diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 36610f0..ddf1537 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,6 +33,7 @@ jobs: macos-12, # macOS on Intel windows-latest ] + set-gds-token: [false] components: [''] include: - java-version: 'latest-ea' @@ -54,6 +55,14 @@ jobs: - java-version: '21.0.0' # test for GA version (see #63) distribution: 'graalvm' os: ubuntu-latest + - java-version: '17' + distribution: 'graalvm' + os: ubuntu-latest + set-gds-token: true + - java-version: '17.0.12' # Upgrade to '17.0.13' after Oct 2024 + distribution: 'graalvm' + os: ubuntu-latest + set-gds-token: true steps: - uses: actions/checkout@v4 - name: Run setup-graalvm action @@ -63,6 +72,7 @@ jobs: distribution: ${{ matrix.distribution }} github-token: ${{ secrets.GITHUB_TOKEN }} components: ${{ matrix.components }} + gds-token: ${{ matrix.set-gds-token && secrets.GDS_TOKEN || '' }} - name: Check environment run: | echo "GRAALVM_HOME: $GRAALVM_HOME" diff --git a/README.md b/README.md index bd3f96f..82d987d 100644 --- a/README.md +++ b/README.md @@ -80,8 +80,7 @@ jobs: path: helloworld* ``` -
-

Template for Oracle GraalVM Early Access (EA) builds

 +### Template for Oracle GraalVM Early Access (EA) builds ```yml name: Oracle GraalVM Early Access build @@ -93,18 +92,36 @@ jobs: - uses: actions/checkout@v4 - uses: graalvm/setup-graalvm@v1 with: - java-version: '23-ea' # or 'latest-ea' for the latest Java version available + java-version: '24-ea' # or 'latest-ea' for the latest Java version available distribution: 'graalvm' github-token: ${{ secrets.GITHUB_TOKEN }} ``` -
-
-

Template for older GraalVM releases

 +

Template for Oracle GraalVM via GraalVM Download Service

 + +#### Prerequisites + +1. Obtain a token for the GraalVM Download Service. For this, replace `your@email.com` with your email address and run the following `curl` command: + +```bash +curl -sS -X POST "https://gds.oracle.com/api/20220101/licenseAcceptance" \ + -H "Content-Type: application/json" \ + -d "{ \"email\": \"your@email.com\", \"licenseId\": \"D53FA58D12817B3CE0530F15000A74CA\", \"type\": \"GENERATE_TOKEN_AND_ACCEPT_LICENSE\"}" +``` + +The response should look like this: + +```json +{"token":"","status":"UNVERIFIED"} +``` + +2. Store the value of `` as a [GitHub Action secret][gha-secrets]. For the following template, we use the name `GDS_TOKEN`. +3. Check your emails and accept the license to activate the token. +4. Use `java-version: '17'` (or a specific version such as `17.0.13`) and provide the `GDS_TOKEN` as shown in the following template: ```yml -name: GraalVM build +name: Build with Oracle GraalVM for JDK 17 via GDS on: [push, pull_request] jobs: build: @@ -113,10 +130,14 @@ jobs: - uses: actions/checkout@v4 - uses: graalvm/setup-graalvm@v1 with: - version: '22.3.2' # GraalVM version + distribution: 'graalvm' java-version: '17' - components: 'native-image' + gds-token: ${{ secrets.GDS_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Example step + run: | + java --version + native-image --version ```
@@ -129,7 +150,7 @@ jobs: 1. Download the version of [GraalVM Enterprise Edition (EE)][graalvm-ee] you want to run on GitHub Actions. 2. Use the [GraalVM Updater][gu] to install the GraalVM components you need on GitHub Actions and accept the corresponding licenses. 3. Run `$GRAALVM_HOME/bin/gu --show-ee-token` to display your token for the GraalVM Download Service. -4. Store this token as a [GitHub Action secret][gha-secrets]. For this template, we use the name `GDS_TOKEN`. +4. Store this token as a [GitHub Action secret][gha-secrets]. In the following template, we use the name `GDS_TOKEN`. ```yml name: GraalVM Enterprise Edition build @@ -155,6 +176,39 @@ jobs: +## Options + +| Name | Default | Description | +|-----------------|:--------:|-------------| +| `java-version`
