Merge branch 'main' into feature/maven-args-no-transfer-progress

dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#1059 )
- installer: surface a clear error when the GraalVM Community releases listing is not a JSON array, instead of silently treating an error payload (rate limit, auth failure, etc.) as "no releases" which later surfaced as a misleading "version not found" error. - docs: fix the GraalVM Community advanced-usage example to check the installed binary versions (java/native-image --version) rather than running a non-existent HelloWorldApp classpath that fails when copied. - tests: cover the new non-array release listing error path. Rebuilt dist bundle. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-24 00:39:42 +00:00 · 2026-06-23 13:39:59 -04:00 · 2026-06-23 13:37:44 -04:00 · 2026-06-23 13:23:45 -04:00 · 2026-06-23 13:19:27 -04:00 · 2026-06-23 18:10:17 +01:00
25 changed files with 1075 additions and 79 deletions
@@ -11,6 +11,9 @@ on:
    paths-ignore:
      - '**.md'

+permissions:
+  contents: read
+
 jobs:
  call-basic-validation:
    name: Basic validation
@@ -11,6 +11,9 @@ on:
      - '**.md'
  workflow_dispatch:

+permissions:
+  contents: read
+
 jobs:
  call-check-dist:
    name: Check dist/
@@ -8,6 +8,8 @@ on:
  schedule:
    - cron: '0 3 * * 0'

+permissions: {}
+
 jobs:
  call-codeQL-analysis:
    permissions:
@@ -11,6 +11,9 @@ on:
    paths-ignore:
      - '**.md'

+permissions:
+  contents: read
+
 defaults:
  run:
    shell: bash
@@ -25,6 +28,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for gradle
        uses: ./
        id: setup-java
@@ -52,6 +57,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for gradle
        uses: ./
        id: setup-java
@@ -77,6 +84,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for gradle
        uses: ./
        id: setup-java
@@ -11,6 +11,9 @@ on:
    paths-ignore:
      - '**.md'

+permissions:
+  contents: read
+
 defaults:
  run:
    shell: bash
@@ -25,6 +28,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for gradle
        uses: ./
        id: setup-java
@@ -51,6 +56,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for gradle
        uses: ./
        id: setup-java
@@ -74,6 +81,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for maven
        uses: ./
        id: setup-java
@@ -98,6 +107,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for maven
        uses: ./
        id: setup-java
@@ -125,6 +136,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for sbt
        uses: ./
        id: setup-java
@@ -175,6 +188,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Run setup-java with the cache for sbt
        uses: ./
        id: setup-java
@@ -11,6 +11,9 @@ on:
    paths-ignore:
      - '**.md'

+permissions:
+  contents: read
+
 jobs:
  setup-java-local-file-adopt:
    name: Validate installation from local file Adopt
@@ -22,6 +25,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Download Adopt OpenJDK file
        run: |
          if ($IsLinux) {
@@ -46,7 +51,9 @@ jobs:
          java-version: '11.0.0-ea'
          architecture: x64
      - name: Verify Java version
-        run: bash __tests__/verify-java.sh "11.0.10" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11.0.10" "$JAVA_PATH"
        shell: bash

  setup-java-local-file-zulu:
@@ -59,6 +66,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Download Zulu OpenJDK file
        run: |
          if ($IsLinux) {
@@ -83,7 +92,9 @@ jobs:
          java-version: '11.0.0-ea'
          architecture: x64
      - name: Verify Java version
-        run: bash __tests__/verify-java.sh "11.0" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11.0" "$JAVA_PATH"
        shell: bash

  setup-java-local-file-temurin:
@@ -96,6 +107,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Download Eclipse Temurin file
        run: |
          if ($IsLinux) {
@@ -120,5 +133,7 @@ jobs:
          java-version: '11.0.0-ea'
          architecture: x64
      - name: Verify Java version
-        run: bash __tests__/verify-java.sh "11.0.12" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11.0.12" "$JAVA_PATH"
        shell: bash
@@ -11,6 +11,9 @@ on:
    paths-ignore:
      - '**.md'

+permissions:
+  contents: read
+
 defaults:
  run:
    shell: pwsh
@@ -26,6 +29,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -61,6 +66,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Create fake settings.xml
        run: |
          $xmlDirectory = Join-Path $HOME ".m2"
@@ -97,6 +104,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Create fake settings.xml
        run: |
          $xmlDirectory = Join-Path $HOME ".m2"
@@ -134,6 +143,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -13,6 +13,10 @@ on:
  schedule:
    - cron: '0 */12 * * *'
  workflow_dispatch:
+
+permissions:
+  contents: read
+
 jobs:
  setup-java-major-versions:
    name: ${{ matrix.distribution }} ${{ matrix.version }} (jdk-x64) - ${{ matrix.os }}
@@ -74,6 +78,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -83,14 +89,17 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
        shell: bash

  setup-java-alpine-linux:
    name: ${{ matrix.distribution }} ${{ matrix.version }} (jdk-x64) - alpine-linux - ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    container:
-      image: alpine:latest
+      image: alpine:3.21
    strategy:
      fail-fast: false
      matrix:
@@ -100,6 +109,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Install bash
        run: apk add --no-cache bash
      - name: setup-java
@@ -109,7 +120,10 @@ jobs:
          java-version: ${{ matrix.version }}
          distribution: ${{ matrix.distribution }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
        shell: bash

  setup-java-major-minor-versions:
@@ -150,6 +164,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -157,10 +173,12 @@ jobs:
          java-version: ${{ matrix.version }}
          distribution: ${{ matrix.distribution }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
-        shell: bash
        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
+        shell: bash

  setup-java-check-latest:
    name: ${{ matrix.distribution }} ${{ matrix.version }} - check-latest flag - ${{ matrix.os }}
@@ -185,6 +203,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -195,7 +215,9 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "11" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11" "$JAVA_PATH"
        shell: bash

  setup-java-multiple-jdks:
@@ -221,6 +243,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -245,7 +269,9 @@ jobs:
          }
        shell: pwsh
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "17" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "17" "$JAVA_PATH"
        shell: bash

  setup-java-ea-versions-zulu:
@@ -260,6 +286,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -267,7 +295,10 @@ jobs:
          java-version: ${{ matrix.version }}
          distribution: zulu
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
        shell: bash

  setup-java-ea-versions-temurin:
@@ -282,6 +313,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -289,7 +322,10 @@ jobs:
          java-version: ${{ matrix.version }}
          distribution: temurin
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
        shell: bash

  setup-java-ea-versions-sapmachine:
@@ -304,6 +340,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -311,7 +349,10 @@ jobs:
          java-version: ${{ matrix.version }}
          distribution: sapmachine
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
        shell: bash

  setup-java-custom-package-type:
@@ -391,6 +432,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -401,7 +444,10 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
        shell: bash

  # Only Liberica and Zulu provide x86
@@ -419,6 +465,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: setup-java
        uses: ./
        id: setup-java
@@ -427,7 +475,10 @@ jobs:
          java-version: ${{ matrix.version }}
          architecture: 'x86'
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "${{ matrix.version }}" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_VERSION: ${{ matrix.version }}
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "$JAVA_VERSION" "$JAVA_PATH"
        shell: bash

  setup-java-version-both-version-inputs-presents:
@@ -442,6 +493,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Create .java-version file
        shell: bash
        run: echo "17" > .java-version
@@ -456,7 +509,9 @@ jobs:
          java-version: 11
          java-version-file: ${{matrix.java-version-file }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "11" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11" "$JAVA_PATH"
        shell: bash

  setup-java-version-from-file-major-notation:
@@ -471,6 +526,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Create .java-version file
        shell: bash
        run: echo "11" > .java-version
@@ -484,7 +541,9 @@ jobs:
          distribution: ${{ matrix.distribution }}
          java-version-file: ${{matrix.java-version-file }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "11" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "11" "$JAVA_PATH"
        shell: bash

  setup-java-version-from-file-major-minor-patch-notation:
@@ -499,6 +558,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Create .java-version file
        shell: bash
        run: echo "17.0.10" > .java-version
@@ -512,7 +573,9 @@ jobs:
          distribution: ${{ matrix.distribution }}
          java-version-file: ${{matrix.java-version-file }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "17.0.10" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "17.0.10" "$JAVA_PATH"
        shell: bash

  setup-java-version-from-file-major-minor-patch-with-dist:
@@ -527,6 +590,8 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Create .java-version file
        shell: bash
        run: echo "openjdk64-17.0.10" > .java-version
@@ -543,5 +608,7 @@ jobs:
          distribution: ${{ matrix.distribution }}
          java-version-file: ${{matrix.java-version-file }}
      - name: Verify Java
-        run: bash __tests__/verify-java.sh "17.0.10" "${{ steps.setup-java.outputs.path }}"
+        env:
+          JAVA_PATH: ${{ steps.setup-java.outputs.path }}
+        run: bash __tests__/verify-java.sh "17.0.10" "$JAVA_PATH"
        shell: bash
@@ -9,6 +9,9 @@ on:
      - main
  workflow_dispatch:

