Merge d3a91fa39c into bcfbca5b71

Add workflow file for publishing releases to immutable action package

.github/workflows/e2e-versions.yml

@@ -31,6 +31,7 @@ jobs:
             'semeru',
             'corretto',
             'dragonwell',
+            'sapmachine',
             'jetbrains'
           ] # internally 'adopt-hotspot' is the same as 'adopt'
         version: ['21', '11', '17']
@@ -86,6 +87,9 @@ jobs:
           - distribution: dragonwell
             os: ubuntu-latest
             version: '11.0.13+9'
+          - distribution: sapmachine
+            os: ubuntu-latest
+            version: '17.0.7'
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -107,7 +111,8 @@ jobs:
       fail-fast: false
       matrix:
         os: [macos-latest, windows-latest, ubuntu-latest]
-        distribution: ['temurin', 'zulu', 'liberica', 'dragonwell']
+        distribution:
+          ['temurin', 'zulu', 'liberica', 'dragonwell', 'sapmachine']
         exclude:
           - distribution: dragonwell
             os: macos-latest
@@ -133,7 +138,8 @@ jobs:
       fail-fast: false
       matrix:
         os: [macos-latest, windows-latest, ubuntu-latest]
-        distribution: ['temurin', 'zulu', 'liberica', 'dragonwell']
+        distribution:
+          ['temurin', 'zulu', 'liberica', 'dragonwell', 'sapmachine']
         exclude:
           - distribution: dragonwell
             os: macos-latest
@@ -155,10 +161,10 @@ jobs:
           {
             $envName = "JAVA_HOME_${version}_${env:RUNNER_ARCH}"
             $JavaVersionPath = [Environment]::GetEnvironmentVariable($envName)
-            if (-not (Test-Path "$JavaVersionPath")) { 
+            if (-not (Test-Path "$JavaVersionPath")) {
               Write-Host "$envName is not found"
               exit 1
-            } 
+            }
           }
         shell: pwsh
       - name: Verify Java
@@ -209,6 +215,28 @@ jobs:
         run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
         shell: bash
 
+  setup-java-ea-versions-sapmachine:
+    name: sapmachine ${{ matrix.version }} (jdk-x64) - ${{ matrix.os }}
+    needs: setup-java-major-minor-versions
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+        version: ['17-ea', '21-ea']
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: setup-java
+        uses: ./
+        id: setup-java
+        with:
+          java-version: ${{ matrix.version }}
+          distribution: sapmachine
+      - name: Verify Java
+        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        shell: bash
+
   setup-java-custom-package-type:
     name: ${{ matrix.distribution }} ${{ matrix.version }} (${{ matrix.java-package }}-x64) - ${{ matrix.os }}
     needs: setup-java-major-minor-versions
@@ -217,7 +245,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [macos-13, windows-latest, ubuntu-latest]
-        distribution: ['temurin', 'zulu', 'liberica', 'semeru']
+        distribution: ['temurin', 'zulu', 'liberica', 'semeru', 'sapmachine']
         java-package: ['jre']
         version: ['17.0']
         include:

.github/workflows/publish-immutable-actions.yml

@@ -0,0 +1,22 @@
+name: 'Publish Immutable Action Version'
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+
+    steps:
+      - name: Checking out
+        uses: actions/checkout@v4
+      - name: Publish
+        id: publish
+        uses: actions/publish-immutable-action@0.0.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -28,7 +28,7 @@ This action allows you to work with Java and Scala projects.
   - `java-version`: The Java version that is going to be set up. Takes a whole or [semver](#supported-version-syntax) Java version. If not specified, the action will expect `java-version-file` input to be specified.
 
   - `java-version-file`: The path to a file containing java version. Supported file types are `.java-version` and `.tool-versions`. See more details in [about .java-version-file](docs/advanced-usage.md#Java-version-file).
-   
+
   - `distribution`: _(required)_ Java [distribution](#supported-distributions).
 
   - `java-package`: The packaging variant of the chosen distribution. Possible values: `jdk`, `jre`, `jdk+fx`, `jre+fx`. Default value: `jdk`.
@@ -108,6 +108,7 @@ Currently, the following distributions are supported:
 | `semeru` | IBM Semeru Runtime Open Edition | [Link](https://developer.ibm.com/languages/java/semeru-runtimes/downloads/) | [Link](https://openjdk.java.net/legal/gplv2+ce.html) |
 | `oracle` | Oracle JDK | [Link](https://www.oracle.com/java/technologies/downloads/) | [Link](https://java.com/freeuselicense)
 | `dragonwell` | Alibaba Dragonwell JDK | [Link](https://dragonwell-jdk.io/) | [Link](https://www.aliyun.com/product/dragonwell/)
+| `sapmachine` | SAP SapMachine JDK/JRE | [Link](https://sapmachine.io/) | [Link](https://github.com/SAP/SapMachine/blob/sapmachine/LICENSE)
 | `jetbrains` | JetBrains Runtime | [Link](https://github.com/JetBrains/JetBrainsRuntime/) | [Link](https://github.com/JetBrains/JetBrainsRuntime/blob/main/LICENSE)
 
