatePRComment)(report, commentId);
}
}
return (0, utils_1.createPRComment)(report);
}
else if (arePRReportsUpdateEnabled()) {
throw new Error(`'${INPUT_NI_PR_REPORTS_UPDATE}' option requires '${INPUT_NI_PR_REPORTS}' to be set 'true'`);
}
}
});
@@ -90612,6 +90839,9 @@ function areJobReportsEnabled() {
function arePRReportsEnabled() {
return (0, utils_1.isPREvent)() && core.getInput(INPUT_NI_PR_REPORTS) === 'true';
}
function arePRReportsUpdateEnabled() {
return (0, utils_1.isPREvent)() && core.getInput(INPUT_NI_PR_REPORTS_UPDATE) === 'true';
}
function setNativeImageOption(javaVersionOrDev, optionValue) {
const coercedJavaVersionOrDev = semver.coerce(javaVersionOrDev);
if ((coercedJavaVersionOrDev &&
@@ -90713,7 +90943,7 @@ function createReport(data) {
totalTime = ` in ${secondsToHuman(resources.total_secs)}`;
gcTotalTimeRatio = ` (${toPercent(resources.garbage_collection.total_secs, resources.total_secs)} of total time)`;
}
return `## GraalVM Native Image Build Report
return `${PR_COMMENT_TITLE}
\`${info.name}\` generated${totalTime} as part of the '${context.job}' job in run <a href="${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}" target="_blank">#${context.runNumber}</a>.
@@ -90911,7 +91141,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.createPRComment = exports.isPREvent = exports.toSemVer = exports.calculateSHA256 = exports.downloadExtractAndCacheJDK = exports.downloadAndExtractJDK = exports.getMatchingTags = exports.getTaggedRelease = exports.getContents = exports.getLatestRelease = exports.exec = void 0;
exports.createPRComment = exports.updatePRComment = exports.findExistingPRCommentId = exports.isPREvent = exports.toSemVer = exports.calculateSHA256 = exports.downloadExtractAndCacheJDK = exports.downloadAndExtractJDK = exports.getMatchingTags = exports.getTaggedRelease = exports.getContents = exports.getLatestRelease = exports.exec = void 0;
const c = __importStar(__nccwpck_require__(9042));
const core = __importStar(__nccwpck_require__(2186));
const github = __importStar(__nccwpck_require__(5438));
@@ -91068,6 +91298,41 @@ exports.isPREvent = isPREvent;
function getGitHubToken() {
return core.getInput(c.INPUT_GITHUB_TOKEN);
}
function findExistingPRCommentId(bodyStartsWith) {
return __awaiter(this, void 0, void 0, function* () {
var _a;
if (!isPREvent()) {
throw new Error('Not a PR event.');
}
const context = github.context;
const octokit = github.getOctokit(getGitHubToken());
try {
const comments = yield octokit.paginate(octokit.rest.issues.listComments, Object.assign(Object.assign({}, context.repo), { issue_number: (_a = context.payload.pull_request) === null || _a === void 0 ? void 0 : _a.number }));
const matchingComment = comments.reverse().find(comment => {
return comment.body && comment.body.startsWith(bodyStartsWith);
});
return matchingComment ? matchingComment.id : undefined;
}
catch (err) {
core.error(`Failed to list pull request comments. Please make sure this job has 'write' permissions for the 'pull-requests' scope (see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)? Internal error: ${err}`);
}
});
}
exports.findExistingPRCommentId = findExistingPRCommentId;
function updatePRComment(content, commentId) {
return __awaiter(this, void 0, void 0, function* () {
if (!isPREvent()) {
throw new Error('Not a PR event.');
}
try {
yield github.getOctokit(getGitHubToken()).rest.issues.updateComment(Object.assign(Object.assign({}, github.context.repo), { comment_id: commentId, body: content }));
}
catch (err) {
core.error(`Failed to update pull request comment. Please make sure this job has 'write' permissions for the 'pull-requests' scope (see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)? Internal error: ${err}`);
}
});
}
exports.updatePRComment = updatePRComment;
function createPRComment(content) {
return __awaiter(this, void 0, void 0, function* () {
var _a;