+permissions:
+  contents: read
+
 jobs:
  call-licensed:
    name: Licensed
@@ -5,6 +5,8 @@ on:
    types: [released]
  workflow_dispatch:

+permissions: {}
+
 jobs:
  publish:
    runs-on: ubuntu-latest
@@ -16,6 +18,8 @@ jobs:
    steps:
      - name: Checking out
        uses: actions/checkout@v7
+        with:
+          persist-credentials: false
      - name: Publish
        id: publish
        uses: actions/publish-immutable-action@v0.0.4
@@ -5,7 +5,12 @@ on:
    - cron: '0 3 * * 0'
  workflow_dispatch:

+permissions: {}
+
 jobs:
  call-update-configuration-files:
    name: Update configuration files
+    permissions:
+      contents: write # to push the branch with updated configuration files
+      pull-requests: write # to open/update the configuration update PR
    uses: actions/reusable-workflows/.github/workflows/update-config-files.yml@main
@@ -0,0 +1,48 @@
+name: Security analysis with zizmor
+
+on:
+  push:
+    branches:
+      - main
+      - releases/*
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: Analyze workflows with zizmor
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write # to upload SARIF results to code scanning
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install zizmor
+        run: pip install zizmor
+
+      - name: Run zizmor
+        run: zizmor --format sarif .github/workflows/ > zizmor.sarif
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload SARIF results to code scanning
+        if: always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: zizmor.sarif
+          category: zizmor
@@ -0,0 +1,11 @@
+# Configuration for zizmor (https://docs.zizmor.sh)
+rules:
+  unpinned-uses:
+    config:
+      # First-party GitHub-maintained actions are trusted and referenced by
+      # major-version tags (the convention used across the actions org).
+      # Any third-party action must be pinned to a full commit SHA.
+      policies:
+        actions/*: ref-pin
+        github/*: ref-pin
+        '*': hash-pin
@@ -112,6 +112,7 @@ Currently, the following distributions are supported:
 | `dragonwell` | [Alibaba Dragonwell JDK](https://dragonwell-jdk.io/) | [`dragonwell` license](https://www.aliyun.com/product/dragonwell/)
 | `sapmachine` | [SAP SapMachine JDK/JRE](https://sapmachine.io/) | [`sapmachine` license](https://github.com/SAP/SapMachine/blob/sapmachine/LICENSE)
 | `graalvm` | [Oracle GraalVM](https://www.graalvm.org/) | [`graalvm` license](https://www.oracle.com/downloads/licenses/graal-free-license.html)
+| `graalvm-community` | [GraalVM Community](https://github.com/graalvm/graalvm-ce-builds/releases) | [`graalvm-community` license](https://github.com/oracle/graal/blob/master/LICENSE)
 | `jetbrains` | [JetBrains Runtime](https://github.com/JetBrains/JetBrainsRuntime/) | [`jetbrains` license](https://github.com/JetBrains/JetBrainsRuntime/blob/main/LICENSE)
 | `jdkfile` | Custom JDK Installation | |

@@ -120,6 +121,7 @@ Currently, the following distributions are supported:
 > - AdoptOpenJDK got moved to Eclipse Temurin and won't be updated anymore. It is highly recommended to migrate workflows from `adopt` and `adopt-openj9`, to `temurin` and `semeru` respectively, to keep receiving software and security updates. See more details in the [Good-bye AdoptOpenJDK post](https://blog.adoptopenjdk.net/2021/08/goodbye-adoptopenjdk-hello-adoptium/).
 > - For Azul Zulu OpenJDK architectures x64 and arm64 are mapped to x86 / arm with proper hw_bitness.
 > - To comply with the GraalVM Free Terms and Conditions (GFTC) license, it is recommended to use GraalVM JDK 17 version 17.0.12, as this is the only version of GraalVM JDK 17 available under the GFTC license. Additionally, it is encouraged to consider upgrading to GraalVM JDK 21, which offers the latest features and improvements.
+> - GraalVM Community is available as `distribution: 'graalvm-community'` for stable JDK 17 and later releases published on GitHub.

 **NOTE:** Oracle JDK 17 licensing varies by patch level. As shown on the [JDK 17 Archive](https://www.oracle.com/java/technologies/javase/jdk17-archive-downloads.html) (versions up to 17.0.12 are under the [NFTC](https://www.oracle.com/downloads/licenses/no-fee-license.html) license) and the [JDK 17.0.13+ Archive](https://www.oracle.com/java/technologies/javase/jdk17-0-13-later-archive-downloads.html) (versions 17.0.13 and later are under the [OTN](https://www.oracle.com/downloads/licenses/javase-license1.html) license). To stay on the free NFTC license, use `distribution: 'oracle'` with `java-version: '17.0.12'` (or earlier) instead of the floating `'17'`. Alternatively, upgrade to Oracle JDK 21+, which remains under the NFTC license.

@@ -3,7 +3,11 @@ import * as tc from '@actions/tool-cache';
 import * as http from '@actions/http-client';
 import fs from 'fs';
 import path from 'path';
-import {GraalVMDistribution} from '../../src/distributions/graalvm/installer';
+import {
+  GraalVMCommunityDistribution,
+  GraalVMDistribution
+} from '../../src/distributions/graalvm/installer';
+import {getJavaDistribution} from '../../src/distributions/distribution-factory';
 import {JavaInstallerOptions} from '../../src/distributions/base-models';
 import * as util from '../../src/util';

@@ -41,6 +45,7 @@ beforeAll(() => {

 describe('GraalVMDistribution', () => {
  let distribution: GraalVMDistribution;
+  let communityDistribution: GraalVMCommunityDistribution;
  let mockHttpClient: jest.Mocked<http.HttpClient>;
  let spyCoreError: jest.SpyInstance;

@@ -55,9 +60,11 @@ describe('GraalVMDistribution', () => {
    jest.clearAllMocks();

    distribution = new GraalVMDistribution(defaultOptions);
+    communityDistribution = new GraalVMCommunityDistribution(defaultOptions);

    mockHttpClient = new http.HttpClient() as jest.Mocked<http.HttpClient>;
    (distribution as any).http = mockHttpClient;
+    (communityDistribution as any).http = mockHttpClient;

    (util.getDownloadArchiveExtension as jest.Mock).mockReturnValue('tar.gz');

@@ -242,6 +249,23 @@ describe('GraalVMDistribution', () => {
        path: '/cached/java/path'
      });
    });
+
+    it('should use a dedicated toolcache folder for GraalVM Community', async () => {
+      const result = await (communityDistribution as any).downloadTool(
+        javaRelease
+      );
+
+      expect(tc.cacheDir).toHaveBeenCalledWith(
+        path.join('/tmp/extracted', 'graalvm-jdk-17.0.5'),
+        'Java_GraalVM_Community_jdk',
+        '17.0.5',
+        'x64'
+      );
+      expect(result).toEqual({
+        version: '17.0.5',
+        path: '/cached/java/path'
+      });
+    });
  });