*(required)* | n/a | Java version | +| `distribution` | `'graalvm'` | GraalVM distribution | +| `java-package` | `'jdk'` | The package type (`'jdk'` or `'jdk+fx'`). Currently applies to Liberica only. | +| `github-token` | `'${{ github.token }}'` | Token for communication with the GitHub API. Please set this to `${{ secrets.GITHUB_TOKEN }}` (see [templates](#templates)) to allow the action to authenticate with the GitHub API, which helps reduce rate-limiting issues. | +| `set-java-home` | `'true'` | If set to `'true'`, instructs the action to set `$JAVA_HOME` to the path of the GraalVM installation. Overrides any previous action or command that sets `$JAVA_HOME`. | +| `cache` | `''` | Name of the build platform to cache dependencies. Turned off by default (`''`). It can also be `'maven'`, `'gradle'`, or `'sbt'` and works the same way as described in [actions/setup-java][setup-java-caching]. | +| `check-for-updates` | `'true'` | [Annotate jobs][gha-annotations] with update notifications, for example when a new GraalVM release is available. | +| `native-image-musl` | `'false'` | If set to `'true'`, sets up [musl] to build [static binaries][native-image-static] with GraalVM Native Image *(Linux only)*. [Example usage][native-image-musl-build] (be sure to replace `uses: ./` with `uses: graalvm/setup-graalvm@v1`). | +| `native-image-job-reports` *) | `'false'` | If set to `'true'`, post a job summary containing a Native Image build report. | +| `native-image-pr-reports` *) | `'false'` | If set to `'true'`, post a comment containing a Native Image build report on pull requests. Requires `write` permissions for the [`pull-requests` scope][gha-permissions]. | +| `native-image-pr-reports-update-existing` *) | `'false'` | Instead of posting another comment, update an existing PR comment with the latest Native Image build report. Requires `native-image-pr-reports` to be `true`. | +| `components` | `''` | Comma-separated list of GraalVM components (e.g., `native-image` or `ruby,nodejs`) that will be installed by the [GraalVM Updater][gu]. | +| `version` | `''` | `X.Y.Z` (e.g., `22.3.0`) for a specific [GraalVM release][releases] up to `22.3.2`
`mandrel-X.Y.Z.W` or `X.Y.Z.W-Final` (e.g., `mandrel-21.3.0.0-Final` or `21.3.0.0-Final`) for a specific [Mandrel release][mandrel-releases],
`mandrel-latest` or `latest` for the latest Mandrel stable release. | +| `gds-token` | `''` | Download token for the GraalVM Download Service. at <> Store this token as a [GitHub Action secret][gha-secrets]. For thie followingtemplate, we use the name `GDS_TOKEN`.. If a non-empty token is provided, the action will set up GraalVM Enterprise Edition (see [GraalVM EE template](#template-for-graalvm-enterprise-edition)). | +**) Make sure that Native Image is used only once per build job. Otherwise, the report is only generated for the last Native Image build.