mirror of
https://github.com/actions/setup-java.git
synced 2026-07-08 14:21:50 +00:00
Merge branch 'copilot/include-signature-verification' into signature-4
This commit is contained in:
commit
2c76c5eca9
23
.github/workflows/e2e-versions.yml
vendored
23
.github/workflows/e2e-versions.yml
vendored
@ -351,6 +351,29 @@ jobs:
|
|||||||
run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
|
run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
|
setup-java-temurin-signature-verification:
|
||||||
|
name: temurin ${{ matrix.version }} signature verification - ${{ matrix.os }}
|
||||||
|
needs: setup-java-major-minor-versions
|
||||||
|
runs-on: ${{ matrix.os }}
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
os: [macos-latest, windows-latest, ubuntu-latest]
|
||||||
|
version: ['21', '17']
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v6
|
||||||
|
- name: setup-java with signature verification
|
||||||
|
uses: ./
|
||||||
|
id: setup-java
|
||||||
|
with:
|
||||||
|
java-version: ${{ matrix.version }}
|
||||||
|
distribution: temurin
|
||||||
|
verify-signature: true
|
||||||
|
- name: Verify Java
|
||||||
|
run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
|
||||||
|
shell: bash
|
||||||
|
|
||||||
setup-java-ea-versions-sapmachine:
|
setup-java-ea-versions-sapmachine:
|
||||||
name: sapmachine ${{ matrix.version }} (jdk-x64) - ${{ matrix.os }}
|
name: sapmachine ${{ matrix.version }} (jdk-x64) - ${{ matrix.os }}
|
||||||
needs: setup-java-major-minor-versions
|
needs: setup-java-major-minor-versions
|
||||||
|
|||||||
@ -41,7 +41,7 @@ For more details, see the full release notes on the [releases page](https://git
|
|||||||
|
|
||||||
- `check-latest`: Setting this option makes the action to check for the latest available version for the version spec.
|
- `check-latest`: Setting this option makes the action to check for the latest available version for the version spec.
|
||||||
|
|
||||||
- `verify-signature`: Verifies downloaded Java package signatures when supported by the selected distribution. Currently supported for `temurin`. If set to `true` for unsupported distributions, the action fails.
|
- `verify-signature`: Verifies downloaded Java package signatures when supported by the selected distribution. Currently supported for `temurin` and `microsoft`. If set to `true` for unsupported distributions, the action fails.
|
||||||
|
|
||||||
- `verify-signature-public-key`: ASCII-armored GPG public key used to verify the downloaded package signature. Overrides the default bundled key for the selected distribution.
|
- `verify-signature-public-key`: ASCII-armored GPG public key used to verify the downloaded package signature. Overrides the default bundled key for the selected distribution.