  describe('findPackageForDownload', () => {
@@ -948,5 +972,121 @@ describe('GraalVMDistribution', () => {
        configurable: true
      });
    });
+
+    describe('GraalVMCommunityDistribution', () => {
+      beforeEach(() => {
+        jest
+          .spyOn(communityDistribution, 'getPlatform')
+          .mockReturnValue('linux');
+      });
+
+      it('should resolve an exact GraalVM Community version from GitHub releases', async () => {
+        mockHttpClient.getJson.mockResolvedValue({
+          result: [
+            {
+              draft: false,
+              prerelease: false,
+              assets: [
+                {
+                  name: 'graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz',
+                  browser_download_url:
+                    'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz'
+                }
+              ]
+            }
+          ],
+          statusCode: 200,
+          headers: {}
+        });
+
+        const result = await (
+          communityDistribution as any
+        ).findPackageForDownload('21.0.2');
+
+        expect(result).toEqual({
+          url: 'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz',
+          version: '21.0.2'
+        });
+      });
+
+      it('should resolve the latest GraalVM Community release for a major version', async () => {
+        mockHttpClient.getJson.mockResolvedValue({
+          result: [
+            {
+              draft: false,
+              prerelease: false,
+              assets: [
+                {
+                  name: 'graalvm-community-jdk-21.0.1_linux-x64_bin.tar.gz',
+                  browser_download_url:
+                    'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.1/graalvm-community-jdk-21.0.1_linux-x64_bin.tar.gz'
+                }
+              ]
+            },
+            {
+              draft: false,
+              prerelease: false,
+              assets: [
+                {
+                  name: 'graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz',
+                  browser_download_url:
+                    'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz'
+                }
+              ]
+            }
+          ],
+          statusCode: 200,
+          headers: {}
+        });
+
+        const result = await (
+          communityDistribution as any
+        ).findPackageForDownload('21');
+
+        expect(result).toEqual({
+          url: 'https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-21.0.2/graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz',
+          version: '21.0.2'
+        });
+      });
+
+      it('should reject GraalVM Community early access requests', async () => {
+        (communityDistribution as any).stable = false;
+
+        await expect(
+          (communityDistribution as any).findPackageForDownload('23')
+        ).rejects.toThrow(
+          'GraalVM Community does not provide early access builds'
+        );
+      });
+
+      it('should surface an error when the releases listing is not an array', async () => {
+        mockHttpClient.getJson.mockResolvedValue({
+          result: {message: 'API rate limit exceeded'},
+          statusCode: 403,
+          headers: {}
+        });
+
+        await expect(
+          (communityDistribution as any).findPackageForDownload('21')
+        ).rejects.toThrow(
+          /Unexpected response while listing GraalVM Community releases.*HTTP status code: 403/s
+        );
+      });
+    });
+  });
+});
+
+describe('distribution factory', () => {
+  const defaultOptions: JavaInstallerOptions = {
+    version: '17',
+    architecture: 'x64',
+    packageType: 'jdk',
+    checkLatest: false
+  };
+
+  it('should map graalvm-community to the community installer', () => {
+    const community = getJavaDistribution('graalvm-community', defaultOptions);
+
+    expect(community).toBeInstanceOf(GraalVMCommunityDistribution);
  });
 });
@@ -0,0 +1,104 @@
+import * as core from '@actions/core';
+
+import {configureMavenArgs} from '../src/maven-args';
+import {
+  INPUT_SHOW_DOWNLOAD_PROGRESS,
+  MAVEN_ARGS_ENV,
+  MAVEN_NO_TRANSFER_PROGRESS_FLAG
+} from '../src/constants';
+
+describe('configureMavenArgs', () => {
+  let inputs: Record<string, string>;
+  let spyGetInput: jest.SpyInstance;
+  let spyExportVariable: jest.SpyInstance;
+  let spyInfo: jest.SpyInstance;
+  let spyDebug: jest.SpyInstance;
+  const originalMavenArgs = process.env[MAVEN_ARGS_ENV];
+
+  beforeEach(() => {
+    inputs = {};
+
+    spyGetInput = jest.spyOn(core, 'getInput');
+    spyGetInput.mockImplementation((name: string) => inputs[name] ?? '');
+
+    spyExportVariable = jest.spyOn(core, 'exportVariable');
+    spyExportVariable.mockImplementation((name: string, value: string) => {
+      process.env[name] = value;
+    });
+
+    spyInfo = jest.spyOn(core, 'info');
+    spyInfo.mockImplementation(() => undefined);
+
+    spyDebug = jest.spyOn(core, 'debug');
+    spyDebug.mockImplementation(() => undefined);
+
+    delete process.env[MAVEN_ARGS_ENV];
+  });
+
+  afterEach(() => {
+    jest.restoreAllMocks();
+    if (originalMavenArgs === undefined) {
+      delete process.env[MAVEN_ARGS_ENV];
+    } else {
+      process.env[MAVEN_ARGS_ENV] = originalMavenArgs;
+    }
+  });
+
+  it('sets MAVEN_ARGS with -ntp by default', () => {
+    configureMavenArgs();
+
+    expect(spyExportVariable).toHaveBeenCalledWith(
+      MAVEN_ARGS_ENV,
+      MAVEN_NO_TRANSFER_PROGRESS_FLAG
+    );
+    expect(process.env[MAVEN_ARGS_ENV]).toBe(MAVEN_NO_TRANSFER_PROGRESS_FLAG);
+  });
+
+  it('does not modify MAVEN_ARGS when show-download-progress is true', () => {
+    inputs[INPUT_SHOW_DOWNLOAD_PROGRESS] = 'true';
+
+    configureMavenArgs();
+
+    expect(spyExportVariable).not.toHaveBeenCalled();
+    expect(process.env[MAVEN_ARGS_ENV]).toBeUndefined();
+  });
+
+  it('preserves an existing MAVEN_ARGS value and appends -ntp', () => {
+    process.env[MAVEN_ARGS_ENV] = '-B -Dstyle.color=always';
+
+    configureMavenArgs();
+
+    expect(spyExportVariable).toHaveBeenCalledWith(
+      MAVEN_ARGS_ENV,
+      `-B -Dstyle.color=always ${MAVEN_NO_TRANSFER_PROGRESS_FLAG}`
+    );
+  });
+
+  it('does not duplicate the flag when -ntp is already present', () => {
+    process.env[MAVEN_ARGS_ENV] = '-B -ntp';
+
+    configureMavenArgs();
+
+    expect(spyExportVariable).not.toHaveBeenCalled();
+    expect(process.env[MAVEN_ARGS_ENV]).toBe('-B -ntp');
+  });
+
+  it('does not duplicate the flag when --no-transfer-progress is already present', () => {
+    process.env[MAVEN_ARGS_ENV] = '--no-transfer-progress -B';
+
+    configureMavenArgs();
+
+    expect(spyExportVariable).not.toHaveBeenCalled();
+    expect(process.env[MAVEN_ARGS_ENV]).toBe('--no-transfer-progress -B');
+  });
+
+  it('keeps the existing MAVEN_ARGS when show-download-progress is true', () => {
+    inputs[INPUT_SHOW_DOWNLOAD_PROGRESS] = 'true';
+    process.env[MAVEN_ARGS_ENV] = '-B';
+
+    configureMavenArgs();
+
+    expect(spyExportVariable).not.toHaveBeenCalled();
+    expect(process.env[MAVEN_ARGS_ENV]).toBe('-B');
+  });
+});
@@ -75,6 +75,10 @@ inputs:
  mvn-toolchain-vendor:
    description: 'Name of Maven Toolchain Vendor if the default name of "${distribution}" is not wanted. See examples of supported syntax in Advanced Usage file'
    required: false
+  show-download-progress:
+    description: 'Whether Maven should print artifact download/transfer progress to the build log. When "false" (default) the action sets "-ntp" (--no-transfer-progress) in MAVEN_ARGS to produce cleaner logs. Set to "true" to keep the progress output. Has no effect on non-Maven builds.'
+    required: false
+    default: false
 outputs:
  distribution:
    description: 'Distribution of Java that has been installed'
@@ -52241,7 +52241,7 @@ else {
 "use strict";

 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
+exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.MAVEN_NO_TRANSFER_PROGRESS_LONG_FLAG = exports.MAVEN_NO_TRANSFER_PROGRESS_FLAG = exports.MAVEN_ARGS_ENV = exports.INPUT_SHOW_DOWNLOAD_PROGRESS = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
 exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
 exports.INPUT_JAVA_VERSION = 'java-version';
 exports.INPUT_JAVA_VERSION_FILE = 'java-version-file';
@@ -52268,6 +52268,10 @@ exports.MVN_SETTINGS_FILE = 'settings.xml';
 exports.MVN_TOOLCHAINS_FILE = 'toolchains.xml';
 exports.INPUT_MVN_TOOLCHAIN_ID = 'mvn-toolchain-id';
 exports.INPUT_MVN_TOOLCHAIN_VENDOR = 'mvn-toolchain-vendor';
+exports.INPUT_SHOW_DOWNLOAD_PROGRESS = 'show-download-progress';
+exports.MAVEN_ARGS_ENV = 'MAVEN_ARGS';
+exports.MAVEN_NO_TRANSFER_PROGRESS_FLAG = '-ntp';
+exports.MAVEN_NO_TRANSFER_PROGRESS_LONG_FLAG = '--no-transfer-progress';
 exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = ['corretto'];


@@ -78000,7 +78000,7 @@ function isProbablyGradleDaemonProblem(packageManager, error) {
 "use strict";