430
dist/main/index.js generated vendored
View File

@@ -67431,6 +67431,132 @@ function onConnectTimeout (socket) {
module.exports = buildConnector
/***/ }),
/***/ 4462:
/***/ ((module) => {
"use strict";
/** @type {Record<string, string | undefined>} */
const headerNameLowerCasedRecord = {}
// https://developer.mozilla.org/docs/Web/HTTP/Headers
const wellknownHeaderNames = [
'Accept',
'Accept-Encoding',
'Accept-Language',
'Accept-Ranges',
'Access-Control-Allow-Credentials',
'Access-Control-Allow-Headers',
'Access-Control-Allow-Methods',
'Access-Control-Allow-Origin',
'Access-Control-Expose-Headers',
'Access-Control-Max-Age',
'Access-Control-Request-Headers',
'Access-Control-Request-Method',
'Age',
'Allow',
'Alt-Svc',
'Alt-Used',
'Authorization',
'Cache-Control',
'Clear-Site-Data',
'Connection',
'Content-Disposition',
'Content-Encoding',
'Content-Language',
'Content-Length',
'Content-Location',
'Content-Range',
'Content-Security-Policy',
'Content-Security-Policy-Report-Only',
'Content-Type',
'Cookie',
'Cross-Origin-Embedder-Policy',
'Cross-Origin-Opener-Policy',
'Cross-Origin-Resource-Policy',
'Date',
'Device-Memory',
'Downlink',
'ECT',
'ETag',
'Expect',
'Expect-CT',
'Expires',
'Forwarded',
'From',
'Host',
'If-Match',
'If-Modified-Since',
'If-None-Match',
'If-Range',
'If-Unmodified-Since',
'Keep-Alive',
'Last-Modified',
'Link',
'Location',
'Max-Forwards',
'Origin',
'Permissions-Policy',
'Pragma',
'Proxy-Authenticate',
'Proxy-Authorization',
'RTT',
'Range',
'Referer',
'Referrer-Policy',
'Refresh',
'Retry-After',
'Sec-WebSocket-Accept',
'Sec-WebSocket-Extensions',
'Sec-WebSocket-Key',
'Sec-WebSocket-Protocol',
'Sec-WebSocket-Version',
'Server',
'Server-Timing',
'Service-Worker-Allowed',
'Service-Worker-Navigation-Preload',
'Set-Cookie',
'SourceMap',
'Strict-Transport-Security',
'Supports-Loading-Mode',
'TE',
'Timing-Allow-Origin',
'Trailer',
'Transfer-Encoding',
'Upgrade',
'Upgrade-Insecure-Requests',
'User-Agent',
'Vary',
'Via',
'WWW-Authenticate',
'X-Content-Type-Options',
'X-DNS-Prefetch-Control',
'X-Frame-Options',
'X-Permitted-Cross-Domain-Policies',
'X-Powered-By',
'X-Requested-With',
'X-XSS-Protection'
]
for (let i = 0; i < wellknownHeaderNames.length; ++i) {
const key = wellknownHeaderNames[i]
const lowerCasedKey = key.toLowerCase()
headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =
lowerCasedKey
}
// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
Object.setPrototypeOf(headerNameLowerCasedRecord, null)
module.exports = {
wellknownHeaderNames,
headerNameLowerCasedRecord
}
/***/ }),
/***/ 8045:
@@ -68263,6 +68389,7 @@ const { InvalidArgumentError } = __nccwpck_require__(8045)
const { Blob } = __nccwpck_require__(4300)
const nodeUtil = __nccwpck_require__(3837)
const { stringify } = __nccwpck_require__(3477)
const { headerNameLowerCasedRecord } = __nccwpck_require__(4462)
const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
@@ -68472,6 +68599,15 @@ function parseKeepAliveTimeout (val) {
return m ? parseInt(m[1], 10) * 1000 : null
}
/**
* Retrieves a header name and returns its lowercase value.
* @param {string | Buffer} value Header name
* @returns {string}
*/
function headerNameToString (value) {
return headerNameLowerCasedRecord[value] || value.toLowerCase()
}
function parseHeaders (headers, obj = {}) {
// For H2 support
if (!Array.isArray(headers)) return headers
@@ -68743,6 +68879,7 @@ module.exports = {
isIterable,
isAsyncIterable,
isDestroyed,
headerNameToString,
parseRawHeaders,
parseHeaders,
parseKeepAliveTimeout,
@@ -75390,14 +75527,18 @@ const { isBlobLike, toUSVString, ReadableStreamFrom } = __nccwpck_require__(3983
const assert = __nccwpck_require__(9491)
const { isUint8Array } = __nccwpck_require__(9830)
let supportedHashes = []
// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
/** @type {import('crypto')|undefined} */
let crypto
try {
crypto = __nccwpck_require__(6113)
const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
/* c8 ignore next 3 */
} catch {
}
function responseURL (response) {
@@ -75925,66 +76066,56 @@ function bytesMatch (bytes, metadataList) {
return true
}
// 3. If parsedMetadata is the empty set, return true.
// 3. If response is not eligible for integrity validation, return false.
// TODO
// 4. If parsedMetadata is the empty set, return true.
if (parsedMetadata.length === 0) {
return true
}
// 4. Let metadata be the result of getting the strongest
// 5. Let metadata be the result of getting the strongest
// metadata from parsedMetadata.
const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo))
// get the strongest algorithm
const strongest = list[0].algo
// get all entries that use the strongest algorithm; ignore weaker
const metadata = list.filter((item) => item.algo === strongest)
const strongest = getStrongestMetadata(parsedMetadata)
const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)
// 5. For each item in metadata:
// 6. For each item in metadata:
for (const item of metadata) {
// 1. Let algorithm be the alg component of item.
const algorithm = item.algo
// 2. Let expectedValue be the val component of item.
let expectedValue = item.hash
const expectedValue = item.hash
// See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
// "be liberal with padding". This is annoying, and it's not even in the spec.
if (expectedValue.endsWith('==')) {
expectedValue = expectedValue.slice(0, -2)
}
// 3. Let actualValue be the result of applying algorithm to bytes.
let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
if (actualValue.endsWith('==')) {
actualValue = actualValue.slice(0, -2)
if (actualValue[actualValue.length - 1] === '=') {
if (actualValue[actualValue.length - 2] === '=') {
actualValue = actualValue.slice(0, -2)
} else {
actualValue = actualValue.slice(0, -1)
}
}
// 4. If actualValue is a case-sensitive match for expectedValue,
// return true.
if (actualValue === expectedValue) {
return true
}
let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')
if (actualBase64URL.endsWith('==')) {
actualBase64URL = actualBase64URL.slice(0, -2)
}
if (actualBase64URL === expectedValue) {
if (compareBase64Mixed(actualValue, expectedValue)) {
return true
}
}
// 6. Return false.
// 7. Return false.
return false
}
// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
// https://www.w3.org/TR/CSP2/#source-list-syntax
// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
const parseHashWithOptions = /((?<algo>sha256|sha384|sha512)-(?<hash>[A-z0-9+/]{1}.*={0,2}))( +[\x21-\x7e]?)?/i