 **NOTE:** The different distributors can provide discrepant list of available versions / supported configurations. Please refer to the official documentation to see the list of supported versions.
@@ -258,6 +259,7 @@ In the example above multiple JDKs are installed for the same job. The result af
   - [Amazon Corretto](docs/advanced-usage.md#Amazon-Corretto)
   - [Oracle](docs/advanced-usage.md#Oracle)
   - [Alibaba Dragonwell](docs/advanced-usage.md#Alibaba-Dragonwell)
+  - [SapMachine](docs/advanced-usage.md#SapMachine)
 - [Installing custom Java package type](docs/advanced-usage.md#Installing-custom-Java-package-type)
 - [Installing custom Java architecture](docs/advanced-usage.md#Installing-custom-Java-architecture)
 - [Installing custom Java distribution from local file](docs/advanced-usage.md#Installing-Java-from-local-file)

__tests__/distributors/sapmachine-installer.test.ts

@@ -0,0 +1,294 @@
+import {HttpClient} from '@actions/http-client';
+import {SapMachineDistribution} from '../../src/distributions/sapmachine/installer';
+import * as utils from '../../src/util';
+
+import manifestData from '../data/sapmachine.json';
+
+describe('getAvailableVersions', () => {
+  let spyHttpClient: jest.SpyInstance;
+  let spyUtilGetDownloadArchiveExtension: jest.SpyInstance;
+
+  beforeEach(() => {
+    spyHttpClient = jest.spyOn(HttpClient.prototype, 'getJson');
+    spyHttpClient.mockReturnValue({
+      statusCode: 200,
+      headers: {},
+      result: manifestData
+    });
+
+    spyUtilGetDownloadArchiveExtension = jest.spyOn(
+      utils,
+      'getDownloadArchiveExtension'
+    );
+    spyUtilGetDownloadArchiveExtension.mockReturnValue('tar.gz');
+  });
+
+  afterEach(() => {
+    jest.resetAllMocks();
+    jest.clearAllMocks();
+    jest.restoreAllMocks();
+  });
+
+  const mockPlatform = (
+    distribution: SapMachineDistribution,
+    platform: string
+  ) => {
+    distribution['getPlatformOption'] = () => platform;
+    const mockedExtension = platform == 'windows' ? 'zip' : 'tar.gz';
+    spyUtilGetDownloadArchiveExtension.mockReturnValue(mockedExtension);
+  };
+
+  describe('shouldFallbackToBackupUrl', () => {
+    it('should return correct release when the primary URL is not available', async () => {
+      spyHttpClient.mockReturnValueOnce({
+        statusCode: 404,
+        headers: {},
+        result: ''
+      });
+      spyHttpClient.mockReturnValueOnce({
+        statusCode: 200,
+        headers: {},
+        result: manifestData
+      });
+
+      const version = '17';
+      const distribution = new SapMachineDistribution({
+        version: version,
+        architecture: 'x64',
+        packageType: 'jdk',
+        checkLatest: false
+      });
+
+      mockPlatform(distribution, 'linux');
+
+      const availableVersion = await distribution['findPackageForDownload'](
+        version
+      );
+      expect(availableVersion).not.toBeNull();
+      expect(availableVersion.url).toBe(
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.10/sapmachine-jdk-17.0.10_linux-x64_bin.tar.gz'
+      );
+    });
+  });
+
+  describe('getAvailableVersions', () => {
+    it.each([
+      ['11', 'x64', 'linux', 71],
+      ['11', 'aarch64', 'linux', 54],
+      ['17', 'riscv', 'linux', 0],
+      ['16.0.1', 'x64', 'linux', 71],
+      ['23-ea', 'x64', 'linux', 798],
+      ['23-ea', 'aarch64', 'windows', 0],
+      ['23-ea', 'x64', 'windows', 750]
+    ])(
+      'should get right number of available versions from JSON',
+      async (
+        jdkVersion: string,
+        arch: string,
+        platform: string,
+        len: number
+      ) => {
+        const distribution = new SapMachineDistribution({
+          version: jdkVersion,
+          architecture: arch,
+          packageType: 'jdk',
+          checkLatest: false
+        });
+        mockPlatform(distribution, platform);
+
+        const availableVersions = await distribution['getAvailableVersions']();
+        expect(availableVersions).not.toBeNull();
+        expect(availableVersions.length).toBe(len);
+      }
+    );
+  });
+
+  describe('findPackageForDownload', () => {
+    it.each([
+      [
+        '11',
+        'linux',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.22/sapmachine-jdk-11.0.22_linux-x64_bin.tar.gz'
+      ],
+      [
+        '11',
+        'linux',
+        'aarch64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.22/sapmachine-jdk-11.0.22_linux-aarch64_bin.tar.gz'
+      ],
+      [
+        '11',
+        'windows',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.22/sapmachine-jdk-11.0.22_windows-x64_bin.zip'
+      ],
+      [
+        '11.0.17',
+        'linux',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.17/sapmachine-jdk-11.0.17_linux-x64_bin.tar.gz'