 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
+exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.MAVEN_NO_TRANSFER_PROGRESS_LONG_FLAG = exports.MAVEN_NO_TRANSFER_PROGRESS_FLAG = exports.MAVEN_ARGS_ENV = exports.INPUT_SHOW_DOWNLOAD_PROGRESS = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
 exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
 exports.INPUT_JAVA_VERSION = 'java-version';
 exports.INPUT_JAVA_VERSION_FILE = 'java-version-file';
@@ -78027,6 +78027,10 @@ exports.MVN_SETTINGS_FILE = 'settings.xml';
 exports.MVN_TOOLCHAINS_FILE = 'toolchains.xml';
 exports.INPUT_MVN_TOOLCHAIN_ID = 'mvn-toolchain-id';
 exports.INPUT_MVN_TOOLCHAIN_VENDOR = 'mvn-toolchain-vendor';
+exports.INPUT_SHOW_DOWNLOAD_PROGRESS = 'show-download-progress';
+exports.MAVEN_ARGS_ENV = 'MAVEN_ARGS';
+exports.MAVEN_NO_TRANSFER_PROGRESS_FLAG = '-ntp';
+exports.MAVEN_NO_TRANSFER_PROGRESS_LONG_FLAG = '--no-transfer-progress';
 exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = ['corretto'];


@@ -78771,6 +78775,7 @@ var JavaDistribution;
    JavaDistribution["Dragonwell"] = "dragonwell";
    JavaDistribution["SapMachine"] = "sapmachine";
    JavaDistribution["GraalVM"] = "graalvm";
+    JavaDistribution["GraalVMCommunity"] = "graalvm-community";
    JavaDistribution["JetBrains"] = "jetbrains";
 })(JavaDistribution || (JavaDistribution = {}));
 function getJavaDistribution(distributionName, installerOptions, jdkFile) {
@@ -78802,6 +78807,8 @@ function getJavaDistribution(distributionName, installerOptions, jdkFile) {
            return new installer_11.SapMachineDistribution(installerOptions);
        case JavaDistribution.GraalVM:
            return new installer_12.GraalVMDistribution(installerOptions);
+        case JavaDistribution.GraalVMCommunity:
+            return new installer_12.GraalVMCommunityDistribution(installerOptions);
        case JavaDistribution.JetBrains:
            return new installer_13.JetBrainsDistribution(installerOptions);
        default:
@@ -79069,23 +79076,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.GraalVMDistribution = void 0;
+exports.GraalVMCommunityDistribution = exports.GraalVMDistribution = void 0;
 const core = __importStar(__nccwpck_require__(37484));
 const tc = __importStar(__nccwpck_require__(33472));
 const fs_1 = __importDefault(__nccwpck_require__(79896));
 const path_1 = __importDefault(__nccwpck_require__(16928));
+const semver_1 = __importDefault(__nccwpck_require__(62088));
 const base_installer_1 = __nccwpck_require__(79935);
 const http_client_1 = __nccwpck_require__(54844);
 const util_1 = __nccwpck_require__(54527);
 const GRAALVM_DL_BASE = 'https://download.oracle.com/graalvm';
 const GRAALVM_DOWNLOAD_URL = 'https://www.graalvm.org/downloads/';
+const GRAALVM_COMMUNITY_RELEASES_URL = 'https://api.github.com/repos/graalvm/graalvm-ce-builds/releases?per_page=100';
+const GRAALVM_COMMUNITY_RELEASES_PAGE_ORIGIN = 'https://api.github.com';
+const GRAALVM_COMMUNITY_DOWNLOAD_URL = 'https://github.com/graalvm/graalvm-ce-builds/releases';
+const GRAALVM_COMMUNITY_ASSET_PREFIX = 'graalvm-community-jdk-';
+const GRAALVM_COMMUNITY_VERSION_PATTERN = /^\d+(?:\.\d+)*$/;
 const IS_WINDOWS = process.platform === 'win32';
 const GRAALVM_PLATFORM = IS_WINDOWS ? 'windows' : process.platform;
 const GRAALVM_MIN_VERSION = 17;
 const SUPPORTED_ARCHITECTURES = ['x64', 'aarch64'];
 class GraalVMDistribution extends base_installer_1.JavaBase {
-    constructor(installerOptions) {
-        super('GraalVM', installerOptions);
+    constructor(installerOptions, distributionName = 'GraalVM') {
+        super(distributionName, installerOptions);
    }
    downloadTool(javaRelease) {
        return __awaiter(this, void 0, void 0, function* () {
@@ -79119,36 +79132,50 @@ class GraalVMDistribution extends base_installer_1.JavaBase {
    }
    findPackageForDownload(range) {
        return __awaiter(this, void 0, void 0, function* () {
-            // Add input validation
-            if (!range || typeof range !== 'string') {
-                throw new Error('Version range is required and must be a string');
-            }
-            const arch = this.distributionArchitecture();
-            if (!SUPPORTED_ARCHITECTURES.includes(arch)) {
-                throw new Error(`Unsupported architecture: ${this.architecture}. Supported architectures are: ${SUPPORTED_ARCHITECTURES.join(', ')}`);
-            }
+            this.validateVersionRange(range);
+            const arch = this.getSupportedArchitecture();
            if (!this.stable) {
                return this.findEABuildDownloadUrl(`${range}-ea`);
            }
-            if (this.packageType !== 'jdk') {
-                throw new Error('GraalVM provides only the `jdk` package type');
-            }
-            const platform = this.getPlatform();
-            const extension = (0, util_1.getDownloadArchiveExtension)();
-            const major = range.includes('.') ? range.split('.')[0] : range;
-            const majorVersion = parseInt(major);
-            if (isNaN(majorVersion)) {
-                throw new Error(`Invalid version format: ${range}`);
-            }
-            if (majorVersion < GRAALVM_MIN_VERSION) {
-                throw new Error(`GraalVM is only supported for JDK ${GRAALVM_MIN_VERSION} and later. Requested version: ${major}`);
-            }
+            const { platform, extension, major } = this.validateStableBuildRequest(range);
            const fileUrl = this.constructFileUrl(range, major, platform, arch, extension);
            const response = yield this.http.head(fileUrl);
            this.handleHttpResponse(response, range);
            return { url: fileUrl, version: range };
        });
    }
+    validateVersionRange(range) {
+        if (!range || typeof range !== 'string') {
+            throw new Error('Version range is required and must be a string');
+        }
+    }
+    getSupportedArchitecture() {
+        const arch = this.distributionArchitecture();
+        if (!SUPPORTED_ARCHITECTURES.includes(arch)) {
+            throw new Error(`Unsupported architecture: ${this.architecture}. Supported architectures are: ${SUPPORTED_ARCHITECTURES.join(', ')}`);
+        }
+        return arch;
+    }
+    validateStableBuildRequest(range) {
+        if (this.packageType !== 'jdk') {
+            throw new Error(`${this.distribution} provides only the \`jdk\` package type`);
+        }
+        const platform = this.getPlatform();
+        const extension = (0, util_1.getDownloadArchiveExtension)();
+        const major = range.includes('.') ? range.split('.')[0] : range;
+        const majorVersion = parseInt(major);
+        if (isNaN(majorVersion)) {
+            throw new Error(`Invalid version format: ${range}`);
+        }
+        if (majorVersion < GRAALVM_MIN_VERSION) {
+            throw new Error(`${this.distribution} is only supported for JDK ${GRAALVM_MIN_VERSION} and later. Requested version: ${major}`);
+        }
+        return {
+            platform,
+            major,
+            extension
+        };
+    }
    constructFileUrl(range, major, platform, arch, extension) {
        return range.includes('.')
            ? `${GRAALVM_DL_BASE}/${major}/archive/graalvm-jdk-${range}_${platform}-${arch}_bin.${extension}`
@@ -79239,6 +79266,101 @@ class GraalVMDistribution extends base_installer_1.JavaBase {
    }
 }
 exports.GraalVMDistribution = GraalVMDistribution;
+class GraalVMCommunityDistribution extends GraalVMDistribution {
+    constructor(installerOptions) {
+        super(installerOptions, 'GraalVM Community');
+    }
+    get toolcacheFolderName() {
+        return `Java_GraalVM_Community_${this.packageType}`;
+    }
+    findPackageForDownload(range) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.validateVersionRange(range);
+            if (!this.stable) {
+                throw new Error('GraalVM Community does not provide early access builds');
+            }
+            const arch = this.getSupportedArchitecture();
+            const { platform, extension } = this.validateStableBuildRequest(range);
+            // GraalVM Community asset names embed the platform, architecture and
+            // archive type, e.g. `graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz`.
+            const assetSuffix = `_${platform}-${arch}_bin.${extension}`;
+            const availableVersions = yield this.getAvailableVersions(assetSuffix);
+            const satisfiedVersion = availableVersions
+                .filter(item => (0, util_1.isVersionSatisfies)(range, item.version))
+                .sort((a, b) => -semver_1.default.compareBuild(a.version, b.version))[0];
+            if (!satisfiedVersion) {
+                const error = this.createVersionNotFoundError(range, availableVersions.map(item => item.version), `Platform: ${platform}`);
+                error.message += `\nPlease check if this version is available at ${GRAALVM_COMMUNITY_DOWNLOAD_URL}.`;
+                throw error;
+            }
+            return satisfiedVersion;
+        });
+    }
+    getAvailableVersions(assetSuffix) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            const headers = (0, util_1.getGitHubHttpHeaders)();
+            const versions = new Map();
+            let releasesUrl = GRAALVM_COMMUNITY_RELEASES_URL;
+            for (let pageIndex = 0; releasesUrl && pageIndex < util_1.MAX_PAGINATION_PAGES; pageIndex++) {
+                const response = yield this.http.getJson(releasesUrl, headers);
+                // A successful GitHub releases listing is always a JSON array (possibly
+                // empty). Anything else indicates an unexpected/error payload (rate
+                // limiting, auth failure, etc.) that must be surfaced instead of being
+                // silently treated as "no releases", which would later look like a
+                // misleading "version not found" error.
+                if (!Array.isArray(response.result)) {
+                    throw new Error(`Unexpected response while listing GraalVM Community releases from ${releasesUrl} ` +
+                        `(HTTP status code: ${response.statusCode}). Expected a JSON array of releases. ` +
+                        `Please check if the service is available at ${GRAALVM_COMMUNITY_DOWNLOAD_URL}.`);
+                }
+                const releases = response.result;
+                if (releases.length === 0) {
+                    break;
+                }
+                for (const release of releases) {
+                    if (release.draft || release.prerelease) {
+                        continue;
+                    }
+                    for (const asset of (_a = release.assets) !== null && _a !== void 0 ? _a : []) {
+                        const version = this.extractAssetVersion(asset.name, assetSuffix);
+                        if (version) {
+                            versions.set(version, {
+                                version,
+                                url: asset.browser_download_url
+                            });
+                        }
+                    }
+                }
+                releasesUrl = this.getNextReleasesUrl(response.headers);
+            }
+            return [...versions.values()];
+        });
+    }
+    // Returns the GraalVM JDK version encoded in a release asset name when it
+    // matches the requested platform/architecture/archive suffix, otherwise null.
+    extractAssetVersion(assetName, assetSuffix) {
+        if (!assetName.startsWith(GRAALVM_COMMUNITY_ASSET_PREFIX) ||
+            !assetName.endsWith(assetSuffix)) {
+            return null;
+        }
+        const rawVersion = assetName.slice(GRAALVM_COMMUNITY_ASSET_PREFIX.length, -assetSuffix.length);
+        if (!GRAALVM_COMMUNITY_VERSION_PATTERN.test(rawVersion)) {
+            return null;
+        }
+        return (0, util_1.convertVersionToSemver)(rawVersion);
+    }
+    getNextReleasesUrl(headers) {
+        const nextUrl = (0, util_1.getNextPageUrlFromLinkHeader)(headers);
+        if (nextUrl &&
+            !(0, util_1.validatePaginationUrl)(nextUrl, GRAALVM_COMMUNITY_RELEASES_PAGE_ORIGIN)) {
+            core.warning(`Ignoring pagination link with unexpected origin: ${nextUrl}`);
+            return null;
+        }
+        return nextUrl;
+    }
+}
+exports.GraalVMCommunityDistribution = GraalVMCommunityDistribution;