const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i
/**
* @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
@@ -75998,8 +76129,6 @@ function parseMetadata (metadata) {
// 2. Let empty be equal to true.
let empty = true
const supportedHashes = crypto.getHashes()
// 3. For each token returned by splitting metadata on spaces:
for (const token of metadata.split(' ')) {
// 1. Set empty to false.
@@ -76009,7 +76138,11 @@ function parseMetadata (metadata) {
const parsedToken = parseHashWithOptions.exec(token)
// 3. If token does not parse, continue to the next token.
if (parsedToken === null || parsedToken.groups === undefined) {
if (
parsedToken === null ||
parsedToken.groups === undefined ||
parsedToken.groups.algo === undefined
) {
// Note: Chromium blocks the request at this point, but Firefox
// gives a warning that an invalid integrity was given. The
// correct behavior is to ignore these, and subsequently not
@@ -76018,11 +76151,11 @@ function parseMetadata (metadata) {
}
// 4. Let algorithm be the hash-algo component of token.
const algorithm = parsedToken.groups.algo
const algorithm = parsedToken.groups.algo.toLowerCase()
// 5. If algorithm is a hash function recognized by the user
// agent, add the parsed token to result.
if (supportedHashes.includes(algorithm.toLowerCase())) {
if (supportedHashes.includes(algorithm)) {
result.push(parsedToken.groups)
}
}
@@ -76035,6 +76168,82 @@ function parseMetadata (metadata) {
return result
}
/**
* @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
*/
function getStrongestMetadata (metadataList) {
// Let algorithm be the algo component of the first item in metadataList.
// Can be sha256
let algorithm = metadataList[0].algo
// If the algorithm is sha512, then it is the strongest
// and we can return immediately
if (algorithm[3] === '5') {
return algorithm
}
for (let i = 1; i < metadataList.length; ++i) {
const metadata = metadataList[i]
// If the algorithm is sha512, then it is the strongest
// and we can break the loop immediately
if (metadata.algo[3] === '5') {
algorithm = 'sha512'
break
// If the algorithm is sha384, then a potential sha256 or sha384 is ignored
} else if (algorithm[3] === '3') {
continue
// algorithm is sha256, check if algorithm is sha384 and if so, set it as
// the strongest
} else if (metadata.algo[3] === '3') {
algorithm = 'sha384'
}
}
return algorithm
}
function filterMetadataListByAlgorithm (metadataList, algorithm) {
if (metadataList.length === 1) {
return metadataList
}
let pos = 0
for (let i = 0; i < metadataList.length; ++i) {
if (metadataList[i].algo === algorithm) {
metadataList[pos++] = metadataList[i]
}
}
metadataList.length = pos
return metadataList
}
/**
* Compares two base64 strings, allowing for base64url
* in the second string.
*
* @param {string} actualValue always base64
* @param {string} expectedValue base64 or base64url
* @returns {boolean}
*/
function compareBase64Mixed (actualValue, expectedValue) {
if (actualValue.length !== expectedValue.length) {
return false
}
for (let i = 0; i < actualValue.length; ++i) {
if (actualValue[i] !== expectedValue[i]) {
if (
(actualValue[i] === '+' && expectedValue[i] === '-') ||
(actualValue[i] === '/' && expectedValue[i] === '_')
) {
continue
}
return false
}
}
return true
}
// https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
// TODO
@@ -76450,7 +76659,8 @@ module.exports = {
urlHasHttpsScheme,
urlIsHttpHttpsScheme,
readAllBytes,
normalizeMethodRecord
normalizeMethodRecord,
parseMetadata
}
@@ -78537,12 +78747,17 @@ function parseLocation (statusCode, headers) {
// https://tools.ietf.org/html/rfc7231#section-6.4.4
function shouldRemoveHeader (header, removeContent, unknownOrigin) {
return (
(header.length === 4 && header.toString().toLowerCase() === 'host') ||
(removeContent && header.toString().toLowerCase().indexOf('content-') === 0) ||
(unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') ||
(unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie')
)
if (header.length === 4) {
return util.headerNameToString(header) === 'host'
}
if (removeContent && util.headerNameToString(header).startsWith('content-')) {
return true
}
if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
const name = util.headerNameToString(header)
return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
}
return false
}
// https://tools.ietf.org/html/rfc7231#section-6.4
@@ -90765,7 +90980,8 @@ function wrappy (fn, cb) {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ERROR_HINT = exports.ERROR_REQUEST = exports.EVENT_NAME_PULL_REQUEST = exports.ENV_GITHUB_EVENT_NAME = exports.GDS_GRAALVM_PRODUCT_ID = exports.GDS_BASE = exports.MANDREL_NAMESPACE = exports.GRAALVM_RELEASES_REPO = exports.GRAALVM_PLATFORM = exports.GRAALVM_GH_USER = exports.GRAALVM_FILE_EXTENSION = exports.GRAALVM_ARCH = exports.JDK_HOME_SUFFIX = exports.JDK_PLATFORM = exports.JDK_ARCH = exports.VERSION_LATEST = exports.VERSION_DEV = exports.DISTRIBUTION_LIBERICA = exports.DISTRIBUTION_MANDREL = exports.DISTRIBUTION_GRAALVM_COMMUNITY = exports.DISTRIBUTION_GRAALVM = exports.EXECUTABLE_SUFFIX = exports.IS_WINDOWS = exports.IS_MACOS = exports.IS_LINUX = exports.INPUT_NI_MUSL = exports.INPUT_CHECK_FOR_UPDATES = exports.INPUT_CACHE = exports.INPUT_SET_JAVA_HOME = exports.INPUT_GITHUB_TOKEN = exports.INPUT_COMPONENTS = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_JAVA_VERSION = exports.INPUT_GDS_TOKEN = exports.INPUT_VERSION = void 0;
exports.ERROR_HINT = exports.ERROR_REQUEST = exports.EVENT_NAME_PULL_REQUEST = exports.ENV_GITHUB_EVENT_NAME = exports.GDS_GRAALVM_PRODUCT_ID = exports.GDS_BASE = exports.MANDREL_NAMESPACE = exports.GRAALVM_RELEASES_REPO = exports.GRAALVM_PLATFORM = exports.GRAALVM_GH_USER = exports.GRAALVM_FILE_EXTENSION = exports.GRAALVM_ARCH = exports.JDK_HOME_SUFFIX = exports.JDK_PLATFORM = exports.JDK_ARCH = exports.VERSION_LATEST = exports.VERSION_DEV = exports.DISTRIBUTION_LIBERICA = exports.DISTRIBUTION_MANDREL = exports.DISTRIBUTION_GRAALVM_COMMUNITY = exports.DISTRIBUTION_GRAALVM = exports.EXECUTABLE_SUFFIX = exports.IS_WINDOWS = exports.IS_MACOS = exports.IS_LINUX = exports.INPUT_NI_MUSL = exports.INPUT_CHECK_FOR_UPDATES = exports.INPUT_CACHE = exports.INPUT_SET_JAVA_HOME = exports.INPUT_GITHUB_TOKEN = exports.INPUT_COMPONENTS = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_JAVA_VERSION = exports.INPUT_GDS_TOKEN = exports.INPUT_VERSION = exports.ACTION_VERSION = void 0;