+      ],
+      [
+        '17',
+        'linux',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.10/sapmachine-jdk-17.0.10_linux-x64_bin.tar.gz'
+      ],
+      [
+        '17',
+        'linux',
+        'aarch64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.10/sapmachine-jdk-17.0.10_linux-aarch64_bin.tar.gz'
+      ],
+      [
+        '17',
+        'windows',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.10/sapmachine-jdk-17.0.10_windows-x64_bin.zip'
+      ],
+      [
+        '17.0.4',
+        'linux',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.4.1/sapmachine-jdk-17.0.4.1_linux-x64_bin.tar.gz'
+      ],
+      [
+        '17',
+        'linux',
+        'x64',
+        'jre',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.10/sapmachine-jre-17.0.10_linux-x64_bin.tar.gz'
+      ],
+      [
+        '17',
+        'linux',
+        'aarch64',
+        'jre',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.10/sapmachine-jre-17.0.10_linux-aarch64_bin.tar.gz'
+      ],
+      [
+        '17',
+        'windows',
+        'x64',
+        'jre',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.10/sapmachine-jre-17.0.10_windows-x64_bin.zip'
+      ],
+      [
+        '17.0.4',
+        'linux',
+        'x64',
+        'jre',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.4.1/sapmachine-jre-17.0.4.1_linux-x64_bin.tar.gz'
+      ],
+      [
+        '23-ea',
+        'linux',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-23%2B15/sapmachine-jdk-23-ea.15_linux-x64_bin.tar.gz',
+        '23'
+      ],
+      [
+        '21.0.2+2-ea',
+        'linux',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-21.0.2%2B2/sapmachine-jdk-21.0.2-ea.2_linux-x64_bin.tar.gz',
+        '21.0.2+2'
+      ],
+      [
+        '17',
+        'linux-musl',
+        'x64',
+        'jdk',
+        'https://github.com/SAP/SapMachine/releases/download/sapmachine-17.0.10/sapmachine-jdk-17.0.10_linux-x64-musl_bin.tar.gz'
+      ]
+    ])(
+      'should return proper link according to the specified java-version, platform and arch',
+      async (
+        version: string,
+        platform: string,
+        arch: string,
+        packageType: string,
+        expectedLink: string,
+        normalizedVersion: string = version
+      ) => {
+        const distribution = new SapMachineDistribution({
+          version: version,
+          architecture: arch,
+          packageType: packageType,
+          checkLatest: false
+        });
+        mockPlatform(distribution, platform);
+
+        const availableVersion = await distribution['findPackageForDownload'](
+          normalizedVersion
+        );
+        expect(availableVersion).not.toBeNull();
+        expect(availableVersion.url).toBe(expectedLink);
+      }
+    );
+
+    it.each([
+      ['8', 'linux', 'x64'],
+      ['8', 'macos', 'aarch64'],
+      ['23', 'macos', 'aarch64'],
+      ['17', 'linux', 'riscv'],
+      ['23', 'linux', 'x64'],
+      ['25-ea', 'linux', 'x64', '25'],
+      ['8-ea', 'linux', 'x64', '8'],
+      ['21.0.3+7', 'linux', 'x64', '21.0.3+7'],
+      ['21.0.3+8-ea', 'linux', 'x64', '21.0.3+8'],
+      ['17', 'linux-muse', 'aarch64']
+    ])(
+      'should throw when required version of JDK can not be found in the JSON',
+      async (
+        version: string,
+        platform: string,
+        arch: string,
+        normalizedVersion: string = version
+      ) => {
+        const distribution = new SapMachineDistribution({
+          version: version,
+          architecture: arch,
+          packageType: 'jdk',
+          checkLatest: false
+        });
+        mockPlatform(distribution, platform);
+
+        await expect(
+          distribution['findPackageForDownload'](normalizedVersion)
+        ).rejects.toThrow(
+          `Couldn't find any satisfied version for the specified java-version: "${normalizedVersion}" and architecture: "${arch}".`
+        );
+      }
+    );
+
+    it('should throw when required package type is not supported', async () => {
+      const jdkVersion = '17';
+      const arch = 'x64';
+      const platform = 'linux';
+      const distribution = new SapMachineDistribution({
+        version: jdkVersion,
+        architecture: arch,
+        packageType: 'jdk+fx',
+        checkLatest: false
+      });
+      mockPlatform(distribution, platform);
+      await expect(
+        distribution['findPackageForDownload'](jdkVersion)
+      ).rejects.toThrow(
+        'SapMachine provides only the `jdk` and `jre` package type'
+      );
+    });
+  });
+});

dist/cleanup/index.js

@@ -66943,6 +66943,132 @@ function onConnectTimeout (socket) {
 module.exports = buildConnector
 