* + + +## Notes on Oracle GraalVM for JDK 17 + +GraalVM for JDK 17.0.12 is the [last release of Oracle GraalVM for JDK 17 under the GFTC](https://blogs.oracle.com/java/post/jdk-17-approaches-endofpermissive-license). +Updates after September 2024 will be licensed under the [GraalVM OTN License Including License for Early Adopter Versions](https://www.oracle.com/downloads/licenses/graalvm-otn-license.html) (GOTN) and production use beyond the limited free grants of the GraalVM OTN license will require a fee. + +As a user of `setup-graalvm`, you have the following options: + +- *Recommended*: Upgrade to Oracle GraalVM for JDK 21 or later to receive new updates. +- *Not recommended*: Instead of `java-version: '17'`, use `java-version: '17.0.12'` in your workflow to keep using the last release under GFTC. This will also disable the warning. Note that switching to GraalVM Community Edition or other GraalVM distributions might provide you with even older releases of GraalVM. +- Provide a `gds-token` to access Oracle GraalVM for JDK 17 under GOTN (see [Oracle GraalVM via GDS template](#template-for-oracle-graalvm-via-graalvm-download-service)). + + ## Migrating from GraalVM 22.3 or Earlier to the New GraalVM for JDK 17 and Later The [GraalVM for JDK 17 and JDK 20 release](https://medium.com/graalvm/a-new-graalvm-release-and-new-free-license-4aab483692f5) aligns the GraalVM version scheme with OpenJDK. @@ -183,28 +237,6 @@ can be replaced with: ``` -## Options - -| Name | Default | Description | -|-----------------|:--------:|-------------| -| `java-version`
*(required)* | n/a | Java version | -| `distribution` | `'graalvm'` | GraalVM distribution | -| `java-package` | `'jdk'` | The package type (`'jdk'` or `'jdk+fx'`). Currently applies to Liberica only. | -| `github-token` | `'${{ github.token }}'` | Token for communication with the GitHub API. Please set this to `${{ secrets.GITHUB_TOKEN }}` (see [templates](#templates)) to allow the action to authenticate with the GitHub API, which helps reduce rate-limiting issues. | -| `set-java-home` | `'true'` | If set to `'true'`, instructs the action to set `$JAVA_HOME` to the path of the GraalVM installation. Overrides any previous action or command that sets `$JAVA_HOME`. | -| `cache` | `''` | Name of the build platform to cache dependencies. Turned off by default (`''`). It can also be `'maven'`, `'gradle'`, or `'sbt'` and works the same way as described in [actions/setup-java][setup-java-caching]. | -| `check-for-updates` | `'true'` | [Annotate jobs][gha-annotations] with update notifications, for example when a new GraalVM release is available. | -| `native-image-musl` | `'false'` | If set to `'true'`, sets up [musl] to build [static binaries][native-image-static] with GraalVM Native Image *(Linux only)*. [Example usage][native-image-musl-build] (be sure to replace `uses: ./` with `uses: graalvm/setup-graalvm@v1`). | -| `native-image-job-reports` *) | `'false'` | If set to `'true'`, post a job summary containing a Native Image build report. | -| `native-image-pr-reports` *) | `'false'` | If set to `'true'`, post a comment containing a Native Image build report on pull requests. Requires `write` permissions for the [`pull-requests` scope][gha-permissions]. | -| `native-image-pr-reports-update-existing` *) | `'false'` | Instead of posting another comment, update an existing PR comment with the latest Native Image build report. Requires `native-image-pr-reports` to be `true`. | -| `components` | `''` | Comma-separated list of GraalVM components (e.g., `native-image` or `ruby,nodejs`) that will be installed by the [GraalVM Updater][gu]. | -| `version` | `''` | `X.Y.Z` (e.g., `22.3.0`) for a specific [GraalVM release][releases] up to `22.3.2`
`mandrel-X.Y.Z.W` or `X.Y.Z.W-Final` (e.g., `mandrel-21.3.0.0-Final` or `21.3.0.0-Final`) for a specific [Mandrel release][mandrel-releases],