exports.ACTION_VERSION = '1.2.4';
exports.INPUT_VERSION = 'version';
exports.INPUT_GDS_TOKEN = 'gds-token';
exports.INPUT_JAVA_VERSION = 'java-version';
@@ -91344,9 +91560,11 @@ const BYTES_TO_GiB = 1024 * 1024 * 1024;
const DOCS_BASE = 'https://github.com/oracle/graal/blob/master/docs/reference-manual/native-image/BuildOutput.md';
const INPUT_NI_JOB_REPORTS = 'native-image-job-reports';
const INPUT_NI_PR_REPORTS = 'native-image-pr-reports';
const INPUT_NI_PR_REPORTS_UPDATE = 'native-image-pr-reports-update-existing';
const NATIVE_IMAGE_CONFIG_FILE = (0, path_1.join)((0, os_1.tmpdir)(), 'native-image-options.properties');
const NATIVE_IMAGE_OPTIONS_ENV = 'NATIVE_IMAGE_OPTIONS';
const NATIVE_IMAGE_CONFIG_FILE_ENV = 'NATIVE_IMAGE_CONFIG_FILE';
const PR_COMMENT_TITLE = '## GraalVM Native Image Build Report';
function setUpNativeImageBuildReports(isGraalVMforJDK17OrLater, javaVersionOrDev, graalVMVersion) {
return __awaiter(this, void 0, void 0, function* () {
const isRequired = areJobReportsEnabled() || arePRReportsEnabled();
@@ -91380,7 +91598,16 @@ function generateReports() {
core.summary.write();
}
if (arePRReportsEnabled()) {
(0, utils_1.createPRComment)(report);
if (arePRReportsUpdateEnabled()) {
const commentId = yield (0, utils_1.findExistingPRCommentId)(PR_COMMENT_TITLE);
if (commentId) {
return (0, utils_1.updatePRComment)(report, commentId);
}
}
return (0, utils_1.createPRComment)(report);
}
else if (arePRReportsUpdateEnabled()) {
throw new Error(`'${INPUT_NI_PR_REPORTS_UPDATE}' option requires '${INPUT_NI_PR_REPORTS}' to be set 'true'`);
}
}
});
@@ -91392,6 +91619,9 @@ function areJobReportsEnabled() {
function arePRReportsEnabled() {
return (0, utils_1.isPREvent)() && core.getInput(INPUT_NI_PR_REPORTS) === 'true';
}
function arePRReportsUpdateEnabled() {
return (0, utils_1.isPREvent)() && core.getInput(INPUT_NI_PR_REPORTS_UPDATE) === 'true';
}
function setNativeImageOption(javaVersionOrDev, optionValue) {
const coercedJavaVersionOrDev = semver.coerce(javaVersionOrDev);
if ((coercedJavaVersionOrDev &&
@@ -91493,7 +91723,7 @@ function createReport(data) {
totalTime = ` in ${secondsToHuman(resources.total_secs)}`;
gcTotalTimeRatio = ` (${toPercent(resources.garbage_collection.total_secs, resources.total_secs)} of total time)`;
}
return `## GraalVM Native Image Build Report
return `${PR_COMMENT_TITLE}
\`${info.name}\` generated${totalTime} as part of the '${context.job}' job in run <a href="${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}" target="_blank">#${context.runNumber}</a>.
@@ -91691,7 +91921,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.fetchArtifact = exports.downloadGraalVMEELegacy = void 0;
exports.fetchArtifactEE = exports.fetchArtifact = exports.downloadGraalVMEELegacy = exports.downloadGraalVM = void 0;
const c = __importStar(__nccwpck_require__(9042));
const core = __importStar(__nccwpck_require__(2186));
const fs = __importStar(__nccwpck_require__(7147));
@@ -91700,19 +91930,62 @@ const io = __importStar(__nccwpck_require__(7436));
const path = __importStar(__nccwpck_require__(1017));
const stream = __importStar(__nccwpck_require__(2781));
const util = __importStar(__nccwpck_require__(3837));
const semver = __importStar(__nccwpck_require__(1383));
const retry_helper_1 = __nccwpck_require__(8279);
const utils_1 = __nccwpck_require__(1314);
const assert_1 = __nccwpck_require__(9491);
const uuid_1 = __nccwpck_require__(5840);
function downloadGraalVM(gdsToken, javaVersion) {
return __awaiter(this, void 0, void 0, function* () {
const userAgent = `GraalVMGitHubAction/${c.ACTION_VERSION} (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})`;
const baseArtifact = yield fetchArtifact(userAgent, 'isBase:True', javaVersion);
return downloadArtifact(gdsToken, userAgent, baseArtifact);
});
}
exports.downloadGraalVM = downloadGraalVM;
function downloadGraalVMEELegacy(gdsToken, version, javaVersion) {
return __awaiter(this, void 0, void 0, function* () {
const userAgent = `GraalVMGitHubAction/1.2.1 (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})`;
const baseArtifact = yield fetchArtifact(userAgent, 'isBase:True', version, javaVersion);
const userAgent = `GraalVMGitHubAction/${c.ACTION_VERSION} (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})`;
const baseArtifact = yield fetchArtifactEE(userAgent, 'isBase:True', version, javaVersion);
return downloadArtifact(gdsToken, userAgent, baseArtifact);
});
}
exports.downloadGraalVMEELegacy = downloadGraalVMEELegacy;
function fetchArtifact(userAgent, metadata, version, javaVersion) {
function fetchArtifact(userAgent, metadata, javaVersion) {
return __awaiter(this, void 0, void 0, function* () {
const http = new httpClient.HttpClient(userAgent);
let filter;
if (javaVersion.includes('.')) {
filter = `metadata=version:${javaVersion}`;
}
else {
filter = `sortBy=timeCreated&sortOrder=DESC&limit=1`; // latest and only one item
}
let majorJavaVersion;
if (semver.valid(javaVersion)) {
majorJavaVersion = semver.major(javaVersion);
}
else {
majorJavaVersion = javaVersion;
}
const catalogOS = c.IS_MACOS ? 'macos' : c.GRAALVM_PLATFORM;
const requestUrl = `${c.GDS_BASE}/artifacts?productId=${c.GDS_GRAALVM_PRODUCT_ID}&displayName=Oracle%20GraalVM&${filter}&metadata=java:jdk${majorJavaVersion}&metadata=os:${catalogOS}&metadata=arch:${c.GRAALVM_ARCH}&metadata=${metadata}&status=PUBLISHED&responseFields=id&responseFields=checksum`;
core.debug(`Requesting ${requestUrl}`);
const response = yield http.get(requestUrl, { accept: 'application/json' });
if (response.message.statusCode !== 200) {
throw new Error(`Unable to find GraalVM for JDK ${javaVersion}. Are you sure java-version: '${javaVersion}' is correct?`);
}
const artifactResponse = JSON.parse(yield response.readBody());
if (artifactResponse.items.length !== 1) {
throw new Error(artifactResponse.items.length > 1
? `Found more than one GDS artifact. ${c.ERROR_HINT}`
: `Unable to find GDS artifact. Are you sure java-version: '${javaVersion}' is correct?`);
}
return artifactResponse.items[0];
});
}
exports.fetchArtifact = fetchArtifact;
function fetchArtifactEE(userAgent, metadata, version, javaVersion) {
return __awaiter(this, void 0, void 0, function* () {
const http = new httpClient.HttpClient(userAgent);
let filter;
@@ -91738,7 +92011,7 @@ function fetchArtifact(userAgent, metadata, version, javaVersion) {
return artifactResponse.items[0];
});
}