 
+/***/ }),
+
+/***/ 4462:
+/***/ ((module) => {
+
+"use strict";
+
+
+/** @type {Record<string, string | undefined>} */
+const headerNameLowerCasedRecord = {}
+
+// https://developer.mozilla.org/docs/Web/HTTP/Headers
+const wellknownHeaderNames = [
+  'Accept',
+  'Accept-Encoding',
+  'Accept-Language',
+  'Accept-Ranges',
+  'Access-Control-Allow-Credentials',
+  'Access-Control-Allow-Headers',
+  'Access-Control-Allow-Methods',
+  'Access-Control-Allow-Origin',
+  'Access-Control-Expose-Headers',
+  'Access-Control-Max-Age',
+  'Access-Control-Request-Headers',
+  'Access-Control-Request-Method',
+  'Age',
+  'Allow',
+  'Alt-Svc',
+  'Alt-Used',
+  'Authorization',
+  'Cache-Control',
+  'Clear-Site-Data',
+  'Connection',
+  'Content-Disposition',
+  'Content-Encoding',
+  'Content-Language',
+  'Content-Length',
+  'Content-Location',
+  'Content-Range',
+  'Content-Security-Policy',
+  'Content-Security-Policy-Report-Only',
+  'Content-Type',
+  'Cookie',
+  'Cross-Origin-Embedder-Policy',
+  'Cross-Origin-Opener-Policy',
+  'Cross-Origin-Resource-Policy',
+  'Date',
+  'Device-Memory',
+  'Downlink',
+  'ECT',
+  'ETag',
+  'Expect',
+  'Expect-CT',
+  'Expires',
+  'Forwarded',
+  'From',
+  'Host',
+  'If-Match',
+  'If-Modified-Since',
+  'If-None-Match',
+  'If-Range',
+  'If-Unmodified-Since',
+  'Keep-Alive',
+  'Last-Modified',
+  'Link',
+  'Location',
+  'Max-Forwards',
+  'Origin',
+  'Permissions-Policy',
+  'Pragma',
+  'Proxy-Authenticate',
+  'Proxy-Authorization',
+  'RTT',
+  'Range',
+  'Referer',
+  'Referrer-Policy',
+  'Refresh',
+  'Retry-After',
+  'Sec-WebSocket-Accept',
+  'Sec-WebSocket-Extensions',
+  'Sec-WebSocket-Key',
+  'Sec-WebSocket-Protocol',
+  'Sec-WebSocket-Version',
+  'Server',
+  'Server-Timing',
+  'Service-Worker-Allowed',
+  'Service-Worker-Navigation-Preload',
+  'Set-Cookie',
+  'SourceMap',
+  'Strict-Transport-Security',
+  'Supports-Loading-Mode',
+  'TE',
+  'Timing-Allow-Origin',
+  'Trailer',
+  'Transfer-Encoding',
+  'Upgrade',
+  'Upgrade-Insecure-Requests',
+  'User-Agent',
+  'Vary',
+  'Via',
+  'WWW-Authenticate',
+  'X-Content-Type-Options',
+  'X-DNS-Prefetch-Control',
+  'X-Frame-Options',
+  'X-Permitted-Cross-Domain-Policies',
+  'X-Powered-By',
+  'X-Requested-With',
+  'X-XSS-Protection'
+]
+
+for (let i = 0; i < wellknownHeaderNames.length; ++i) {
+  const key = wellknownHeaderNames[i]
+  const lowerCasedKey = key.toLowerCase()
+  headerNameLowerCasedRecord[key] = headerNameLowerCasedRecord[lowerCasedKey] =
+    lowerCasedKey
+}
+
+// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
+Object.setPrototypeOf(headerNameLowerCasedRecord, null)
+
+module.exports = {
+  wellknownHeaderNames,
+  headerNameLowerCasedRecord
+}
+
+
 /***/ }),
 
 /***/ 8045:
@@ -67775,6 +67901,7 @@ const { InvalidArgumentError } = __nccwpck_require__(8045)
 const { Blob } = __nccwpck_require__(4300)
 const nodeUtil = __nccwpck_require__(3837)
 const { stringify } = __nccwpck_require__(3477)
+const { headerNameLowerCasedRecord } = __nccwpck_require__(4462)
 
 const [nodeMajor, nodeMinor] = process.versions.node.split('.').map(v => Number(v))
 
@@ -67984,6 +68111,15 @@ function parseKeepAliveTimeout (val) {
   return m ? parseInt(m[1], 10) * 1000 : null
 }
 
+/**
+ * Retrieves a header name and returns its lowercase value.
+ * @param {string | Buffer} value Header name
+ * @returns {string}
+ */
+function headerNameToString (value) {
+  return headerNameLowerCasedRecord[value] || value.toLowerCase()
+}
+
 function parseHeaders (headers, obj = {}) {
   // For H2 support
   if (!Array.isArray(headers)) return headers
@@ -68255,6 +68391,7 @@ module.exports = {
   isIterable,
   isAsyncIterable,
   isDestroyed,
+  headerNameToString,
   parseRawHeaders,
   parseHeaders,
   parseKeepAliveTimeout,
@@ -74902,14 +75039,18 @@ const { isBlobLike, toUSVString, ReadableStreamFrom } = __nccwpck_require__(3983
 const assert = __nccwpck_require__(9491)
 const { isUint8Array } = __nccwpck_require__(9830)
 