|
||||||
|
|
||||||
|
|||||||
@ -1,8 +1,15 @@
|
|||||||
import {MicrosoftDistributions} from '../../src/distributions/microsoft/installer';
|
import {
|
||||||
|
MicrosoftDistributions,
|
||||||
|
MICROSOFT_PUBLIC_KEY
|
||||||
|
} from '../../src/distributions/microsoft/installer';
|
||||||
import os from 'os';
|
import os from 'os';
|
||||||
import data from '../data/microsoft.json';
|
import data from '../data/microsoft.json';
|
||||||
import * as httpm from '@actions/http-client';
|
import * as httpm from '@actions/http-client';
|
||||||
import * as core from '@actions/core';
|
import * as core from '@actions/core';
|
||||||
|
import * as tc from '@actions/tool-cache';
|
||||||
|
import * as gpg from '../../src/gpg';
|
||||||
|
import * as util from '../../src/util';
|
||||||
|
import fs from 'fs';
|
||||||
|
|
||||||
describe('findPackageForDownload', () => {
|
describe('findPackageForDownload', () => {
|
||||||
let distribution: MicrosoftDistributions;
|
let distribution: MicrosoftDistributions;
|
||||||
@ -102,6 +109,7 @@ describe('findPackageForDownload', () => {
|
|||||||
.replace('{{OS_TYPE}}', os)
|
.replace('{{OS_TYPE}}', os)
|
||||||
.replace('{{ARCHIVE_TYPE}}', archive);
|
.replace('{{ARCHIVE_TYPE}}', archive);
|
||||||
expect(result.url).toBe(url);
|
expect(result.url).toBe(url);
|
||||||
|
expect(result.signatureUrl).toBe(`${url}.sig`);
|
||||||
});
|
});
|
||||||
|
|
||||||
it.each([
|
it.each([
|
||||||
@ -187,4 +195,147 @@ describe('findPackageForDownload', () => {
|
|||||||
/No matching version found for SemVer */
|
/No matching version found for SemVer */
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('uses manifest-provided signature URL when available', async () => {
|
||||||
|
spyGetManifestFromRepo.mockReturnValue({
|
||||||
|
result: [
|
||||||
|
{
|
||||||
|
version: '17.0.10',
|
||||||
|
stable: true,
|
||||||
|
release_url: 'https://example.test',
|
||||||
|
files: [
|
||||||
|
{
|
||||||
|
filename: 'microsoft-jdk-17.0.10-linux-x64.tar.gz',
|
||||||
|
arch: 'x64',
|
||||||
|
platform: 'linux',
|
||||||
|
download_url: 'https://example.test/jdk.tar.gz',
|
||||||
|
signature_url: 'https://example.test/jdk.tar.gz.custom.sig'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
statusCode: 200,
|
||||||
|
headers: {}
|
||||||
|
});
|
||||||
|
jest.spyOn(os, 'platform').mockReturnValue('linux');
|
||||||
|
|
||||||
|
const result = await distribution['findPackageForDownload']('17.0.10');
|
||||||
|
|
||||||
|
expect(result.signatureUrl).toBe('https://example.test/jdk.tar.gz.custom.sig');
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('downloadTool', () => {
|
||||||
|
let spyDownloadTool: jest.SpyInstance;
|
||||||
|
let spyExtractJdkFile: jest.SpyInstance;
|
||||||
|
let spyCacheDir: jest.SpyInstance;
|
||||||
|
let spyVerifySignature: jest.SpyInstance;
|
||||||
|
let distribution: MicrosoftDistributions;
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
jest
|
||||||
|
.spyOn(os, 'platform')
|
||||||
|
.mockReturnValue(process.platform as ReturnType<typeof os.platform>);
|
||||||
|
|
||||||
|
distribution = new MicrosoftDistributions({
|
||||||
|
version: '17',
|
||||||
|
architecture: 'x64',
|
||||||
|
packageType: 'jdk',
|
||||||
|
