Add cacerts parameter, which can copy existing cacerts into JDK

This commit is contained in:
Michal Dvorak 2022-01-17 17:11:15 +01:00 committed by Michal Dvořák
parent d53b046579
commit 0d42bcacb6
No known key found for this signature in database
GPG Key ID: 42E7AE26FA8092D2
11 changed files with 2167 additions and 2075 deletions

View File

@ -144,6 +144,7 @@ jobs:
- [Installing custom Java package type](docs/advanced-usage.md#Installing-custom-Java-package-type)
- [Installing custom Java architecture](docs/advanced-usage.md#Installing-custom-Java-architecture)
- [Installing custom Java distribution from local file](docs/advanced-usage.md#Installing-Java-from-local-file)
- [Using existing cacerts file](docs/advanced-usage.md#Using-existing-cacerts-file)
- [Testing against different Java distributions](docs/advanced-usage.md#Testing-against-different-Java-distributions)
- [Testing against different platforms](docs/advanced-usage.md#Testing-against-different-platforms)
- [Publishing using Apache Maven](docs/advanced-usage.md#Publishing-using-Apache-Maven)

View File

@ -11,6 +11,7 @@ import {
JavaInstallerOptions,
JavaInstallerResults
} from '../../src/distributions/base-models';
import fs from "fs";
class EmptyJavaBase extends JavaBase {
constructor(installerOptions: JavaInstallerOptions) {
@ -349,3 +350,43 @@ describe('getToolcacheVersionName', () => {
expect(actual).toBe(expected);
});
});
describe('initCacerts', () => {
const DummyJavaBase = JavaBase as any;
let spyFsCopyFileSync: jest.SpyInstance;
beforeEach(() => {
spyFsCopyFileSync = jest.spyOn(fs, 'copyFileSync').mockImplementation();
});
afterEach(() => {
jest.resetAllMocks();
jest.clearAllMocks();
jest.restoreAllMocks();
});
it('should do nothing when not set', () => {
const mockJavaBase = new EmptyJavaBase({
version: '11',
packageType: 'jdk',
architecture: 'x64',
checkLatest: false,
cacerts: '',
});
DummyJavaBase.prototype.initCacerts.call(mockJavaBase, '/tmp/dummy_jdk');
expect(spyFsCopyFileSync).not.toHaveBeenCalled()
});
it('should copy cacerts file', () => {
const mockJavaBase = new EmptyJavaBase({
version: '11',
packageType: 'jdk',
architecture: 'x64',
checkLatest: false,
cacerts: '/etc/ssl/certs/java/cacerts',
});
DummyJavaBase.prototype.initCacerts.call(mockJavaBase, '/tmp/dummy_jdk');
expect(spyFsCopyFileSync).toHaveBeenCalledWith('/etc/ssl/certs/java/cacerts', path.join('/tmp/dummy_jdk', 'lib/security/cacerts'))
});
});

View File

@ -24,6 +24,9 @@ inputs:
description: 'Set this option if you want the action to check for the latest available version that satisfies the version spec'
required: false
default: false
cacerts:
description: 'Copy cacerts file from given path into newly downloaded Java installation'
required: false
server-id:
description: 'ID of the distributionManagement repository in the pom.xml
file. Default is `github`'

View File

@ -53627,7 +53627,7 @@ exports.saveCache = saveCache;
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CACERTS = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
exports.INPUT_JAVA_VERSION = 'java-version';
exports.INPUT_ARCHITECTURE = 'architecture';
@ -53635,6 +53635,7 @@ exports.INPUT_JAVA_PACKAGE = 'java-package';
exports.INPUT_DISTRIBUTION = 'distribution';
exports.INPUT_JDK_FILE = 'jdkFile';
exports.INPUT_CHECK_LATEST = 'check-latest';
exports.INPUT_CACERTS = 'cacerts';
exports.INPUT_SERVER_ID = 'server-id';
exports.INPUT_SERVER_USERNAME = 'server-username';
exports.INPUT_SERVER_PASSWORD = 'server-password';