+let supportedHashes = []
+
 // https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
 /** @type {import('crypto')|undefined} */
 let crypto
 
 try {
   crypto = __nccwpck_require__(6113)
+  const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
+  supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
+/* c8 ignore next 3 */
 } catch {
-
 }
 
 function responseURL (response) {
@@ -75437,66 +75578,56 @@ function bytesMatch (bytes, metadataList) {
     return true
   }
 
-  // 3. If parsedMetadata is the empty set, return true.
+  // 3. If response is not eligible for integrity validation, return false.
+  // TODO
+
+  // 4. If parsedMetadata is the empty set, return true.
   if (parsedMetadata.length === 0) {
     return true
   }
 
-  // 4. Let metadata be the result of getting the strongest
+  // 5. Let metadata be the result of getting the strongest
   //    metadata from parsedMetadata.
-  const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo))
-  // get the strongest algorithm
-  const strongest = list[0].algo
-  // get all entries that use the strongest algorithm; ignore weaker
-  const metadata = list.filter((item) => item.algo === strongest)
+  const strongest = getStrongestMetadata(parsedMetadata)
+  const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)
 
-  // 5. For each item in metadata:
+  // 6. For each item in metadata:
   for (const item of metadata) {
     // 1. Let algorithm be the alg component of item.
     const algorithm = item.algo
 
     // 2. Let expectedValue be the val component of item.
-    let expectedValue = item.hash
+    const expectedValue = item.hash
 
     // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
     // "be liberal with padding". This is annoying, and it's not even in the spec.
 
-    if (expectedValue.endsWith('==')) {
-      expectedValue = expectedValue.slice(0, -2)
-    }
-
     // 3. Let actualValue be the result of applying algorithm to bytes.
     let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
 
-    if (actualValue.endsWith('==')) {
-      actualValue = actualValue.slice(0, -2)
+    if (actualValue[actualValue.length - 1] === '=') {
+      if (actualValue[actualValue.length - 2] === '=') {
+        actualValue = actualValue.slice(0, -2)
+      } else {
+        actualValue = actualValue.slice(0, -1)
+      }
     }
 
     // 4. If actualValue is a case-sensitive match for expectedValue,
     //    return true.
-    if (actualValue === expectedValue) {
-      return true
-    }
-
-    let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')
-
-    if (actualBase64URL.endsWith('==')) {
-      actualBase64URL = actualBase64URL.slice(0, -2)
-    }
-
-    if (actualBase64URL === expectedValue) {
+    if (compareBase64Mixed(actualValue, expectedValue)) {
       return true
     }
   }
 
-  // 6. Return false.
+  // 7. Return false.
   return false
 }
 
 // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
 // https://www.w3.org/TR/CSP2/#source-list-syntax
 // https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
-const parseHashWithOptions = /((?<algo>sha256|sha384|sha512)-(?<hash>[A-z0-9+/]{1}.*={0,2}))( +[\x21-\x7e]?)?/i
+const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i
 
 /**
  * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
@@ -75510,8 +75641,6 @@ function parseMetadata (metadata) {
   // 2. Let empty be equal to true.
   let empty = true
 
-  const supportedHashes = crypto.getHashes()
-
   // 3. For each token returned by splitting metadata on spaces:
   for (const token of metadata.split(' ')) {
     // 1. Set empty to false.
@@ -75521,7 +75650,11 @@ function parseMetadata (metadata) {
     const parsedToken = parseHashWithOptions.exec(token)
 
     // 3. If token does not parse, continue to the next token.
-    if (parsedToken === null || parsedToken.groups === undefined) {
+    if (
+      parsedToken === null ||
+      parsedToken.groups === undefined ||
+      parsedToken.groups.algo === undefined
+    ) {
       // Note: Chromium blocks the request at this point, but Firefox
       // gives a warning that an invalid integrity was given. The
       // correct behavior is to ignore these, and subsequently not
@@ -75530,11 +75663,11 @@ function parseMetadata (metadata) {
     }
 
     // 4. Let algorithm be the hash-algo component of token.
-    const algorithm = parsedToken.groups.algo
+    const algorithm = parsedToken.groups.algo.toLowerCase()
 
     // 5. If algorithm is a hash function recognized by the user
     //    agent, add the parsed token to result.
-    if (supportedHashes.includes(algorithm.toLowerCase())) {
+    if (supportedHashes.includes(algorithm)) {
       result.push(parsedToken.groups)
     }
   }
@@ -75547,6 +75680,82 @@ function parseMetadata (metadata) {
   return result
 }
 