checkLatest: false
|
||||||
|
});
|
||||||
|
|
||||||
|
spyDownloadTool = jest.spyOn(tc, 'downloadTool');
|
||||||
|
spyDownloadTool.mockImplementation(async () => {
|
||||||
|
return '/tmp/jdk.tar.gz';
|
||||||
|
});
|
||||||
|
|
||||||
|
spyExtractJdkFile = jest.spyOn(util, 'extractJdkFile');
|
||||||
|
spyExtractJdkFile.mockImplementation(async () => {
|
||||||
|
return '/tmp/unpacked';
|
||||||
|
});
|
||||||
|
|
||||||
|
jest.spyOn(fs, 'readdirSync').mockReturnValue(['jdk'] as any);
|
||||||
|
spyCacheDir = jest.spyOn(tc, 'cacheDir');
|
||||||
|
spyCacheDir.mockImplementation(async () => {
|
||||||
|
return '/tmp/cached';
|
||||||
|
});
|
||||||
|
|
||||||
|
spyVerifySignature = jest.spyOn(gpg, 'verifyPackageSignature');
|
||||||
|
spyVerifySignature.mockImplementation(async () => {});
|
||||||
|
});
|
||||||
|
|
||||||
|
afterEach(() => {
|
||||||
|
jest.restoreAllMocks();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('verifies signature when enabled', async () => {
|
||||||
|
const signedDistribution = new MicrosoftDistributions({
|
||||||
|
version: '17',
|
||||||
|
architecture: 'x64',
|
||||||
|
packageType: 'jdk',
|
||||||
|
checkLatest: false,
|
||||||
|
verifySignature: true
|
||||||
|
});
|
||||||
|
|
||||||
|
await signedDistribution['downloadTool']({
|
||||||
|
version: '17.0.14+7',
|
||||||
|
url: 'https://example.com/jdk.tar.gz',
|
||||||
|
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(spyVerifySignature).toHaveBeenCalledWith(
|
||||||
|
'/tmp/jdk.tar.gz',
|
||||||
|
'https://example.com/jdk.tar.gz.sig',
|
||||||
|
MICROSOFT_PUBLIC_KEY
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('uses custom public key when verifySignaturePublicKey is provided', async () => {
|
||||||
|
const customKey =
|
||||||
|
'-----BEGIN PGP PUBLIC KEY BLOCK-----\ncustom\n-----END PGP PUBLIC KEY BLOCK-----';
|
||||||
|
const signedDistribution = new MicrosoftDistributions({
|
||||||
|
version: '17',
|
||||||
|
architecture: 'x64',
|
||||||
|
packageType: 'jdk',
|
||||||
|
checkLatest: false,
|
||||||
|
verifySignature: true,
|
||||||
|
verifySignaturePublicKey: customKey
|
||||||
|
});
|
||||||
|
|
||||||
|
await signedDistribution['downloadTool']({
|
||||||
|
version: '17.0.14+7',
|
||||||
|
url: 'https://example.com/jdk.tar.gz',
|
||||||
|
signatureUrl: 'https://example.com/jdk.tar.gz.sig'
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(spyVerifySignature).toHaveBeenCalledWith(
|
||||||
|
'/tmp/jdk.tar.gz',
|
||||||
|
'https://example.com/jdk.tar.gz.sig',
|
||||||
|
customKey
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('fails when signature is missing and verification is enabled', async () => {
|
||||||
|
const signedDistribution = new MicrosoftDistributions({
|
||||||
|
version: '17',
|
||||||
|
architecture: 'x64',
|
||||||
|
packageType: 'jdk',
|
||||||
|
checkLatest: false,
|
||||||
|
verifySignature: true
|
||||||
|
});
|
||||||
|
|
||||||
|
await expect(
|
||||||
|
signedDistribution['downloadTool']({
|
||||||
|
version: '17.0.14+7',
|
||||||
|
url: 'https://example.com/jdk.tar.gz'
|
||||||
|
})
|
||||||
|
).rejects.toThrow(
|
||||||
|
"Input 'verify-signature' is enabled, but no signature URL was found for Microsoft Build of OpenJDK version 17.0.14+7."