18
dist/setup/index.js vendored
View File

@ -4730,6 +4730,7 @@ class JavaBase {
this.architecture = installerOptions.architecture;
this.packageType = installerOptions.packageType;
this.checkLatest = installerOptions.checkLatest;
this.cacerts = installerOptions.cacerts;
}
setupJava() {
return __awaiter(this, void 0, void 0, function* () {
@ -4757,6 +4758,7 @@ class JavaBase {
}
core.info(`Setting Java ${foundJava.version} as the default`);
this.setJavaDefault(foundJava.version, foundJava.path);
this.initCacerts(foundJava.path);
return foundJava;
});
}
@ -4836,6 +4838,14 @@ class JavaBase {
core.setOutput('path', toolPath);
core.setOutput('version', version);
}
initCacerts(toolPath) {
if (!this.cacerts) {
return;
}
const toolCacerts = path_1.default.join(toolPath, 'lib', 'security', 'cacerts');
core.info(`Copying cacerts from ${this.cacerts}`);
fs.copyFileSync(this.cacerts, toolCacerts);
}
}
exports.JavaBase = JavaBase;
@ -11524,6 +11534,7 @@ class LocalDistribution extends base_installer_1.JavaBase {
}
core.info(`Setting Java ${foundJava.version} as default`);
this.setJavaDefault(foundJava.version, foundJava.path);
this.initCacerts(foundJava.path);
return foundJava;
});
}
@ -14227,7 +14238,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CACERTS = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
exports.INPUT_JAVA_VERSION = 'java-version';
exports.INPUT_ARCHITECTURE = 'architecture';
@ -14235,6 +14246,7 @@ exports.INPUT_JAVA_PACKAGE = 'java-package';
exports.INPUT_DISTRIBUTION = 'distribution';
exports.INPUT_JDK_FILE = 'jdkFile';
exports.INPUT_CHECK_LATEST = 'check-latest';
exports.INPUT_CACERTS = 'cacerts';
exports.INPUT_SERVER_ID = 'server-id';
exports.INPUT_SERVER_USERNAME = 'server-username';
exports.INPUT_SERVER_PASSWORD = 'server-password';
@ -59995,11 +60007,13 @@ function run() {
const jdkFile = core.getInput(constants.INPUT_JDK_FILE);
const cache = core.getInput(constants.INPUT_CACHE);
const checkLatest = util_1.getBooleanInput(constants.INPUT_CHECK_LATEST, false);
const cacerts = core.getInput(constants.INPUT_CACERTS);
const installerOptions = {
architecture,
packageType,
version,
checkLatest
checkLatest,
cacerts
};
const distribution = distribution_factory_1.getJavaDistribution(distributionName, installerOptions, jdkFile);
if (!distribution) {

View File

@ -120,6 +120,19 @@ steps:
- run: java -cp java HelloWorldApp
```
## Using existing cacerts file
In enterprise environment, custom CA truststore is often used. By specifying source file action can copy the `cacerts`
into new Java installation automatically.
```yaml
- uses: actions/setup-java@v2
with:
distribution: '<distribution>'
java-version: '11'
cacerts: '/etc/ssl/certs/java/cacerts'
- run: java -cp java HelloWorldApp
```
## Testing against different Java distributions
**NOTE:** The different distributors can provide discrepant list of available versions / supported configurations. Please refer to the official documentation to see the list of supported versions.
```yaml

View File

@ -5,6 +5,7 @@ export const INPUT_JAVA_PACKAGE = 'java-package';
export const INPUT_DISTRIBUTION = 'distribution';
export const INPUT_JDK_FILE = 'jdkFile';
export const INPUT_CHECK_LATEST = 'check-latest';
export const INPUT_CACERTS = 'cacerts';
export const INPUT_SERVER_ID = 'server-id';
export const INPUT_SERVER_USERNAME = 'server-username';
export const INPUT_SERVER_PASSWORD = 'server-password';

View File

@ -15,6 +15,7 @@ export abstract class JavaBase {
protected packageType: string;
protected stable: boolean;
protected checkLatest: boolean;
protected cacerts?: string;
constructor(protected distribution: string, installerOptions: JavaInstallerOptions) {
this.http = new httpm.HttpClient('actions/setup-java', undefined, {
@ -28,6 +29,7 @@ export abstract class JavaBase {
this.architecture = installerOptions.architecture;
this.packageType = installerOptions.packageType;
this.checkLatest = installerOptions.checkLatest;
this.cacerts = installerOptions.cacerts;
}
protected abstract downloadTool(javaRelease: JavaDownloadRelease): Promise<JavaInstallerResults>;
@ -58,6 +60,7 @@ export abstract class JavaBase {
core.info(`Setting Java ${foundJava.version} as the default`);
this.setJavaDefault(foundJava.version, foundJava.path);
this.initCacerts(foundJava.path);
return foundJava;
}
@ -148,4 +151,15 @@ export abstract class JavaBase {
core.setOutput('path', toolPath);
core.setOutput('version', version);
}
protected initCacerts(toolPath: string) {
if (!this.cacerts) {
return;
}
const toolCacerts = path.join(toolPath, 'lib', 'security', 'cacerts');
core.info(`Copying cacerts from ${this.cacerts}`);
fs.copyFileSync(this.cacerts, toolCacerts);
}
}

View File

@ -3,6 +3,7 @@ export interface JavaInstallerOptions {
architecture: string;
packageType: string;
checkLatest: boolean;
cacerts?: string;
}
export interface JavaInstallerResults {

View File

@ -63,6 +63,7 @@ export class LocalDistribution extends JavaBase {
core.info(`Setting Java ${foundJava.version} as default`);
this.setJavaDefault(foundJava.version, foundJava.path);
this.initCacerts(foundJava.path);
return foundJava;
}

View File

@ -16,12 +16,14 @@ async function run() {
const jdkFile = core.getInput(constants.INPUT_JDK_FILE);
const cache = core.getInput(constants.INPUT_CACHE);
const checkLatest = getBooleanInput(constants.INPUT_CHECK_LATEST, false);
const cacerts = core.getInput(constants.INPUT_CACERTS);
const installerOptions: JavaInstallerOptions = {
architecture,
packageType,
version,
checkLatest
checkLatest,
cacerts
};
const distribution = getJavaDistribution(distributionName, installerOptions, jdkFile);