+/**
+ * @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
+ */
+function getStrongestMetadata (metadataList) {
+  // Let algorithm be the algo component of the first item in metadataList.
+  // Can be sha256
+  let algorithm = metadataList[0].algo
+  // If the algorithm is sha512, then it is the strongest
+  // and we can return immediately
+  if (algorithm[3] === '5') {
+    return algorithm
+  }
+
+  for (let i = 1; i < metadataList.length; ++i) {
+    const metadata = metadataList[i]
+    // If the algorithm is sha512, then it is the strongest
+    // and we can break the loop immediately
+    if (metadata.algo[3] === '5') {
+      algorithm = 'sha512'
+      break
+    // If the algorithm is sha384, then a potential sha256 or sha384 is ignored
+    } else if (algorithm[3] === '3') {
+      continue
+    // algorithm is sha256, check if algorithm is sha384 and if so, set it as
+    // the strongest
+    } else if (metadata.algo[3] === '3') {
+      algorithm = 'sha384'
+    }
+  }
+  return algorithm
+}
+
+function filterMetadataListByAlgorithm (metadataList, algorithm) {
+  if (metadataList.length === 1) {
+    return metadataList
+  }
+
+  let pos = 0
+  for (let i = 0; i < metadataList.length; ++i) {
+    if (metadataList[i].algo === algorithm) {
+      metadataList[pos++] = metadataList[i]
+    }
+  }
+
+  metadataList.length = pos
+
+  return metadataList
+}
+
+/**
+ * Compares two base64 strings, allowing for base64url
+ * in the second string.
+ *
+* @param {string} actualValue always base64
+ * @param {string} expectedValue base64 or base64url
+ * @returns {boolean}
+ */
+function compareBase64Mixed (actualValue, expectedValue) {
+  if (actualValue.length !== expectedValue.length) {
+    return false
+  }
+  for (let i = 0; i < actualValue.length; ++i) {
+    if (actualValue[i] !== expectedValue[i]) {
+      if (
+        (actualValue[i] === '+' && expectedValue[i] === '-') ||
+        (actualValue[i] === '/' && expectedValue[i] === '_')
+      ) {
+        continue
+      }
+      return false
+    }
+  }
+
+  return true
+}
+
 // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
 function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
   // TODO
@@ -75962,7 +76171,8 @@ module.exports = {
   urlHasHttpsScheme,
   urlIsHttpHttpsScheme,
   readAllBytes,
-  normalizeMethodRecord
+  normalizeMethodRecord,
+  parseMetadata
 }
 
 
@@ -78049,12 +78259,17 @@ function parseLocation (statusCode, headers) {
 
 // https://tools.ietf.org/html/rfc7231#section-6.4.4
 function shouldRemoveHeader (header, removeContent, unknownOrigin) {
-  return (
-    (header.length === 4 && header.toString().toLowerCase() === 'host') ||
-    (removeContent && header.toString().toLowerCase().indexOf('content-') === 0) ||
-    (unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') ||
-    (unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie')
-  )
+  if (header.length === 4) {
+    return util.headerNameToString(header) === 'host'
+  }
+  if (removeContent && util.headerNameToString(header).startsWith('content-')) {
+    return true
+  }
+  if (unknownOrigin && (header.length === 13 || header.length === 6 || header.length === 19)) {
+    const name = util.headerNameToString(header)
+    return name === 'authorization' || name === 'cookie' || name === 'proxy-authorization'
+  }
+  return false
 }
 
 // https://tools.ietf.org/html/rfc7231#section-6.4

docs/advanced-usage.md

@@ -8,6 +8,7 @@
   - [Amazon Corretto](#Amazon-Corretto)
   - [Oracle](#Oracle)
   - [Alibaba Dragonwell](#Alibaba-Dragonwell)
+  - [SapMachine](#SapMachine)
   - [JetBrains](#JetBrains)
 - [Installing custom Java package type](#Installing-custom-Java-package-type)
 - [Installing custom Java architecture](#Installing-custom-Java-architecture)
@@ -143,6 +144,18 @@ steps:
 - run: java -cp java HelloWorldApp
 ```
 
+### SapMachine
+**NOTE:** An OpenJDK release maintained and supported by SAP
+```yaml
+steps:
+- uses: actions/checkout@v4
+- uses: actions/setup-java@v4
+  with:
+    distribution: 'sapmachine'
+    java-version: '21'
+- run: java -cp java HelloWorldApp
+```
+
 ### JetBrains
 **NOTE:** JetBrains only provides jdk and is only available for LTS versions 11 or later.
 
@@ -183,7 +196,6 @@ steps:
 - run: java -cp java HelloWorldApp
 ```
 