 /***/ }),
@@ -80889,6 +81011,87 @@ function deleteKey(keyFingerprint) {
 exports.deleteKey = deleteKey;


+/***/ }),
+
+/***/ 38172:
+/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
+
+"use strict";
+
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.configureMavenArgs = void 0;
+const core = __importStar(__nccwpck_require__(37484));
+const util_1 = __nccwpck_require__(54527);
+const constants_1 = __nccwpck_require__(27242);
+/**
+ * Configures the MAVEN_ARGS environment variable so that Maven suppresses
+ * artifact transfer/download progress output by default, producing cleaner
+ * CI logs.
+ *
+ * Behavior:
+ * - When `show-download-progress` is `false` (the default), `-ntp`
+ *   (`--no-transfer-progress`) is appended to any existing MAVEN_ARGS value.
+ * - When `show-download-progress` is `true`, MAVEN_ARGS is left untouched so
+ *   the user's own configuration (and Maven's default progress output) is
+ *   preserved.
+ *
+ * The change is idempotent: if MAVEN_ARGS already disables transfer progress
+ * (via `-ntp` or `--no-transfer-progress`) nothing is added. Any pre-existing
+ * MAVEN_ARGS value is preserved.
+ *
+ * MAVEN_ARGS is honored by Maven 3.9.0+ and the Maven Wrapper; older Maven
+ * versions ignore it, so this is a no-op there. It has no effect on non-Maven
+ * builds such as Gradle or sbt.
+ */
+function configureMavenArgs() {
+    var _a;
+    const showDownloadProgress = (0, util_1.getBooleanInput)(constants_1.INPUT_SHOW_DOWNLOAD_PROGRESS, false);
+    if (showDownloadProgress) {
+        core.debug(`${constants_1.INPUT_SHOW_DOWNLOAD_PROGRESS} is true; leaving ${constants_1.MAVEN_ARGS_ENV} unchanged`);
+        return;
+    }
+    const existingArgs = ((_a = process.env[constants_1.MAVEN_ARGS_ENV]) !== null && _a !== void 0 ? _a : '').trim();
+    const alreadyDisabled = existingArgs
+        .split(/\s+/)
+        .some(arg => arg === constants_1.MAVEN_NO_TRANSFER_PROGRESS_FLAG ||
+        arg === constants_1.MAVEN_NO_TRANSFER_PROGRESS_LONG_FLAG);
+    if (alreadyDisabled) {
+        core.debug(`${constants_1.MAVEN_ARGS_ENV} already disables transfer progress; leaving it unchanged`);
+        return;
+    }
+    const updatedArgs = existingArgs
+        ? `${existingArgs} ${constants_1.MAVEN_NO_TRANSFER_PROGRESS_FLAG}`
+        : constants_1.MAVEN_NO_TRANSFER_PROGRESS_FLAG;
+    core.exportVariable(constants_1.MAVEN_ARGS_ENV, updatedArgs);
+    core.info(`Configured ${constants_1.MAVEN_ARGS_ENV} to include ${constants_1.MAVEN_NO_TRANSFER_PROGRESS_FLAG} to suppress Maven transfer progress logs. ` +
+        `Set '${constants_1.INPUT_SHOW_DOWNLOAD_PROGRESS}: true' to keep the download progress output.`);
+}
+exports.configureMavenArgs = configureMavenArgs;
+
+
 /***/ }),

 /***/ 90471:
@@ -80941,6 +81144,7 @@ const constants = __importStar(__nccwpck_require__(27242));
 const cache_1 = __nccwpck_require__(97377);
 const path = __importStar(__nccwpck_require__(16928));
 const distribution_factory_1 = __nccwpck_require__(2970);
+const maven_args_1 = __nccwpck_require__(38172);
 function run() {
    return __awaiter(this, void 0, void 0, function* () {
        try {
@@ -80988,6 +81192,7 @@ function run() {
            const matchersPath = path.join(__dirname, '..', '..', '.github');
            core.info(`##[add-matcher]${path.join(matchersPath, 'java.json')}`);
            yield auth.configureAuthentication();
+            (0, maven_args_1.configureMavenArgs)();
            if (cache && (0, util_1.isCacheFeatureAvailable)()) {
                yield (0, cache_1.restore)(cache, cacheDependencyPath);
            }
@@ -10,6 +10,7 @@
  - [Alibaba Dragonwell](#Alibaba-Dragonwell)
  - [SapMachine](#SapMachine)
  - [GraalVM](#GraalVM)
+  - [GraalVM Community](#GraalVM-Community)
  - [JetBrains](#JetBrains)
 - [Installing custom Java package type](#Installing-custom-Java-package-type)
  - [JavaFX Maven project](#JavaFX-Maven-project)
@@ -18,6 +19,7 @@
 - [Testing against different Java distributions](#Testing-against-different-Java-distributions)
 - [Testing against different platforms](#Testing-against-different-platforms)
 - [Publishing using Apache Maven](#Publishing-using-Apache-Maven)
+- [Maven transfer progress (download logs)](#Maven-transfer-progress-download-logs)
 - [Publishing using Gradle](#Publishing-using-Gradle)
 - [Hosted Tool Cache](#Hosted-Tool-Cache)
 - [Modifying Maven Toolchains](#Modifying-Maven-Toolchains)
@@ -174,6 +176,21 @@ steps:
    native-image --version
 ```

+### GraalVM Community
+**NOTE:** GraalVM Community is available for stable JDK 17 and later releases.
+
+```yaml
+steps:
+- uses: actions/checkout@v6
+- uses: actions/setup-java@v5
+  with:
+    distribution: 'graalvm-community'
+    java-version: '21'
+- run: |
+    java --version
+    native-image --version
+```
+
 ### JetBrains

 **NOTE:** JetBrains is only available for LTS versions on 11 or later (11, 17, 21, etc.).
@@ -270,6 +287,9 @@ steps:
 ## Installing Java from local file
 If your use-case requires a custom distribution or a version that is not provided by setup-java, you can download it manually and setup-java will take care of the installation and caching on the VM:

+> [!NOTE]
+> This approach also lets you use builds that setup-java does not provide directly, such as **Early Access (EA)** or other unreleased JDK builds (for example, an upcoming feature release or a Loom/Valhalla preview build). Download the desired archive in a prior step and point `jdkFile` at it; setup-java will extract, install, and cache it just like a supported distribution. When targeting multiple architectures, select the correct binary per architecture in your workflow (for example, with a build matrix).
+
 ```yaml
 steps:
 - run: |
@@ -285,6 +305,23 @@ steps:
 - run: java --version
 ```

+For example, to use an **Early Access** build from [jdk.java.net](https://jdk.java.net/), download the archive for your runner OS/architecture and install it via `distribution: 'jdkfile'` (example below assumes Linux x64):
+
+```yaml
+steps:
+- run: |
+    download_url="https://download.java.net/java/early_access/jdk25/36/GPL/openjdk-25-ea+36_linux-x64_bin.tar.gz"
+    wget -O $RUNNER_TEMP/java_package.tar.gz $download_url
+- uses: actions/setup-java@v5
+  with:
+    distribution: 'jdkfile'
+    jdkFile: ${{ runner.temp }}/java_package.tar.gz
+    java-version: '25.0.0-ea.36'
+    architecture: x64
+
+- run: java --version
+```
+
 If your use-case requires a custom distribution (in the example, alpine-linux is used) or a version that is not provided by setup-java and you want to always install the latest version during runtime, then you can use the following code to auto-download the latest JDK, determine the semver needed for setup-java, and setup-java will take care of the installation and caching on the VM:

 ```yaml
@@ -490,6 +527,36 @@ jobs:
        GITHUB_TOKEN: ${{ github.token }}
 ```

+## Maven transfer progress (download logs)
+
+By default, Maven prints a line for every artifact it downloads, which can add hundreds of noisy lines to CI logs. To keep logs clean, `setup-java` sets the [`MAVEN_ARGS`](https://maven.apache.org/configure.html#maven_args-environment-variable) environment variable to include `-ntp` (`--no-transfer-progress`) so that subsequent Maven invocations in the job suppress this transfer progress output.
+
+This is enabled by default. Any existing `MAVEN_ARGS` value is preserved (the flag is appended, not overwritten), and the flag is not added twice if you already set it yourself.
+
+If you want to keep the download/transfer progress in your logs, set `show-download-progress: true`:
+
+```yaml
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v6
+    - uses: actions/setup-java@v5
+      with:
+        distribution: '<distribution>'
+        java-version: '21'
+        show-download-progress: true # keep Maven download/transfer progress in the logs
+
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
+```
+
+***NOTES***:
+- `MAVEN_ARGS` is honored by Maven 3.9.0+ and the Maven Wrapper (`mvnw`). Older Maven versions ignore it, so on those you can pass `--no-transfer-progress` on the command line instead.
+- This setting only affects Maven. It has no effect on Gradle, sbt, or other build tools.
+- `-ntp` only controls transfer/progress output; it does not change whether Maven runs in batch mode. Use `-B`/`--batch-mode` (or `<interactiveMode>false</interactiveMode>` in `settings.xml`) if you also want non-interactive runs.
+
 ## Publishing using Gradle
 ```yaml
 jobs:
@@ -28,5 +28,10 @@ export const MVN_SETTINGS_FILE = 'settings.xml';
 export const MVN_TOOLCHAINS_FILE = 'toolchains.xml';
 export const INPUT_MVN_TOOLCHAIN_ID = 'mvn-toolchain-id';
 export const INPUT_MVN_TOOLCHAIN_VENDOR = 'mvn-toolchain-vendor';
+export const INPUT_SHOW_DOWNLOAD_PROGRESS = 'show-download-progress';
+
+export const MAVEN_ARGS_ENV = 'MAVEN_ARGS';
+export const MAVEN_NO_TRANSFER_PROGRESS_FLAG = '-ntp';
+export const MAVEN_NO_TRANSFER_PROGRESS_LONG_FLAG = '--no-transfer-progress';

 export const DISTRIBUTIONS_ONLY_MAJOR_VERSION = ['corretto'];
@@ -11,7 +11,10 @@ import {CorrettoDistribution} from './corretto/installer';
 import {OracleDistribution} from './oracle/installer';
 import {DragonwellDistribution} from './dragonwell/installer';
 import {SapMachineDistribution} from './sapmachine/installer';
-import {GraalVMDistribution} from './graalvm/installer';
+import {
+  GraalVMCommunityDistribution,
+  GraalVMDistribution
+} from './graalvm/installer';
 import {JetBrainsDistribution} from './jetbrains/installer';

 enum JavaDistribution {
@@ -29,6 +32,7 @@ enum JavaDistribution {
  Dragonwell = 'dragonwell',
  SapMachine = 'sapmachine',
  GraalVM = 'graalvm',
+  GraalVMCommunity = 'graalvm-community',
  JetBrains = 'jetbrains'
 }

@@ -74,6 +78,8 @@ export function getJavaDistribution(
      return new SapMachineDistribution(installerOptions);
    case JavaDistribution.GraalVM:
      return new GraalVMDistribution(installerOptions);
+    case JavaDistribution.GraalVMCommunity:
+      return new GraalVMCommunityDistribution(installerOptions);
    case JavaDistribution.JetBrains:
      return new JetBrainsDistribution(installerOptions);
    default:
@@ -2,6 +2,7 @@ import * as core from '@actions/core';
 import * as tc from '@actions/tool-cache';
 import fs from 'fs';
 import path from 'path';
+import semver from 'semver';
 import {JavaBase} from '../base-installer';
 import {HttpCodes} from '@actions/http-client';
 import {GraalVMEAVersion} from './models';
@@ -11,14 +12,26 @@ import {
  JavaInstallerResults
 } from '../base-models';
 import {
+  convertVersionToSemver,
  extractJdkFile,
  getDownloadArchiveExtension,
  getGitHubHttpHeaders,
-  renameWinArchive
+  getNextPageUrlFromLinkHeader,
+  isVersionSatisfies,
+  MAX_PAGINATION_PAGES,
+  renameWinArchive,
+  validatePaginationUrl
 } from '../../util';

 const GRAALVM_DL_BASE = 'https://download.oracle.com/graalvm';
 const GRAALVM_DOWNLOAD_URL = 'https://www.graalvm.org/downloads/';
+const GRAALVM_COMMUNITY_RELEASES_URL =
+  'https://api.github.com/repos/graalvm/graalvm-ce-builds/releases?per_page=100';
+const GRAALVM_COMMUNITY_RELEASES_PAGE_ORIGIN = 'https://api.github.com';
+const GRAALVM_COMMUNITY_DOWNLOAD_URL =
+  'https://github.com/graalvm/graalvm-ce-builds/releases';
+const GRAALVM_COMMUNITY_ASSET_PREFIX = 'graalvm-community-jdk-';
+const GRAALVM_COMMUNITY_VERSION_PATTERN = /^\d+(?:\.\d+)*$/;
 const IS_WINDOWS = process.platform === 'win32';
 const GRAALVM_PLATFORM = IS_WINDOWS ? 'windows' : process.platform;
 const GRAALVM_MIN_VERSION = 17;
@@ -26,9 +39,23 @@ const SUPPORTED_ARCHITECTURES = ['x64', 'aarch64'] as const;
 type SupportedArchitecture = (typeof SUPPORTED_ARCHITECTURES)[number];
 type OsVersions = 'linux' | 'macos' | 'windows';