|
||||||
|
);
|
||||||
|
expect(spyVerifySignature).not.toHaveBeenCalled();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('supports signature verification', () => {
|
||||||
|
expect(distribution['supportsSignatureVerification']()).toBe(true);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
60
dist/setup/index.js
vendored
60
dist/setup/index.js
vendored
@ -79923,21 +79923,38 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|||||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||||
};
|
};
|
||||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||||
exports.MicrosoftDistributions = void 0;
|
exports.MicrosoftDistributions = exports.MICROSOFT_PUBLIC_KEY = void 0;
|
||||||
const base_installer_1 = __nccwpck_require__(79935);
|
const base_installer_1 = __nccwpck_require__(79935);
|
||||||
const util_1 = __nccwpck_require__(54527);
|
const util_1 = __nccwpck_require__(54527);
|
||||||
|
const gpg = __importStar(__nccwpck_require__(88343));
|
||||||
|
const microsoft_key_1 = __nccwpck_require__(56286);
|
||||||
const core = __importStar(__nccwpck_require__(37484));
|
const core = __importStar(__nccwpck_require__(37484));
|
||||||
const tc = __importStar(__nccwpck_require__(33472));
|
const tc = __importStar(__nccwpck_require__(33472));
|
||||||
const fs_1 = __importDefault(__nccwpck_require__(79896));
|
const fs_1 = __importDefault(__nccwpck_require__(79896));
|
||||||
const path_1 = __importDefault(__nccwpck_require__(16928));
|
const path_1 = __importDefault(__nccwpck_require__(16928));
|
||||||
|
var microsoft_key_2 = __nccwpck_require__(56286);
|
||||||
|
Object.defineProperty(exports, "MICROSOFT_PUBLIC_KEY", ({ enumerable: true, get: function () { return microsoft_key_2.MICROSOFT_PUBLIC_KEY; } }));
|
||||||
class MicrosoftDistributions extends base_installer_1.JavaBase {
|
class MicrosoftDistributions extends base_installer_1.JavaBase {
|
||||||
constructor(installerOptions) {
|
constructor(installerOptions) {
|
||||||
super('Microsoft', installerOptions);
|
super('Microsoft', installerOptions);
|
||||||
}
|
}
|
||||||
downloadTool(javaRelease) {
|
downloadTool(javaRelease) {
|
||||||
|
var _a;
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
core.info(`Downloading Java ${javaRelease.version} (${this.distribution}) from ${javaRelease.url} ...`);
|
core.info(`Downloading Java ${javaRelease.version} (${this.distribution}) from ${javaRelease.url} ...`);
|
||||||
let javaArchivePath = yield tc.downloadTool(javaRelease.url);
|
let javaArchivePath = yield tc.downloadTool(javaRelease.url);
|
||||||
|
if (this.verifySignature) {
|
||||||
|
if (!javaRelease.signatureUrl) {
|
||||||
|
throw new Error(`Input 'verify-signature' is enabled, but no signature URL was found for Microsoft Build of OpenJDK version ${javaRelease.version}.`);
|
||||||
|
}
|
||||||
|
core.info(`Verifying Java package signature...`);
|
||||||
|
try {
|
||||||
|
yield gpg.verifyPackageSignature(javaArchivePath, javaRelease.signatureUrl, (_a = this.verifySignaturePublicKey) !== null && _a !== void 0 ? _a : microsoft_key_1.MICROSOFT_PUBLIC_KEY);
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
throw new Error(`Failed to verify signature for Microsoft Build of OpenJDK version ${javaRelease.version}. Signature URL: ${javaRelease.signatureUrl}. Error: ${error.message}`);
|
||||||
|
}
|
||||||
|
}
|
||||||
core.info(`Extracting Java archive...`);
|
core.info(`Extracting Java archive...`);
|
||||||
const extension = (0, util_1.getDownloadArchiveExtension)();
|
const extension = (0, util_1.getDownloadArchiveExtension)();
|
||||||
if (process.platform === 'win32') {
|
if (process.platform === 'win32') {
|
||||||
@ -79951,6 +79968,7 @@ class MicrosoftDistributions extends base_installer_1.JavaBase {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
findPackageForDownload(range) {
|
findPackageForDownload(range) {
|
||||||
|
var _a;
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
const arch = this.distributionArchitecture();
|
const arch = this.distributionArchitecture();
|
||||||
if (arch !== 'x64' && arch !== 'aarch64') {
|
if (arch !== 'x64' && arch !== 'aarch64') {
|
||||||
@ -79971,12 +79989,18 @@ class MicrosoftDistributions extends base_installer_1.JavaBase {
|
|||||||
const availableVersionStrings = manifest.map(item => item.version);
|
const availableVersionStrings = manifest.map(item => item.version);
|
||||||
throw this.createVersionNotFoundError(range, availableVersionStrings);
|
throw this.createVersionNotFoundError(range, availableVersionStrings);
|
||||||
}
|
}
|
||||||
|
const file = foundRelease.files[0];
|
||||||
|
const signatureUrl = (_a = file.signature_url) !== null && _a !== void 0 ? _a : `${file.download_url}.sig`;
|
||||||
return {
|
return {
|
||||||
url: foundRelease.files[0].download_url,
|
url: file.download_url,
|
||||||
|
signatureUrl,
|
||||||
version: foundRelease.version
|
version: foundRelease.version
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
supportsSignatureVerification() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
getAvailableVersions() {
|
getAvailableVersions() {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
// TODO get these dynamically!
