[StepSecurity] Apply security best practices #222
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Windows | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: [master] | |
| paths: | |
| - .github/workflows/wix.yml | |
| - wix/** | |
| permissions: | |
| contents: read | |
| jobs: | |
| wix: | |
| strategy: | |
| matrix: | |
| jdk: [8, 11, 17] | |
| include: | |
| - jdk: 8 | |
| ICEDTEA_WEB_VERSION: "icedtea-web-1.8.6" | |
| PRODUCT_MAJOR_VERSION: 8 | |
| PRODUCT_MINOR_VERSION: 0 | |
| PRODUCT_MAINTENANCE_VERSION: 362 | |
| PRODUCT_PATCH_VERSION: 0 | |
| PRODUCT_BUILD_NUMBER: "09" | |
| MSI_PRODUCT_VERSION: 8.0.362.9 | |
| ARCH: x64 | |
| TAG: jdk8u362-b09 | |
| SUB_TAG: 8u362b09 | |
| JVM: hotspot | |
| - jdk: 11 | |
| PRODUCT_MAJOR_VERSION: 11 | |
| PRODUCT_MINOR_VERSION: 0 | |
| PRODUCT_MAINTENANCE_VERSION: 18 | |
| PRODUCT_PATCH_VERSION: 0 | |
| PRODUCT_BUILD_NUMBER: 10 | |
| MSI_PRODUCT_VERSION: 11.0.18.10 | |
| ARCH: x64 | |
| TAG: jdk-11.0.18+10 | |
| SUB_TAG: 11.0.18_10 | |
| JVM: hotspot | |
| - jdk: 17 | |
| PRODUCT_MAJOR_VERSION: 17 | |
| PRODUCT_MINOR_VERSION: 0 | |
| PRODUCT_MAINTENANCE_VERSION: 6 | |
| PRODUCT_PATCH_VERSION: 0 | |
| PRODUCT_BUILD_NUMBER: 10 | |
| MSI_PRODUCT_VERSION: 17.0.6.10 | |
| ARCH: x64 | |
| TAG: jdk-17.0.6+10 | |
| SUB_TAG: 17.0.6_10 | |
| JVM: hotspot | |
| name: wix | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Download IcedTea-Web | |
| run: | | |
| Invoke-WebRequest -Uri "https://github.com/AdoptOpenJDK/IcedTea-Web/releases/download/${{ matrix.ICEDTEA_WEB_VERSION }}/${{ matrix.ICEDTEA_WEB_VERSION }}.win.bin.zip" ` | |
| -OutFile "${{ matrix.ICEDTEA_WEB_VERSION }}.win.bin.zip" | |
| unzip -q icedtea-web-*.win.bin.zip | |
| Remove-Item icedtea-web-*.win.bin.zip | |
| Remove-Item icedtea-web-image\share\doc -Recurse | |
| working-directory: wix/SourceDir | |
| if: ${{ matrix.ICEDTEA_WEB_VERSION }} | |
| - name: Download Prebuilt JDK/JRE | |
| run: | | |
| Invoke-WebRequest -Uri "https://github.com/adoptium/temurin${{ matrix.PRODUCT_MAJOR_VERSION }}-binaries/releases/download/${{ matrix.TAG }}/OpenJDK${{ matrix.PRODUCT_MAJOR_VERSION }}U-jdk_${{ matrix.ARCH }}_windows_${{ matrix.JVM }}_${{ matrix.SUB_TAG }}.zip" ` | |
| -OutFile "OpenJDK${{ matrix.PRODUCT_MAJOR_VERSION }}U-jdk_${{ matrix.ARCH }}_windows_${{ matrix.JVM }}_${{ matrix.SUB_TAG }}.zip" | |
| Invoke-WebRequest -Uri "https://github.com/adoptium/temurin${{ matrix.PRODUCT_MAJOR_VERSION }}-binaries/releases/download/${{ matrix.TAG }}/OpenJDK${{ matrix.PRODUCT_MAJOR_VERSION }}U-jre_${{ matrix.ARCH }}_windows_${{ matrix.JVM }}_${{ matrix.SUB_TAG }}.zip" ` | |
| -OutFile "OpenJDK${{ matrix.PRODUCT_MAJOR_VERSION }}U-jre_${{ matrix.ARCH }}_windows_${{ matrix.JVM }}_${{ matrix.SUB_TAG }}.zip" | |
| ./CreateSourceFolder.AdoptOpenJDK.ps1 | |
| working-directory: wix/SourceDir | |
| - name: Create JDK Installer | |
| run: call Build.OpenJDK_generic.cmd | |
| working-directory: wix | |
| env: | |
| PRODUCT_CATEGORY: jdk | |
| PRODUCT_MAJOR_VERSION: ${{ matrix.PRODUCT_MAJOR_VERSION }} | |
| PRODUCT_MINOR_VERSION: ${{ matrix.PRODUCT_MINOR_VERSION }} | |
| PRODUCT_MAINTENANCE_VERSION: ${{ matrix.PRODUCT_MAINTENANCE_VERSION }} | |
| PRODUCT_PATCH_VERSION: ${{ matrix.PRODUCT_PATCH_VERSION }} | |
| PRODUCT_BUILD_NUMBER: ${{ matrix.PRODUCT_BUILD_NUMBER }} | |
| MSI_PRODUCT_VERSION: ${{ matrix.MSI_PRODUCT_VERSION }} | |
| ARCH: ${{ matrix.ARCH }} | |
| JVM: ${{ matrix.JVM }} | |
| shell: cmd | |
| - name: Create JRE Installer | |
| run: call Build.OpenJDK_generic.cmd | |
| working-directory: wix | |
| env: | |
| PRODUCT_CATEGORY: jre | |
| PRODUCT_MAJOR_VERSION: ${{ matrix.PRODUCT_MAJOR_VERSION }} | |
| PRODUCT_MINOR_VERSION: ${{ matrix.PRODUCT_MINOR_VERSION }} | |
| PRODUCT_MAINTENANCE_VERSION: ${{ matrix.PRODUCT_MAINTENANCE_VERSION }} | |
| PRODUCT_PATCH_VERSION: ${{ matrix.PRODUCT_PATCH_VERSION }} | |
| PRODUCT_BUILD_NUMBER: ${{ matrix.PRODUCT_BUILD_NUMBER }} | |
| MSI_PRODUCT_VERSION: ${{ matrix.MSI_PRODUCT_VERSION }} | |
| ARCH: ${{ matrix.ARCH }} | |
| JVM: ${{ matrix.JVM }} | |
| shell: cmd | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| with: | |
| name: windows-${{ matrix.PRODUCT_MAJOR_VERSION }} | |
| path: wix/ReleaseDir/*.msi |