+interface GraalVMCommunityAsset {
+  name: string;
+  browser_download_url: string;
+}
+
+interface GraalVMCommunityRelease {
+  draft: boolean;
+  prerelease: boolean;
+  assets: GraalVMCommunityAsset[];
+}
+
 export class GraalVMDistribution extends JavaBase {
-  constructor(installerOptions: JavaInstallerOptions) {
-    super('GraalVM', installerOptions);
+  constructor(
+    installerOptions: JavaInstallerOptions,
+    distributionName = 'GraalVM'
+  ) {
+    super(distributionName, installerOptions);
  }

  protected async downloadTool(
@@ -85,40 +112,14 @@ export class GraalVMDistribution extends JavaBase {
  protected async findPackageForDownload(
    range: string
  ): Promise<JavaDownloadRelease> {
-    // Add input validation
-    if (!range || typeof range !== 'string') {
-      throw new Error('Version range is required and must be a string');
-    }
-
-    const arch = this.distributionArchitecture();
-    if (!SUPPORTED_ARCHITECTURES.includes(arch as SupportedArchitecture)) {
-      throw new Error(
-        `Unsupported architecture: ${this.architecture}. Supported architectures are: ${SUPPORTED_ARCHITECTURES.join(', ')}`
-      );
-    }
+    this.validateVersionRange(range);
+    const arch = this.getSupportedArchitecture();

    if (!this.stable) {
      return this.findEABuildDownloadUrl(`${range}-ea`);
    }

-    if (this.packageType !== 'jdk') {
-      throw new Error('GraalVM provides only the `jdk` package type');
-    }
-
-    const platform = this.getPlatform();
-    const extension = getDownloadArchiveExtension();
-    const major = range.includes('.') ? range.split('.')[0] : range;
-    const majorVersion = parseInt(major);
-
-    if (isNaN(majorVersion)) {
-      throw new Error(`Invalid version format: ${range}`);
-    }
-
-    if (majorVersion < GRAALVM_MIN_VERSION) {
-      throw new Error(
-        `GraalVM is only supported for JDK ${GRAALVM_MIN_VERSION} and later. Requested version: ${major}`
-      );
-    }
+    const {platform, extension, major} = this.validateStableBuildRequest(range);

    const fileUrl = this.constructFileUrl(
      range,
@@ -134,6 +135,56 @@ export class GraalVMDistribution extends JavaBase {
    return {url: fileUrl, version: range};
  }

+  protected validateVersionRange(range: string): void {
+    if (!range || typeof range !== 'string') {
+      throw new Error('Version range is required and must be a string');
+    }
+  }
+
+  protected getSupportedArchitecture(): SupportedArchitecture {
+    const arch = this.distributionArchitecture();
+    if (!SUPPORTED_ARCHITECTURES.includes(arch as SupportedArchitecture)) {
+      throw new Error(
+        `Unsupported architecture: ${this.architecture}. Supported architectures are: ${SUPPORTED_ARCHITECTURES.join(', ')}`
+      );
+    }
+
+    return arch as SupportedArchitecture;
+  }
+
+  protected validateStableBuildRequest(range: string): {
+    platform: OsVersions;
+    extension: string;
+    major: string;
+  } {
+    if (this.packageType !== 'jdk') {
+      throw new Error(
+        `${this.distribution} provides only the \`jdk\` package type`
+      );
+    }
+
+    const platform = this.getPlatform();
+    const extension = getDownloadArchiveExtension();
+    const major = range.includes('.') ? range.split('.')[0] : range;
+    const majorVersion = parseInt(major);
+
+    if (isNaN(majorVersion)) {
+      throw new Error(`Invalid version format: ${range}`);
+    }
+
+    if (majorVersion < GRAALVM_MIN_VERSION) {
+      throw new Error(
+        `${this.distribution} is only supported for JDK ${GRAALVM_MIN_VERSION} and later. Requested version: ${major}`
+      );
+    }
+
+    return {
+      platform,
+      major,
+      extension
+    };
+  }
+
  private constructFileUrl(
    range: string,
    major: string,
@@ -280,3 +331,144 @@ export class GraalVMDistribution extends JavaBase {
    return result;
  }
 }
+
+export class GraalVMCommunityDistribution extends GraalVMDistribution {
+  constructor(installerOptions: JavaInstallerOptions) {
+    super(installerOptions, 'GraalVM Community');
+  }
+
+  protected get toolcacheFolderName(): string {
+    return `Java_GraalVM_Community_${this.packageType}`;
+  }
+
+  protected async findPackageForDownload(
+    range: string
+  ): Promise<JavaDownloadRelease> {
+    this.validateVersionRange(range);
+
+    if (!this.stable) {
+      throw new Error('GraalVM Community does not provide early access builds');
+    }
+
+    const arch = this.getSupportedArchitecture();
+    const {platform, extension} = this.validateStableBuildRequest(range);
+    // GraalVM Community asset names embed the platform, architecture and
+    // archive type, e.g. `graalvm-community-jdk-21.0.2_linux-x64_bin.tar.gz`.
+    const assetSuffix = `_${platform}-${arch}_bin.${extension}`;
+    const availableVersions = await this.getAvailableVersions(assetSuffix);
+
+    const satisfiedVersion = availableVersions
+      .filter(item => isVersionSatisfies(range, item.version))
+      .sort((a, b) => -semver.compareBuild(a.version, b.version))[0];
+
+    if (!satisfiedVersion) {
+      const error = this.createVersionNotFoundError(
+        range,
+        availableVersions.map(item => item.version),
+        `Platform: ${platform}`
+      );
+      error.message += `\nPlease check if this version is available at ${GRAALVM_COMMUNITY_DOWNLOAD_URL}.`;
+      throw error;
+    }
+
+    return satisfiedVersion;
+  }
+
+  private async getAvailableVersions(
+    assetSuffix: string
+  ): Promise<JavaDownloadRelease[]> {
+    const headers = getGitHubHttpHeaders();
+    const versions = new Map<string, JavaDownloadRelease>();
+    let releasesUrl: string | null = GRAALVM_COMMUNITY_RELEASES_URL;
+
+    for (
+      let pageIndex = 0;
+      releasesUrl && pageIndex < MAX_PAGINATION_PAGES;
+      pageIndex++
+    ) {
+      const response = await this.http.getJson<GraalVMCommunityRelease[]>(
+        releasesUrl,
+        headers
+      );
+
+      // A successful GitHub releases listing is always a JSON array (possibly
+      // empty). Anything else indicates an unexpected/error payload (rate
+      // limiting, auth failure, etc.) that must be surfaced instead of being
+      // silently treated as "no releases", which would later look like a
+      // misleading "version not found" error.
+      if (!Array.isArray(response.result)) {
+        throw new Error(
+          `Unexpected response while listing GraalVM Community releases from ${releasesUrl} ` +
+            `(HTTP status code: ${response.statusCode}). Expected a JSON array of releases. ` +
+            `Please check if the service is available at ${GRAALVM_COMMUNITY_DOWNLOAD_URL}.`
+        );
+      }
+
+      const releases = response.result;
+      if (releases.length === 0) {
+        break;
+      }
+
+      for (const release of releases) {
+        if (release.draft || release.prerelease) {
+          continue;
+        }
+
+        for (const asset of release.assets ?? []) {
+          const version = this.extractAssetVersion(asset.name, assetSuffix);
+          if (version) {
+            versions.set(version, {
+              version,
+              url: asset.browser_download_url
+            });
+          }
+        }
+      }
+
+      releasesUrl = this.getNextReleasesUrl(response.headers);
+    }
+
+    return [...versions.values()];
+  }
+
+  // Returns the GraalVM JDK version encoded in a release asset name when it
+  // matches the requested platform/architecture/archive suffix, otherwise null.
+  private extractAssetVersion(
+    assetName: string,
+    assetSuffix: string
+  ): string | null {
+    if (
+      !assetName.startsWith(GRAALVM_COMMUNITY_ASSET_PREFIX) ||
+      !assetName.endsWith(assetSuffix)
+    ) {
+      return null;
+    }
+
+    const rawVersion = assetName.slice(
+      GRAALVM_COMMUNITY_ASSET_PREFIX.length,
+      -assetSuffix.length
+    );
+
+    if (!GRAALVM_COMMUNITY_VERSION_PATTERN.test(rawVersion)) {
+      return null;
+    }
+
+    return convertVersionToSemver(rawVersion);
+  }
+
+  private getNextReleasesUrl(
+    headers: Record<string, string | string[] | undefined>
+  ): string | null {
+    const nextUrl = getNextPageUrlFromLinkHeader(headers);
+    if (
+      nextUrl &&
+      !validatePaginationUrl(nextUrl, GRAALVM_COMMUNITY_RELEASES_PAGE_ORIGIN)
+    ) {
+      core.warning(
+        `Ignoring pagination link with unexpected origin: ${nextUrl}`
+      );
+      return null;
+    }
+    return nextUrl;
+  }
+}
@@ -0,0 +1,69 @@
+import * as core from '@actions/core';
+import {getBooleanInput} from './util';
+import {
+  INPUT_SHOW_DOWNLOAD_PROGRESS,
+  MAVEN_ARGS_ENV,
+  MAVEN_NO_TRANSFER_PROGRESS_FLAG,
+  MAVEN_NO_TRANSFER_PROGRESS_LONG_FLAG
+} from './constants';
+
+/**
+ * Configures the MAVEN_ARGS environment variable so that Maven suppresses
+ * artifact transfer/download progress output by default, producing cleaner
+ * CI logs.
+ *
+ * Behavior:
+ * - When `show-download-progress` is `false` (the default), `-ntp`
+ *   (`--no-transfer-progress`) is appended to any existing MAVEN_ARGS value.
+ * - When `show-download-progress` is `true`, MAVEN_ARGS is left untouched so
+ *   the user's own configuration (and Maven's default progress output) is
+ *   preserved.
+ *
+ * The change is idempotent: if MAVEN_ARGS already disables transfer progress
+ * (via `-ntp` or `--no-transfer-progress`) nothing is added. Any pre-existing
+ * MAVEN_ARGS value is preserved.
+ *
+ * MAVEN_ARGS is honored by Maven 3.9.0+ and the Maven Wrapper; older Maven
+ * versions ignore it, so this is a no-op there. It has no effect on non-Maven
+ * builds such as Gradle or sbt.
+ */
+export function configureMavenArgs(): void {
+  const showDownloadProgress = getBooleanInput(
+    INPUT_SHOW_DOWNLOAD_PROGRESS,
+    false
+  );
+
+  if (showDownloadProgress) {
+    core.debug(
+      `${INPUT_SHOW_DOWNLOAD_PROGRESS} is true; leaving ${MAVEN_ARGS_ENV} unchanged`
+    );
+    return;
+  }
+
+  const existingArgs = (process.env[MAVEN_ARGS_ENV] ?? '').trim();
+
+  const alreadyDisabled = existingArgs
+    .split(/\s+/)
+    .some(
+      arg =>
+        arg === MAVEN_NO_TRANSFER_PROGRESS_FLAG ||
+        arg === MAVEN_NO_TRANSFER_PROGRESS_LONG_FLAG
+    );
+
+  if (alreadyDisabled) {
+    core.debug(
+      `${MAVEN_ARGS_ENV} already disables transfer progress; leaving it unchanged`
+    );
+    return;
+  }
+
+  const updatedArgs = existingArgs
+    ? `${existingArgs} ${MAVEN_NO_TRANSFER_PROGRESS_FLAG}`
+    : MAVEN_NO_TRANSFER_PROGRESS_FLAG;
+
+  core.exportVariable(MAVEN_ARGS_ENV, updatedArgs);
+  core.info(
+    `Configured ${MAVEN_ARGS_ENV} to include ${MAVEN_NO_TRANSFER_PROGRESS_FLAG} to suppress Maven transfer progress logs. ` +
+      `Set '${INPUT_SHOW_DOWNLOAD_PROGRESS}: true' to keep the download progress output.`
+  );
+}
@@ -12,6 +12,7 @@ import {restore} from './cache';
 import * as path from 'path';
 import {getJavaDistribution} from './distributions/distribution-factory';
 import {JavaInstallerOptions} from './distributions/base-models';
+import {configureMavenArgs} from './maven-args';