|
// TODO get these dynamically!
|
||||||
@ -80019,6 +80043,38 @@ class MicrosoftDistributions extends base_installer_1.JavaBase {
|
|||||||
exports.MicrosoftDistributions = MicrosoftDistributions;
|
exports.MicrosoftDistributions = MicrosoftDistributions;
|
||||||
|
|
||||||
|
|
||||||
|
/***/ }),
|
||||||
|
|
||||||
|
/***/ 56286:
|
||||||
|
/***/ ((__unused_webpack_module, exports) => {
|
||||||
|
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||||
|
exports.MICROSOFT_PUBLIC_KEY = void 0;
|
||||||
|
// Microsoft Build of OpenJDK GPG signing key
|
||||||
|
// Retrieved from: https://download.visualstudio.microsoft.com/download/pr/b90071e2-e0cf-4411-98be-dbeb09d67bf0/8622862bcd54206e158c5abca0582c9b/464279_464280_aoc_20210208.asc
|
||||||
|
exports.MICROSOFT_PUBLIC_KEY = `-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: BSN Pgp v1.1.0.0
|
||||||
|
|
||||||
|
mQENBGAhlWcBCADCQjj6huLTenvZSLej35e9YKEHm4lix2uvPOONexMaU8V2v7KL
|
||||||
|
RGdoXF7jwHci7efnPZ+9zpS2+g3rhvv8M7yWy9E/1psEtGzvmp1IL/qIabMEQqi+
|
||||||
|
UlhPGh7MQ/BkXAlic8Dyl3XYqr0EXS11iCiTr6Zkxs9Ee4V54gxL4gogRn4wk9sl
|
||||||
|
/nrjgDzMsUwla0pynoQQvYpqCdiAr3gKKllT1skCDqgVOMMyZxsx9HjZxg/3AJz6
|
||||||
|
r5i512L2R+3Hkv+XmxT+mnGBCFcny0DM7PjNXEmIK3ZSkro1tQML90zx3Fyh5esx
|
||||||
|
fpVvuIXGFV75o35VVCBZoiD3hcfOnIJsPQ9nABEBAAG0OE1pY3Jvc29mdCBKYXZh
|
||||||
|
IEVuZ2luZWVyaW5nIDxqYXZhcGxhdGluZnJhQG1pY3Jvc29mdC5jb20+iQE4BBMB
|
||||||
|
CAAiBQJgIZVnAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA1Ux0xWyHB
|
||||||
|
icwTCACJO2FGNocNvdUtAb+eDKuGwt0chAJdCES2ZtgBScwrwDyWpxpRznoXWBHL
|
||||||
|
MJeLyxJoKsCG3vVlY4uh48psCzVm3OKvi7MCPT955t8W6TzfSBxTpjR8zRgJkjPJ
|
||||||
|
EGhHTlusUfz7TtM5etJF0qscSJH1grcNsgtee97mk4QyEzT8Di83NQmYxKcBrliq
|
||||||
|
yK/SWWt8VkTyYAEO6L5PoB4L9r8ka27uQs+jgCw+/Z0JMtNmmhyNGY3+a1YtPeoy
|
||||||
|
JdQaI9LphfKGbVaz6SK2aol7vj+c2TG3TLUYdOYGMH1OZlri2GTkCVjwna2GC7p4
|
||||||
|
Fa133tP85xzJEq1XeXm8WeLFo2wV
|
||||||
|
=rHCS
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----`;
|
||||||
|
|
||||||
|
|
||||||
/***/ }),
|
/***/ }),
|
||||||
|
|
||||||
/***/ 11182:
|
/***/ 11182:
|
||||||
|
|||||||
@ -10,12 +10,16 @@ import {
|
|||||||
getGitHubHttpHeaders,
|
getGitHubHttpHeaders,
|
||||||
renameWinArchive
|
renameWinArchive
|
||||||
} from '../../util';
|
} from '../../util';
|
||||||
|
import * as gpg from '../../gpg';
|
||||||
|
import {MICROSOFT_PUBLIC_KEY} from './microsoft-key';
|
||||||
import * as core from '@actions/core';
|
import * as core from '@actions/core';
|
||||||
import * as tc from '@actions/tool-cache';
|
import * as tc from '@actions/tool-cache';
|
||||||
import fs from 'fs';
|
import fs from 'fs';
|
||||||
import path from 'path';
|
import path from 'path';
|
||||||
import {TypedResponse} from '@actions/http-client/lib/interfaces';
|
import {TypedResponse} from '@actions/http-client/lib/interfaces';