`mandrel-latest` or `latest` for the latest Mandrel stable release. | -| `gds-token` | `''` | Download token for the GraalVM Download Service. If a non-empty token is provided, the action will set up GraalVM Enterprise Edition (see [GraalVM EE template](#template-for-graalvm-enterprise-edition)). | - -**) Make sure that Native Image is used only once per build job. Otherwise, the report is only generated for the last Native Image build.* - - ## Contributing We welcome code contributions. To get started, you will need to sign the [Oracle Contributor Agreement][oca] (OCA). @@ -215,6 +247,7 @@ Only pull requests from committers that can be verified as having signed the OCA [dev-build]: https://github.com/graalvm/graalvm-ce-dev-builds/releases/latest [dev-builds]: https://github.com/graalvm/graalvm-ce-dev-builds [ea-builds]: https://github.com/graalvm/oracle-graalvm-ea-builds +[gftc]: https://www.oracle.com/downloads/licenses/graal-free-license.html [gha-annotations]: https://github.com/actions/toolkit/tree/main/packages/core#annotations [gha-permissions]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions [gha-secrets]: https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository diff --git a/__tests__/gds.test.ts b/__tests__/gds.test.ts index 3fc7eea..e99e924 100644 --- a/__tests__/gds.test.ts +++ b/__tests__/gds.test.ts @@ -1,5 +1,10 @@ import * as path from 'path' -import {downloadGraalVMEELegacy, fetchArtifact} from '../src/gds' +import { + downloadGraalVM, + downloadGraalVMEELegacy, + fetchArtifact, + fetchArtifactEE +} from '../src/gds' import {expect, test} from '@jest/globals' const TEST_USER_AGENT = 'GraalVMGitHubActionTest/1.0.4' @@ -7,7 +12,28 @@ const TEST_USER_AGENT = 'GraalVMGitHubActionTest/1.0.4' process.env['RUNNER_TEMP'] = path.join(__dirname, 'TEMP') test('fetch artifacts', async () => { - let artifact = await fetchArtifact( + let artifact = await fetchArtifact(TEST_USER_AGENT, 'isBase:True', '17.0.12') + expect(artifact.id).toBe('1C351E8F41BB8E9EE0631518000AE5F2') + expect(artifact.checksum).toBe( + 'b6f3dace24cf1960ec790216f4c86f00d4f43df64e4e8b548f6382f04894713f' + ) + artifact = await fetchArtifact(TEST_USER_AGENT, 'isBase:True', '17') + expect(artifact.checksum).toHaveLength( + 'b6f3dace24cf1960ec790216f4c86f00d4f43df64e4e8b548f6382f04894713f'.length + ) +}) + +test('errors when downloading artifacts', async () => { + await expect(downloadGraalVM('invalid', '17')).rejects.toThrow( + 'The provided "gds-token" was rejected (reason: "Invalid download token", opc-request-id: ' + ) + await expect(downloadGraalVM('invalid', '1')).rejects.toThrow( + 'Unable to find GraalVM for JDK 1' + ) +}) + +test('fetch legacy artifacts', async () => { + let artifact = await fetchArtifactEE( TEST_USER_AGENT, 'isBase:True', '22.1.0', @@ -17,21 +43,26 @@ test('fetch artifacts', async () => { expect(artifact.checksum).toBe( '4280782f6c7fcabe0ba707e8389cbfaf7bbe6b0cf634d309e6efcd1b172e3ce6' ) - artifact = await fetchArtifact(TEST_USER_AGENT, 'isBase:True', '22.1.0', '17') + artifact = await fetchArtifactEE( + TEST_USER_AGENT, + 'isBase:True', + '22.1.0', + '17' + ) expect(artifact.id).toBe('DCECD2068882A0E9E0536E16000A9504') expect(artifact.checksum).toBe( 'e897add7d94bc456a61e6f927e831dff759efa3392a4b69c720dd3debc8f947d' ) await expect( - fetchArtifact(TEST_USER_AGENT, 'isBase:False', '22.1.0', '11') + fetchArtifactEE(TEST_USER_AGENT, 'isBase:False', '22.1.0', '11') ).rejects.toThrow('Found more than one GDS artifact') await expect( - fetchArtifact(TEST_USER_AGENT, 'isBase:True', '1.0.0', '11') + fetchArtifactEE(TEST_USER_AGENT, 'isBase:True', '1.0.0', '11') ).rejects.toThrow('Unable to find JDK11-based GraalVM EE 1.0.0') }) -test('errors when downloading artifacts', async () => { +test('errors