exports.fetchArtifact = fetchArtifact;
exports.fetchArtifactEE = fetchArtifactEE;
function downloadArtifact(gdsToken, userAgent, artifact) {
return __awaiter(this, void 0, void 0, function* () {
let downloadPath;
@@ -91890,6 +92163,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.setUpGraalVMRelease = exports.findGraalVMVersion = exports.setUpGraalVMLatest_22_X = exports.findHighestJavaVersion = exports.setUpGraalVMJDKDevBuild = exports.findLatestGraalVMJDKCEJavaVersion = exports.setUpGraalVMJDKCE = exports.findLatestEABuildDownloadUrl = exports.setUpGraalVMJDK = void 0;
const c = __importStar(__nccwpck_require__(9042));
const core = __importStar(__nccwpck_require__(2186));
const semver = __importStar(__nccwpck_require__(1383));
const utils_1 = __nccwpck_require__(1314);
const gds_1 = __nccwpck_require__(9543);
@@ -91903,13 +92177,24 @@ const GRAALVM_REPO_DEV_BUILDS = 'graalvm-ce-dev-builds';
const GRAALVM_JDK_TAG_PREFIX = 'jdk-';
const GRAALVM_TAG_PREFIX = 'vm-';
// Support for GraalVM for JDK 17 and later
function setUpGraalVMJDK(javaVersionOrDev) {
function setUpGraalVMJDK(javaVersionOrDev, gdsToken) {
return __awaiter(this, void 0, void 0, function* () {
if (javaVersionOrDev === c.VERSION_DEV) {
return setUpGraalVMJDKDevBuild();
}
const isTokenProvided = gdsToken.length > 0;
let javaVersion = javaVersionOrDev;
const toolName = determineToolName(javaVersion, false);
if (javaVersionOrDev === '17' && !isTokenProvided) {
core.warning('This build uses the last update of Oracle GraalVM for JDK 17 under the GFTC. More details: https://github.com/marketplace/actions/github-action-for-graalvm#notes-on-oracle-graalvm-for-jdk-17');
return setUpGraalVMJDK('17.0.12', gdsToken);
}
if (isTokenProvided) {
// Download from GDS
const downloader = () => __awaiter(this, void 0, void 0, function* () { return (0, gds_1.downloadGraalVM)(gdsToken, javaVersion); });
return (0, utils_1.downloadExtractAndCacheJDK)(downloader, toolName, javaVersion);
}
// Download from oracle.com
let downloadName = toolName;
let downloadUrl;
if (javaVersion.endsWith('-ea')) {
@@ -92464,7 +92749,7 @@ function run() {
}
switch (distribution) {
case c.DISTRIBUTION_GRAALVM:
graalVMHome = yield graalvm.setUpGraalVMJDK(javaVersion);
graalVMHome = yield graalvm.setUpGraalVMJDK(javaVersion, gdsToken);
break;
case c.DISTRIBUTION_GRAALVM_COMMUNITY:
graalVMHome = yield graalvm.setUpGraalVMJDKCE(javaVersion);
@@ -92482,7 +92767,7 @@ function run() {
}
else {
core.info(`This build is using the new Oracle GraalVM. To select a specific distribution, use the 'distribution' option (see https://github.com/graalvm/setup-graalvm/tree/main#options).`);
graalVMHome = yield graalvm.setUpGraalVMJDK(javaVersion);
graalVMHome = yield graalvm.setUpGraalVMJDK(javaVersion, gdsToken);
}
break;
default:
@@ -92497,7 +92782,7 @@ function run() {
(coercedJavaVersion !== null &&
semver.gte(coercedJavaVersion, '20.0.0'))) {
core.info(`This build is using the new Oracle GraalVM. To select a specific distribution, use the 'distribution' option (see https://github.com/graalvm/setup-graalvm/tree/main#options).`);
graalVMHome = yield graalvm.setUpGraalVMJDK(javaVersion);
graalVMHome = yield graalvm.setUpGraalVMJDK(javaVersion, gdsToken);
}
else {
graalVMHome = yield graalvm.setUpGraalVMLatest_22_X(gdsToken, javaVersion);
@@ -92510,7 +92795,7 @@ function run() {
if (coercedJavaVersion !== null &&
!semver.gte(coercedJavaVersion, '21.0.0')) {
core.warning(`GraalVM dev builds are only available for JDK 21. This build is now using a stable release of GraalVM for JDK ${javaVersion}.`);
graalVMHome = yield graalvm.setUpGraalVMJDK(javaVersion);
graalVMHome = yield graalvm.setUpGraalVMJDK(javaVersion, gdsToken);
}
else {
graalVMHome = yield graalvm.setUpGraalVMJDKDevBuild();
@@ -92863,7 +93148,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.createPRComment = exports.isPREvent = exports.toSemVer = exports.calculateSHA256 = exports.downloadExtractAndCacheJDK = exports.downloadAndExtractJDK = exports.getMatchingTags = exports.getTaggedRelease = exports.getContents = exports.getLatestRelease = exports.exec = void 0;
exports.createPRComment = exports.updatePRComment = exports.findExistingPRCommentId = exports.isPREvent = exports.toSemVer = exports.calculateSHA256 = exports.downloadExtractAndCacheJDK = exports.downloadAndExtractJDK = exports.getMatchingTags = exports.getTaggedRelease = exports.getContents = exports.getLatestRelease = exports.exec = void 0;
const c = __importStar(__nccwpck_require__(9042));
const core = __importStar(__nccwpck_require__(2186));
const github = __importStar(__nccwpck_require__(5438));
@@ -93020,6 +93305,41 @@ exports.isPREvent = isPREvent;
function getGitHubToken() {
return core.getInput(c.INPUT_GITHUB_TOKEN);
}
function findExistingPRCommentId(bodyStartsWith) {
return __awaiter(this, void 0, void 0, function* () {
var _a;
if (!isPREvent()) {
throw new Error('Not a PR event.');
}
const context = github.context;
const octokit = github.getOctokit(getGitHubToken());
try {
const comments = yield octokit.paginate(octokit.rest.issues.listComments, Object.assign(Object.assign({}, context.repo), { issue_number: (_a = context.payload.pull_request) === null || _a === void 0 ? void 0 : _a.number }));
const matchingComment = comments.reverse().find(comment => {
return comment.body && comment.body.startsWith(bodyStartsWith);
});
return matchingComment ? matchingComment.id : undefined;
}
catch (err) {
core.error(`Failed to list pull request comments. Please make sure this job has 'write' permissions for the 'pull-requests' scope (see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)? Internal error: ${err}`);
}
});
}
exports.findExistingPRCommentId = findExistingPRCommentId;
function updatePRComment(content, commentId) {
return __awaiter(this, void 0, void 0, function* () {
if (!isPREvent()) {
throw new Error('Not a PR event.');
}
try {
yield github.getOctokit(getGitHubToken()).rest.issues.updateComment(Object.assign(Object.assign({}, github.context.repo), { comment_id: commentId, body: content }));
}
catch (err) {
core.error(`Failed to update pull request comment. Please make sure this job has 'write' permissions for the 'pull-requests' scope (see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)? Internal error: ${err}`);
}
});
}
exports.updatePRComment = updatePRComment;
function createPRComment(content) {
return __awaiter(this, void 0, void 0, function* () {
var _a;