|
||||||
|
|
||||||
|
export {MICROSOFT_PUBLIC_KEY} from './microsoft-key';
|
||||||
|
|
||||||
export class MicrosoftDistributions extends JavaBase {
|
export class MicrosoftDistributions extends JavaBase {
|
||||||
constructor(installerOptions: JavaInstallerOptions) {
|
constructor(installerOptions: JavaInstallerOptions) {
|
||||||
super('Microsoft', installerOptions);
|
super('Microsoft', installerOptions);
|
||||||
@ -29,6 +33,26 @@ export class MicrosoftDistributions extends JavaBase {
|
|||||||
);
|
);
|
||||||
let javaArchivePath = await tc.downloadTool(javaRelease.url);
|
let javaArchivePath = await tc.downloadTool(javaRelease.url);
|
||||||
|
|
||||||
|
if (this.verifySignature) {
|
||||||
|
if (!javaRelease.signatureUrl) {
|
||||||
|
throw new Error(
|
||||||
|
`Input 'verify-signature' is enabled, but no signature URL was found for Microsoft Build of OpenJDK version ${javaRelease.version}.`
|
||||||
|
);
|
||||||
|
}
|
||||||
|
core.info(`Verifying Java package signature...`);
|
||||||
|
try {
|
||||||
|
await gpg.verifyPackageSignature(
|
||||||
|
javaArchivePath,
|
||||||
|
javaRelease.signatureUrl,
|
||||||
|
this.verifySignaturePublicKey ?? MICROSOFT_PUBLIC_KEY
|
||||||
|
);
|
||||||
|
} catch (error) {
|
||||||
|
throw new Error(
|
||||||
|
`Failed to verify signature for Microsoft Build of OpenJDK version ${javaRelease.version}. Signature URL: ${javaRelease.signatureUrl}. Error: ${(error as Error).message}`
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
core.info(`Extracting Java archive...`);
|
core.info(`Extracting Java archive...`);
|
||||||
const extension = getDownloadArchiveExtension();
|
const extension = getDownloadArchiveExtension();
|
||||||
if (process.platform === 'win32') {
|
if (process.platform === 'win32') {
|
||||||
@ -80,12 +104,23 @@ export class MicrosoftDistributions extends JavaBase {
|
|||||||
throw this.createVersionNotFoundError(range, availableVersionStrings);
|
throw this.createVersionNotFoundError(range, availableVersionStrings);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const file = foundRelease.files[0] as {
|
||||||
|
download_url: string;
|
||||||
|
signature_url?: string;
|
||||||
|
};
|
||||||
|
const signatureUrl = file.signature_url ?? `${file.download_url}.sig`;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
url: foundRelease.files[0].download_url,
|
url: file.download_url,
|
||||||
|
signatureUrl,
|
||||||
version: foundRelease.version
|
version: foundRelease.version
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected supportsSignatureVerification(): boolean {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
private async getAvailableVersions(): Promise<tc.IToolRelease[] | null> {
|
private async getAvailableVersions(): Promise<tc.IToolRelease[] | null> {
|
||||||
// TODO get these dynamically!