-
 ## Installing custom Java architecture
 
 ```yaml

src/distributions/distribution-factory.ts

@@ -10,6 +10,7 @@ import {SemeruDistribution} from './semeru/installer';
 import {CorrettoDistribution} from './corretto/installer';
 import {OracleDistribution} from './oracle/installer';
 import {DragonwellDistribution} from './dragonwell/installer';
+import {SapMachineDistribution} from './sapmachine/installer';
 import {JetBrainsDistribution} from "./jetbrains/installer";
 
 enum JavaDistribution {
@@ -25,7 +26,8 @@ enum JavaDistribution {
   Corretto = 'corretto',
   Oracle = 'oracle',
   Dragonwell = 'dragonwell',
-  JetBrains = 'jetbrains',
+  SapMachine = 'sapmachine',
+  JetBrains = 'jetbrains'
 }
 
 export function getJavaDistribution(
@@ -66,6 +68,8 @@ export function getJavaDistribution(
       return new OracleDistribution(installerOptions);
     case JavaDistribution.Dragonwell:
       return new DragonwellDistribution(installerOptions);
+    case JavaDistribution.SapMachine:
+      return new SapMachineDistribution(installerOptions);
     case JavaDistribution.JetBrains:
       return new JetBrainsDistribution(installerOptions);
     default:

src/distributions/sapmachine/installer.ts

@@ -0,0 +1,268 @@
+import * as core from '@actions/core';
+import * as tc from '@actions/tool-cache';
+import semver from 'semver';
+import fs from 'fs';
+import {OutgoingHttpHeaders} from 'http';
+import path from 'path';
+import {
+  convertVersionToSemver,
+  extractJdkFile,
+  getDownloadArchiveExtension,
+  getGitHubHttpHeaders,
+  isVersionSatisfies
+} from '../../util';
+import {JavaBase} from '../base-installer';
+import {
+  JavaDownloadRelease,
+  JavaInstallerOptions,
+  JavaInstallerResults
+} from '../base-models';
+import {ISapMachineAllVersions, ISapMachineVersions} from './models';
+
+export class SapMachineDistribution extends JavaBase {
+  constructor(installerOptions: JavaInstallerOptions) {
+    super('SapMachine', installerOptions);
+  }
+
+  protected async findPackageForDownload(
+    version: string
+  ): Promise<JavaDownloadRelease> {
+    core.debug(`Only stable versions: ${this.stable}`);
+
+    if (!['jdk', 'jre'].includes(this.packageType)) {
+      throw new Error(
+        'SapMachine provides only the `jdk` and `jre` package type'
+      );
+    }
+
+    const availableVersions = await this.getAvailableVersions();
+
+    const matchedVersions = availableVersions
+      .filter(item => {
+        return isVersionSatisfies(version, item.version);
+      })
+      .map(item => {
+        return {
+          version: item.version,
+          url: item.downloadLink
+        } as JavaDownloadRelease;
+      });
+
+    if (!matchedVersions.length) {
+      throw new Error(
+        `Couldn't find any satisfied version for the specified java-version: "${version}" and architecture: "${this.architecture}".`
+      );
+    }
+
+    const resolvedVersion = matchedVersions[0];
+    return resolvedVersion;
+  }
+
+  private async getAvailableVersions(): Promise<ISapMachineVersions[]> {
+    const platform = this.getPlatformOption();
+    const arch = this.distributionArchitecture();
+
+    let fetchedReleasesJson = await this.fetchReleasesFromUrl(
+      'https://sap.github.io/SapMachine/assets/data/sapmachine-releases-all.json'
+    );
+
+    if (!fetchedReleasesJson) {
+      fetchedReleasesJson = await this.fetchReleasesFromUrl(
+        'https://api.github.com/repos/SAP/SapMachine/contents/assets/data/sapmachine-releases-all.json?ref=gh-pages',
+        getGitHubHttpHeaders()
+      );
+    }
+
+    if (!fetchedReleasesJson) {
+      throw new Error(
+        `Couldn't fetch SapMachine versions information from both primary and backup urls`
+      );
+    }
+
+    core.debug(
+      'Successfully fetched information about available SapMachine versions'
+    );
+
+    const availableVersions = this.parseVersions(
+      platform,
+      arch,
+      fetchedReleasesJson
+    );
+
+    if (core.isDebug()) {
+      core.startGroup('Print information about available versions');
+      core.debug(availableVersions.map(item => item.version).join(', '));
+      core.endGroup();
+    }
+
+    return availableVersions;
+  }
+
+  protected async downloadTool(
+    javaRelease: JavaDownloadRelease
+  ): Promise<JavaInstallerResults> {
+    core.info(
+      `Downloading Java ${javaRelease.version} (${this.distribution}) from ${javaRelease.url} ...`
+    );
+    const javaArchivePath = await tc.downloadTool(javaRelease.url);
+
+    core.info(`Extracting Java archive...`);
+
+    const extractedJavaPath = await extractJdkFile(
+      javaArchivePath,
+      getDownloadArchiveExtension()
+    );
+
+    const archiveName = fs.readdirSync(extractedJavaPath)[0];
+    const archivePath = path.join(extractedJavaPath, archiveName);
+    const version = this.getToolcacheVersionName(javaRelease.version);
+
+    const javaPath = await tc.cacheDir(
+      archivePath,
+      this.toolcacheFolderName,
+      version,
+      this.architecture
+    );
+
+    return {version: javaRelease.version, path: javaPath};
+  }
+
+  private parseVersions(
+    platform: string,
+    arch: string,
+    versions: ISapMachineAllVersions
+  ): ISapMachineVersions[] {
+    const eligibleVersions: ISapMachineVersions[] = [];