32
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{
"name": "setup-graalvm",
"version": "1.2.1",
"version": "1.2.4",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "setup-graalvm",
"version": "1.2.1",
"version": "1.2.4",
"license": "UPL",
"dependencies": {
"@actions/cache": "^3.2.4",
@@ -2643,12 +2643,12 @@
}
},
"node_modules/braces": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
"integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"dependencies": {
"fill-range": "^7.0.1"
"fill-range": "^7.1.1"
},
"engines": {
"node": ">=8"
@@ -4151,9 +4151,9 @@
}
},
"node_modules/fill-range": {
"version": "7.0.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
"integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
"version": "7.1.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"dependencies": {
"to-regex-range": "^5.0.1"
@@ -6056,12 +6056,12 @@
}
},
"node_modules/micromatch": {
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"version": "4.0.8",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
"integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
"dev": true,
"dependencies": {
"braces": "^3.0.2",
"braces": "^3.0.3",
"picomatch": "^2.3.1"
},
"engines": {
@@ -7672,9 +7672,9 @@
}
},
"node_modules/undici": {
"version": "5.28.3",
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.3.tgz",
"integrity": "sha512-3ItfzbrhDlINjaP0duwnNsKpDQk3acHI3gVJ1z4fmwMK31k5G9OVIAMLSIaP6w4FaGkaAkN6zaQO9LUvZ1t7VA==",
"version": "5.28.4",
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
"integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
"dependencies": {
"@fastify/busboy": "^2.0.0"
},