|
// TODO get these dynamically!
|
||||||
// We will need Microsoft to add an endpoint where we can query for versions.
|
// We will need Microsoft to add an endpoint where we can query for versions.
|
||||||
|
|||||||
21
src/distributions/microsoft/microsoft-key.ts
Normal file
21
src/distributions/microsoft/microsoft-key.ts
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
// Microsoft Build of OpenJDK GPG signing key
|
||||||
|
// Retrieved from: https://download.visualstudio.microsoft.com/download/pr/b90071e2-e0cf-4411-98be-dbeb09d67bf0/8622862bcd54206e158c5abca0582c9b/464279_464280_aoc_20210208.asc
|
||||||
|
export const MICROSOFT_PUBLIC_KEY = `-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: BSN Pgp v1.1.0.0
|
||||||
|
|
||||||
|
mQENBGAhlWcBCADCQjj6huLTenvZSLej35e9YKEHm4lix2uvPOONexMaU8V2v7KL
|
||||||
|
RGdoXF7jwHci7efnPZ+9zpS2+g3rhvv8M7yWy9E/1psEtGzvmp1IL/qIabMEQqi+
|
||||||
|
UlhPGh7MQ/BkXAlic8Dyl3XYqr0EXS11iCiTr6Zkxs9Ee4V54gxL4gogRn4wk9sl
|
||||||
|
/nrjgDzMsUwla0pynoQQvYpqCdiAr3gKKllT1skCDqgVOMMyZxsx9HjZxg/3AJz6
|
||||||
|
r5i512L2R+3Hkv+XmxT+mnGBCFcny0DM7PjNXEmIK3ZSkro1tQML90zx3Fyh5esx
|
||||||
|
fpVvuIXGFV75o35VVCBZoiD3hcfOnIJsPQ9nABEBAAG0OE1pY3Jvc29mdCBKYXZh
|
||||||
|
IEVuZ2luZWVyaW5nIDxqYXZhcGxhdGluZnJhQG1pY3Jvc29mdC5jb20+iQE4BBMB
|
||||||
|
CAAiBQJgIZVnAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA1Ux0xWyHB
|
||||||
|
icwTCACJO2FGNocNvdUtAb+eDKuGwt0chAJdCES2ZtgBScwrwDyWpxpRznoXWBHL
|
||||||
|
MJeLyxJoKsCG3vVlY4uh48psCzVm3OKvi7MCPT955t8W6TzfSBxTpjR8zRgJkjPJ
|
||||||
|
EGhHTlusUfz7TtM5etJF0qscSJH1grcNsgtee97mk4QyEzT8Di83NQmYxKcBrliq
|
||||||
|
yK/SWWt8VkTyYAEO6L5PoB4L9r8ka27uQs+jgCw+/Z0JMtNmmhyNGY3+a1YtPeoy
|
||||||
|
JdQaI9LphfKGbVaz6SK2aol7vj+c2TG3TLUYdOYGMH1OZlri2GTkCVjwna2GC7p4
|
||||||
|
Fa133tP85xzJEq1XeXm8WeLFo2wV
|
||||||
|
=rHCS
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----`;
|
||||||
Loading…
Reference in New Issue
Block a user