when downloading legacy artifacts', async () => { await expect( downloadGraalVMEELegacy('invalid', '22.1.0', '11') ).rejects.toThrow( diff --git a/dist/cleanup/index.js b/dist/cleanup/index.js index c6aa9c0..4d6cc73 100644 Binary files a/dist/cleanup/index.js and b/dist/cleanup/index.js differ diff --git a/dist/main/index.js b/dist/main/index.js index 14bf698..042dee7 100644 Binary files a/dist/main/index.js and b/dist/main/index.js differ diff --git a/src/constants.ts b/src/constants.ts index 11964e8..f3ab2f5 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -1,5 +1,7 @@ import * as otypes from '@octokit/types' +export const ACTION_VERSION = '1.2.3' + export const INPUT_VERSION = 'version' export const INPUT_GDS_TOKEN = 'gds-token' export const INPUT_JAVA_VERSION = 'java-version' diff --git a/src/gds.ts b/src/gds.ts index 22560fc..87d4f4e 100644 --- a/src/gds.ts +++ b/src/gds.ts @@ -6,6 +6,7 @@ import * as io from '@actions/io' import * as path from 'path' import * as stream from 'stream' import * as util from 'util' +import * as semver from 'semver' import {IncomingHttpHeaders, OutgoingHttpHeaders} from 'http' import {RetryHelper} from '@actions/tool-cache/lib/retry-helper' import {calculateSHA256} from './utils' @@ -26,13 +27,26 @@ interface GDSErrorResponse { readonly message: string } +export async function downloadGraalVM( + gdsToken: string, + javaVersion: string +): Promise { + const userAgent = `GraalVMGitHubAction/${c.ACTION_VERSION} (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})` + const baseArtifact = await fetchArtifact( + userAgent, + 'isBase:True', + javaVersion + ) + return downloadArtifact(gdsToken, userAgent, baseArtifact) +} + export async function downloadGraalVMEELegacy( gdsToken: string, version: string, javaVersion: string ): Promise { - const userAgent = `GraalVMGitHubAction/1.2.3 (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})` - const baseArtifact = await fetchArtifact( + const userAgent = `GraalVMGitHubAction/${c.ACTION_VERSION} (arch:${c.GRAALVM_ARCH}; os:${c.GRAALVM_PLATFORM}; java:${javaVersion})` + const baseArtifact = await fetchArtifactEE( userAgent, 'isBase:True', version, @@ -42,6 +56,49 @@ export async function downloadGraalVMEELegacy( } export async function fetchArtifact( + userAgent: string, + metadata: string, + javaVersion: string +): Promise { + const http = new httpClient.HttpClient(userAgent) + + let filter + if (javaVersion.includes('.')) { + filter = `metadata=version:${javaVersion}` + } else { + filter = `sortBy=timeCreated&sortOrder=DESC&limit=1` // latest and only one item + } + + let majorJavaVersion + if (semver.valid(javaVersion)) { + majorJavaVersion = semver.major(javaVersion) + } else { + majorJavaVersion = javaVersion + } + + const catalogOS = c.IS_MACOS ? 'macos' : c.GRAALVM_PLATFORM + const requestUrl = `${c.GDS_BASE}/artifacts?productId=${c.GDS_GRAALVM_PRODUCT_ID}&displayName=Oracle%20GraalVM&${filter}&metadata=java:jdk${majorJavaVersion}&metadata=os:${catalogOS}&metadata=arch:${c.GRAALVM_ARCH}&metadata=${metadata}&status=PUBLISHED&responseFields=id&responseFields=checksum` + core.debug(`Requesting ${requestUrl}`) + const response = await http.get(requestUrl, {accept: 'application/json'}) + if (response.message.statusCode !== 200) { + throw new Error( + `Unable to find GraalVM for JDK ${javaVersion}. Are you sure java-version: '${javaVersion}' is correct?` + ) + } + const artifactResponse = JSON.parse( + await response.readBody() + ) as GDSArtifactsResponse + if (artifactResponse.items.length !