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "setup-graalvm",
"version": "1.2.1",
"version": "1.2.4",
"private": true,
"description": "GitHub Action for GraalVM",
"main": "lib/main.js",

2
src/constants.ts
View File

@@ -1,5 +1,7 @@
import * as otypes from '@octokit/types'
export const ACTION_VERSION = '1.2.4'
export const INPUT_VERSION = 'version'
export const INPUT_GDS_TOKEN = 'gds-token'
export const INPUT_JAVA_VERSION = 'java-version'

28
src/features/reports.ts
View File

@@ -5,7 +5,13 @@ import * as github from '@actions/github'
import * as semver from 'semver'
import {join} from 'path'
import {tmpdir} from 'os'
import {createPRComment, isPREvent, toSemVer} from '../utils'
import {
createPRComment,
findExistingPRCommentId,
isPREvent,
toSemVer,
updatePRComment
} from '../utils'
const BUILD_OUTPUT_JSON_PATH = join(tmpdir(), 'native-image-build-output.json')
const BYTES_TO_KiB = 1024
@@ -15,12 +21,14 @@ const DOCS_BASE =
'https://github.com/oracle/graal/blob/master/docs/reference-manual/native-image/BuildOutput.md'
const INPUT_NI_JOB_REPORTS = 'native-image-job-reports'
const INPUT_NI_PR_REPORTS = 'native-image-pr-reports'
const INPUT_NI_PR_REPORTS_UPDATE = 'native-image-pr-reports-update-existing'
const NATIVE_IMAGE_CONFIG_FILE = join(
tmpdir(),
'native-image-options.properties'
)
const NATIVE_IMAGE_OPTIONS_ENV = 'NATIVE_IMAGE_OPTIONS'
const NATIVE_IMAGE_CONFIG_FILE_ENV = 'NATIVE_IMAGE_CONFIG_FILE'
const PR_COMMENT_TITLE = '## GraalVM Native Image Build Report'
interface AnalysisResult {
total: number
@@ -134,7 +142,17 @@ export async function generateReports(): Promise<void> {
core.summary.write()
}
if (arePRReportsEnabled()) {
createPRComment(report)
if (arePRReportsUpdateEnabled()) {
const commentId = await findExistingPRCommentId(PR_COMMENT_TITLE)
if (commentId) {
return updatePRComment(report, commentId)
}
}
return createPRComment(report)
} else if (arePRReportsUpdateEnabled()) {
throw new Error(
`'${INPUT_NI_PR_REPORTS_UPDATE}' option requires '${INPUT_NI_PR_REPORTS}' to be set 'true'`
)
}
}
}
@@ -147,6 +165,10 @@ function arePRReportsEnabled(): boolean {
return isPREvent() && core.getInput(INPUT_NI_PR_REPORTS) === 'true'
}
function arePRReportsUpdateEnabled(): boolean {
return isPREvent() && core.getInput(INPUT_NI_PR_REPORTS_UPDATE) === 'true'
}
function setNativeImageOption(
javaVersionOrDev: string,
optionValue: string
@@ -260,7 +282,7 @@ function createReport(data: BuildOutput): string {
)} of total time)`
}
return `## GraalVM Native Image Build Report
return `${PR_COMMENT_TITLE}
\`${info.name}\` generated${totalTime} as part of the '${
context.job

61
src/gds.ts
View File

@@ -6,6 +6,7 @@ import * as io from '@actions/io'
import * as path from 'path'
import * as stream from 'stream'
import * as util from 'util'
import * as semver from 'semver'
import {IncomingHttpHeaders, OutgoingHttpHeaders} from 'http'
import {RetryHelper} from '@actions/tool-cache/lib/retry-helper'
import {calculateSHA256} from './utils'
@@ -26,13 +27,26 @@ interface GDSErrorResponse {
readonly message: string
}
export async function downloadGraalVM(
gdsToken: string,
javaVersion: string
): Promise<string> {
const userAgent = `GraalVMGitHubAction/${c.ACTION_VERSION} (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})`
const baseArtifact = await fetchArtifact(
userAgent,
'isBase:True',
javaVersion
)
return downloadArtifact(gdsToken, userAgent, baseArtifact)
}
export async function downloadGraalVMEELegacy(
gdsToken: string,
version: string,
javaVersion: string
): Promise<string> {
const userAgent = `GraalVMGitHubAction/1.2.1 (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})`
const baseArtifact = await fetchArtifact(
const userAgent = `GraalVMGitHubAction/${c.ACTION_VERSION} (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})`
const baseArtifact = await fetchArtifactEE(
userAgent,
'isBase:True',
version,
@@ -42,6 +56,49 @@ export async function downloadGraalVMEELegacy(
}
export async function fetchArtifact(
userAgent: string,
metadata: string,
javaVersion: string
): Promise<GDSArtifact> {
const http = new httpClient.HttpClient(userAgent)
let filter
if (javaVersion.includes('.')) {
filter = `metadata=version:${javaVersion}`
} else {
filter = `sortBy=timeCreated&sortOrder=DESC&limit=1` // latest and only one item
}
let majorJavaVersion
if (semver.valid(javaVersion)) {
majorJavaVersion = semver.major(javaVersion)
} else {
majorJavaVersion = javaVersion
}
const catalogOS = c.IS_MACOS ? 'macos' : c.GRAALVM_PLATFORM
const requestUrl = `${c.GDS_BASE}/artifacts?productId=${c.GDS_GRAALVM_PRODUCT_ID}&displayName=Oracle%20GraalVM&${filter}&metadata=java:jdk${majorJavaVersion}&metadata=os:${catalogOS}&metadata=arch:${c.GRAALVM_ARCH}&metadata=${metadata}&status=PUBLISHED&responseFields=id&responseFields=checksum`
core.debug(`Requesting ${requestUrl}`)
const response = await http.get(requestUrl, {accept: 'application/json'})
if (response.message.statusCode !== 200) {
throw new Error(
`Unable to find GraalVM for JDK ${javaVersion}. Are you sure java-version: '${javaVersion}' is correct?`
)
}
const artifactResponse = JSON.parse(
await response.readBody()
) as GDSArtifactsResponse
if (artifactResponse.items.length !== 1) {
throw new Error(
artifactResponse.items.length > 1
? `Found more than one GDS artifact. ${c.ERROR_HINT}`
: `Unable to find GDS artifact. Are you sure java-version: '${javaVersion}' is correct?`
)
}
return artifactResponse.items[0]
}
export async function fetchArtifactEE(
userAgent: string,
metadata: string,
version: string,