+
+    for (const [, majorVersionMap] of Object.entries(versions)) {
+      for (const [, jdkVersionMap] of Object.entries(majorVersionMap.updates)) {
+        for (const [buildVersion, buildVersionMap] of Object.entries(
+          jdkVersionMap
+        )) {
+          let buildVersionWithoutPrefix = buildVersion.replace(
+            'sapmachine-',
+            ''
+          );
+          if (!buildVersionWithoutPrefix.includes('.')) {
+            // replace major version with major.minor.patch and keep the remaining build identifier after the + as is with regex
+            buildVersionWithoutPrefix = buildVersionWithoutPrefix.replace(
+              /(\d+)(\+.*)?/,
+              '$1.0.0$2'
+            );
+          }
+          // replace + with . to convert to semver format if we have more than 3 version digits
+          if (buildVersionWithoutPrefix.split('.').length > 3) {
+            buildVersionWithoutPrefix = buildVersionWithoutPrefix.replace(
+              '+',
+              '.'
+            );
+          }
+          buildVersionWithoutPrefix = convertVersionToSemver(
+            buildVersionWithoutPrefix
+          );
+
+          // ignore invalid version
+          if (!semver.valid(buildVersionWithoutPrefix)) {
+            core.debug(`Invalid version: ${buildVersionWithoutPrefix}`);
+            continue;
+          }
+
+          // skip earlyAccessVersions if stable version requested
+          if (this.stable && buildVersionMap.ea === 'true') {
+            continue;
+          }
+
+          for (const [edition, editionAssets] of Object.entries(
+            buildVersionMap.assets
+          )) {
+            if (this.packageType !== edition) {
+              continue;
+            }
+            for (const [archAndPlatForm, archAssets] of Object.entries(
+              editionAssets
+            )) {
+              let expectedArchAndPlatform = `${platform}-${arch}`;
+              if (platform === 'linux-musl') {
+                expectedArchAndPlatform = `linux-${arch}-musl`;
+              }
+              if (archAndPlatForm !== expectedArchAndPlatform) {
+                continue;
+              }
+              for (const [contentType, contentTypeAssets] of Object.entries(
+                archAssets
+              )) {
+                // skip if not tar.gz and zip files
+                if (contentType !== 'tar.gz' && contentType !== 'zip') {
+                  continue;
+                }
+                eligibleVersions.push({
+                  os: platform,
+                  architecture: arch,
+                  version: buildVersionWithoutPrefix,
+                  checksum: contentTypeAssets.checksum,
+                  downloadLink: contentTypeAssets.url,
+                  packageType: edition
+                });
+              }
+            }
+          }
+        }
+      }
+    }
+
+    const sortedVersions = this.sortParsedVersions(eligibleVersions);
+
+    return sortedVersions;
+  }
+
+  // Sorts versions in descending order as by default data in JSON isn't sorted
+  private sortParsedVersions(
+    eligibleVersions: ISapMachineVersions[]
+  ): ISapMachineVersions[] {
+    const sortedVersions = eligibleVersions.sort((versionObj1, versionObj2) => {
+      const version1 = versionObj1.version;
+      const version2 = versionObj2.version;
+      return semver.compareBuild(version1, version2);
+    });
+    return sortedVersions.reverse();
+  }
+
+  private getPlatformOption(): string {
+    switch (process.platform) {
+      case 'win32':
+        return 'windows';
+      case 'darwin':
+        return 'macos';
+      case 'linux':
+        // figure out if alpine/musl
+        if (fs.existsSync('/etc/alpine-release')) {
+          return 'linux-musl';
+        }
+        return 'linux';
+      default:
+        return process.platform;
+    }
+  }
+
+  private async fetchReleasesFromUrl(
+    url: string,
+    headers: OutgoingHttpHeaders = {}
+  ): Promise<ISapMachineAllVersions | null> {
+    try {
+      core.debug(
+        `Trying to fetch available SapMachine versions info from the primary url: ${url}`
+      );
+      const releases = (
+        await this.http.getJson<ISapMachineAllVersions>(url, headers)
+      ).result;
+      return releases;
+    } catch (err) {
+      core.debug(
+        `Fetching SapMachine versions info from the link: ${url} ended up with the error: ${
+          (err as Error).message
+        }`
+      );
+      return null;
+    }
+  }
+}

src/distributions/sapmachine/models.ts

@@ -0,0 +1,33 @@
+export interface ISapMachineAllVersions {
+  [major: string]: {
+    lts: string;
+    updates: {
+      [full_version: string]: {
+        [sapmachineBuild: string]: {
+          release_url: string;
+          ea: string;
+          assets: {
+            [packageType: string]: {
+              [arch: string]: {
+                [content_type: string]: {
+                  name: string;
+                  checksum: string;
+                  url: string;
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
+
+export interface ISapMachineVersions {
+  os: string;
+  architecture: string;
+  version: string;
+  checksum: string;
+  downloadLink: string;
+  packageType: string;
+}