== 1) { + throw new Error( + artifactResponse.items.length > 1 + ? `Found more than one GDS artifact. ${c.ERROR_HINT}` + : `Unable to find GDS artifact. Are you sure java-version: '${javaVersion}' is correct?` + ) + } + return artifactResponse.items[0] +} + +export async function fetchArtifactEE( userAgent: string, metadata: string, version: string, diff --git a/src/graalvm.ts b/src/graalvm.ts index 4a4431c..b39391f 100644 --- a/src/graalvm.ts +++ b/src/graalvm.ts @@ -1,4 +1,5 @@ import * as c from './constants' +import * as core from '@actions/core' import * as semver from 'semver' import { downloadAndExtractJDK, @@ -8,7 +9,7 @@ import { getMatchingTags, getTaggedRelease } from './utils' -import {downloadGraalVMEELegacy} from './gds' +import {downloadGraalVM, downloadGraalVMEELegacy} from './gds' import {downloadTool} from '@actions/tool-cache' import {basename} from 'path' @@ -23,13 +24,27 @@ const GRAALVM_TAG_PREFIX = 'vm-' // Support for GraalVM for JDK 17 and later export async function setUpGraalVMJDK( - javaVersionOrDev: string + javaVersionOrDev: string, + gdsToken: string ): Promise { if (javaVersionOrDev === c.VERSION_DEV) { return setUpGraalVMJDKDevBuild() } + const isTokenProvided = gdsToken.length > 0 let javaVersion = javaVersionOrDev const toolName = determineToolName(javaVersion, false) + if (javaVersionOrDev === '17' && !isTokenProvided) { + core.warning( + 'This build uses the last update of Oracle GraalVM for JDK 17 under the GFTC. More details: https://github.com/marketplace/actions/github-action-for-graalvm#notes-on-oracle-graalvm-for-jdk-17' + ) + return setUpGraalVMJDK('17.0.12', gdsToken) + } + if (isTokenProvided) { + // Download from GDS + const downloader = async () => downloadGraalVM(gdsToken, javaVersion) + return downloadExtractAndCacheJDK(downloader, toolName, javaVersion) + } + // Download from oracle.com let downloadName = toolName let downloadUrl: string if (javaVersion.endsWith('-ea')) { diff --git a/src/main.ts b/src/main.ts index 75b373e..7f32b82 100644 --- a/src/main.ts +++ b/src/main.ts @@ -59,7 +59,7 @@ async function run(): Promise { } switch (distribution) { case c.DISTRIBUTION_GRAALVM: - graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion) + graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion, gdsToken) break case c.DISTRIBUTION_GRAALVM_COMMUNITY: graalVMHome = await graalvm.setUpGraalVMJDKCE(javaVersion) @@ -80,7 +80,7 @@ async function run(): Promise { core.info( `This build is using the new Oracle GraalVM. To select a specific distribution, use the 'distribution' option (see https://github.com/graalvm/setup-graalvm/tree/main#options).` ) - graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion) + graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion, gdsToken) } break default: @@ -98,7 +98,7 @@ async function run(): Promise { core.info( `This build is using the new Oracle GraalVM. To select a specific distribution, use the 'distribution' option (see https://github.com/graalvm/setup-graalvm/tree/main#options).` ) - graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion) + graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion, gdsToken) } else { graalVMHome = await graalvm.setUpGraalVMLatest_22_X( gdsToken, @@ -119,7 +119,7 @@ async function run(): Promise { core.warning( `GraalVM dev builds are only available for JDK 21. This build is now using a stable release of GraalVM for JDK ${javaVersion}.` ) - graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion) + graalVMHome = await graalvm.setUpGraalVMJDK(javaVersion, gdsToken) } else { graalVMHome = await graalvm.setUpGraalVMJDKDevBuild() }