19
src/graalvm.ts
View File

@@ -1,4 +1,5 @@
import * as c from './constants'
import * as core from '@actions/core'
import * as semver from 'semver'
import {
downloadAndExtractJDK,
@@ -8,7 +9,7 @@ import {
getMatchingTags,
getTaggedRelease
} from './utils'
import {downloadGraalVMEELegacy} from './gds'
import {downloadGraalVM, downloadGraalVMEELegacy} from './gds'
import {downloadTool} from '@actions/tool-cache'
import {basename} from 'path'
@@ -23,13 +24,27 @@ const GRAALVM_TAG_PREFIX = 'vm-'
// Support for GraalVM for JDK 17 and later
export async function setUpGraalVMJDK(
javaVersionOrDev: string
javaVersionOrDev: string,
gdsToken: string
): Promise<string> {
if (javaVersionOrDev === c.VERSION_DEV) {
return setUpGraalVMJDKDevBuild()
}
const isTokenProvided = gdsToken.length > 0
let javaVersion = javaVersionOrDev
const toolName = determineToolName(javaVersion, false)
if (javaVersionOrDev === '17' && !isTokenProvided) {
core.warning(
'This build uses the last update of Oracle GraalVM for JDK 17 under the GFTC. More details: https://github.com/marketplace/actions/github-action-for-graalvm#notes-on-oracle-graalvm-for-jdk-17'
)
return setUpGraalVMJDK('17.0.12', gdsToken)
}
if (isTokenProvided) {
// Download from GDS
const downloader = async () => downloadGraalVM(gdsToken, javaVersion)
return downloadExtractAndCacheJDK(downloader, toolName, javaVersion)
}
// Download from oracle.com
let downloadName = toolName
let downloadUrl: string
if (javaVersion.endsWith('-ea')) {

8
src/main.ts
View File

@@ -59,7 +59,7 @@ async function run(): Promise<void> {
}
switch (distribution) {
case c.DISTRIBUTION_GRAALVM:
graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion)
graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion, gdsToken)
break
case c.DISTRIBUTION_GRAALVM_COMMUNITY:
graalVMHome = await graalvm.setUpGraalVMJDKCE(javaVersion)
@@ -80,7 +80,7 @@ async function run(): Promise<void> {
core.info(
`This build is using the new Oracle GraalVM. To select a specific distribution, use the 'distribution' option (see https://github.com/graalvm/setup-graalvm/tree/main#options).`
)
graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion)
graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion, gdsToken)
}
break
default:
@@ -98,7 +98,7 @@ async function run(): Promise<void> {
core.info(
`This build is using the new Oracle GraalVM. To select a specific distribution, use the 'distribution' option (see https://github.com/graalvm/setup-graalvm/tree/main#options).`
)
graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion)
graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion, gdsToken)
} else {
graalVMHome = await graalvm.setUpGraalVMLatest_22_X(
gdsToken,
@@ -119,7 +119,7 @@ async function run(): Promise<void> {
core.warning(
`GraalVM dev builds are only available for JDK 21. This build is now using a stable release of GraalVM for JDK ${javaVersion}.`
)
graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion)
graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion, gdsToken)
} else {
graalVMHome = await graalvm.setUpGraalVMJDKDevBuild()
}

46
src/utils.ts
View File

@@ -184,6 +184,52 @@ function getGitHubToken(): string {
return core.getInput(c.INPUT_GITHUB_TOKEN)
}
export async function findExistingPRCommentId(
bodyStartsWith: string
): Promise<number | undefined> {
if (!isPREvent()) {
throw new Error('Not a PR event.')
}
const context = github.context
const octokit = github.getOctokit(getGitHubToken())
try {
const comments = await octokit.paginate(octokit.rest.issues.listComments, {
...context.repo,
issue_number: context.payload.pull_request?.number as number
})
const matchingComment = comments.reverse().find(comment => {
return comment.body && comment.body.startsWith(bodyStartsWith)
})
return matchingComment ? matchingComment.id : undefined
} catch (err) {
core.error(
`Failed to list pull request comments. Please make sure this job has 'write' permissions for the 'pull-requests' scope (see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)? Internal error: ${err}`
)
}
}
export async function updatePRComment(
content: string,
commentId: number
): Promise<void> {
if (!isPREvent()) {
throw new Error('Not a PR event.')
}
try {
await github.getOctokit(getGitHubToken()).rest.issues.updateComment({
...github.context.repo,
comment_id: commentId,
body: content
})
} catch (err) {
core.error(
`Failed to update pull request comment. Please make sure this job has 'write' permissions for the 'pull-requests' scope (see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)? Internal error: ${err}`
)
}
}
export async function createPRComment(content: string): Promise<void> {
if (!isPREvent()) {
throw new Error('Not a PR event.')