 async function run() {
  try {
@@ -79,6 +80,7 @@ async function run() {
    core.info(`##[add-matcher]${path.join(matchersPath, 'java.json')}`);

    await auth.configureAuthentication();
+    configureMavenArgs();
    if (cache && isCacheFeatureAvailable()) {
      await restore(cache, cacheDependencyPath);
    }
Author	SHA1	Message	Date
Bruno Borges	5c0f591bcc	Merge branch 'main' into feature/maven-args-no-transfer-progress	2026-06-23 13:39:59 -04:00
Bruno Borges	1bcf9fb12c	dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#1059 ) - installer: surface a clear error when the GraalVM Community releases listing is not a JSON array, instead of silently treating an error payload (rate limit, auth failure, etc.) as "no releases" which later surfaced as a misleading "version not found" error. - docs: fix the GraalVM Community advanced-usage example to check the installed binary versions (java/native-image --version) rather than running a non-existent HelloWorldApp classpath that fails when copied. - tests: cover the new non-array release listing error path. Rebuilt dist bundle. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-06-23 13:37:44 -04:00
Bruno Borges	fa2c6508d1	docs: note jdkfile approach for Early Access / unreleased JDK builds (#1058 ) * docs: note jdkfile approach for Early Access / unreleased JDK builds Clarify in advanced-usage that the existing 'jdkfile' distribution can be used to install Early Access (EA) or other unreleased JDK builds not provided directly by setup-java, by downloading the archive in a prior step and pointing jdkFile at it. Adds a concrete EA example. Addresses #612. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-06-23 13:23:45 -04:00
Copilot	1d56e31dbb	dist: Add GraalVM Community distribution support (#1042 ) * Initial plan * feat: add graalvm community distribution support * build: update bundled dist for graalvm community support * chore: address GraalVM community review feedback * fix: tidy graalvm community validation follow-ups * refactor: simplify GraalVM Community release resolution * refactor: address review feedback on Community resolver * refactor: rename pagination index for clarity * test: fix graalvm installer test formatting --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Bruno Borges <brborges@microsoft.com>	2026-06-23 13:19:27 -04:00
Bruno Borges	1d25252804	chore: Harden workflows: least-privilege permissions + zizmor integration (#1039 ) * Harden workflows with least-privilege permissions and zizmor Apply GitHub Actions security best practices to the action's own workflows and integrate zizmor to catch regressions. - Add explicit least-privilege `permissions:` to every workflow (contents: read for read-only workflows; default-deny `{}` with job-scoped grants for codeql, publish-immutable-actions and update-config-files). - Set `persist-credentials: false` on all checkout steps that don't need the GITHUB_TOKEN afterwards. - Move `${{ ... }}` expansions out of `run:` blocks into `env:` vars to avoid template injection. - Pin the alpine container image (alpine:latest -> alpine:3.21). - Add a zizmor CI workflow that uploads SARIF to code scanning, plus a `.github/zizmor.yml` pinning policy (ref-pin for actions/* and github/, hash-pin for third-party actions). zizmor now reports no findings (offline and online). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Fix indentation of if: in zizmor SARIF upload step The `if:` key on the "Upload SARIF results to code scanning" step had no indentation, producing invalid YAML ("Nested mappings are not allowed in compact mappings"). This broke `npm run format-check` (prettier) in Basic validation. Indent `if:` to 8 spaces so it nests under the step alongside uses/with. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-06-23 18:10:17 +01:00
copilot-swe-agent[bot]	fa20c15c93	Update generated dist for Maven args log change	2026-06-23 02:46:55 +00:00
Bruno Borges	8e27c114ea	Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-06-22 22:40:43 -04:00
Bruno Borges	cf3151c7a1	feat: suppress Maven transfer progress via MAVEN_ARGS by default Set MAVEN_ARGS to include -ntp (--no-transfer-progress) so Maven invocations in the job produce cleaner CI logs without download/transfer progress noise. Add a new optional 'show-download-progress' input (default false); set it to true to keep the progress output. The change preserves any existing MAVEN_ARGS value (the flag is appended, not overwritten) and is idempotent (it won't add the flag twice if -ntp or --no-transfer-progress is already present). Applies on all platforms; honored by Maven 3.9.0+ and the Maven Wrapper, and is a no-op for non-Maven builds. - action.yml: add show-download-progress input - src/constants.ts: add input + MAVEN_ARGS constants - src/maven-args.ts: new configureMavenArgs() - src/setup-java.ts: invoke configureMavenArgs() during setup - __tests__/maven-args.test.ts: unit tests - docs/advanced-usage.md: document the behavior and input - dist: rebuild bundled action Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-06-22 22:26:13 -04:00
Bruno Borges	668c1ea991	docs: add post-install keytool import for the JDK cacerts trust store (#1051 ) Document how to make the installed JDK trust an internal CA at application runtime by importing it into $JAVA_HOME/lib/security/cacerts with keytool after setup-java runs. Clarifies this is the runtime trust layer, distinct from the download/transport layer (NODE_EXTRA_CA_CERTS), and notes hosted vs self-hosted persistence caveats. Refs #640 #1035 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-06-22 21:59:01 -04:00
Bruno Borges	a9a46fbe09	docs: document self-signed certificate / internal CA handling for GitHub Enterprise (#1050 ) Adds an advanced-usage section explaining the 'self signed certificate in certificate chain' error seen on GitHub Enterprise Server and behind TLS-inspecting proxies. Recommends the secure fix of trusting the internal CA via NODE_EXTRA_CA_CERTS (or the OS trust store on self-hosted runners), with a GitHub Enterprise callout, and warns against disabling TLS verification since the JDK download has no checksum fallback. Refs #640 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-06-22 21:51:01 -04:00