{"id":39507221,"url":"https://github.com/fwilhe2/setup-kotlin","last_synced_at":"2026-02-07T07:09:19.466Z","repository":{"id":37032959,"uuid":"293078213","full_name":"fwilhe2/setup-kotlin","owner":"fwilhe2","description":"Setup the Kotlin™ cli compiler in GitHub Actions","archived":false,"fork":false,"pushed_at":"2026-01-17T17:25:11.000Z","size":4757,"stargazers_count":32,"open_issues_count":0,"forks_count":7,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-18T15:22:42.049Z","etag":null,"topics":["actions","kotlin","programming","scripting"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fwilhe2.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-09-05T13:09:41.000Z","updated_at":"2026-01-17T17:23:30.000Z","dependencies_parsed_at":"2023-02-19T03:45:25.531Z","dependency_job_id":"28a2a531-9cfb-4c36-878b-400ffb8d96e6","html_url":"https://github.com/fwilhe2/setup-kotlin","commit_stats":{"total_commits":227,"total_committers":6,"mean_commits":"37.833333333333336","dds":0.5242290748898679,"last_synced_commit":"a0f3e5ddc32794bff0893cc5ee5dd2df1c3d5fe6"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":"actions/typescript-action","purl":"pkg:github/fwilhe2/setup-kotlin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fwilhe2%2Fsetup-kotlin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fwilhe2%2Fsetup-kotlin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fwilhe2%2Fsetup-kotlin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fwilhe2%2Fsetup-kotlin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fwilhe2","download_url":"https://codeload.github.com/fwilhe2/setup-kotlin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fwilhe2%2Fsetup-kotlin/sbom","scorecard":{"id":415271,"data":{"date":"2025-08-11","repo":{"name":"github.com/fwilhe2/setup-kotlin","commit":"f57d52236bddc1e9f2df15d928de6f19572d6c08"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":1,"reason":"Found 2/12 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/Release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/Release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/Release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/Release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/fwilhe2/setup-kotlin/test.yml/main?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:4","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T23:40:06.317Z","repository_id":37032959,"created_at":"2025-08-18T23:40:06.317Z","updated_at":"2025-08-18T23:40:06.317Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28917541,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T19:10:10.838Z","status":"ssl_error","status_checked_at":"2026-01-30T19:06:40.573Z","response_time":66,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","kotlin","programming","scripting"],"created_at":"2026-01-18T05:58:00.477Z","updated_at":"2026-01-30T19:13:07.545Z","avatar_url":"https://github.com/fwilhe2.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Setup the [Kotlin™](https://kotlinlang.org/) cli compiler in GitHub Actions\n\n![build-test](https://github.com/fwilhe2/setup-kotlin/workflows/build-test/badge.svg)\n![license](https://img.shields.io/github/license/fwilhe2/setup-kotlin)\n![latest-version](https://img.shields.io/github/v/tag/fwilhe2/setup-kotlin)\n\nThis action downloads the Kotlin™ compiler and installs it to the path.\nIt won't touch the installed JREs.\n\nBy default, the latest released version of Kotlin is installed.\nThis can be overriden via the `version` flag.\n\nIt allows you to use the `kotlinc` and the `kotlin` tool to compile source code and run scripts.\n\n\u003e :warning: **Note:** You probably don't need this action.\n\u003e GitHub now pre-installs Kotlin, if this works for you, there is no need to use this action.\n\u003e See [this issue](https://github.com/fwilhe2/setup-kotlin/issues/174) for more details.\n\u003e Furthermore, you don't need this action if you want to build a Kotlin project using Maven/Gradle as they will download the compiler for you.\n\u003e This action is useful if you need or want to use the `kotlin`/`kotlinc`/`kotlinc-native` cli tools, if you want to install a specific version of them or if you run workflows in a container/runner where Kotlin is not preinstalled.\n\nSee [this repo](https://github.com/fwilhe2/improved-enigma) for usage examples.\n\n## Usage example\n\n```yaml\nname: CI\non:\n  push:\n  workflow_dispatch:\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v6\n      - uses: fwilhe2/setup-kotlin@main\n      - run: kotlinc myProgram.kt -include-runtime -d /tmp/hello.jar; java -jar /tmp/hello.jar\n      - run: kotlin myScript.main.kts\n```\n\n### Kotlin/Native\n\nYou can also build os-native binaries using `kotlinc-native` as in this example:\n\n```yaml\njobs:\n  build:\n    runs-on: ${{ matrix.os }}\n    strategy:\n      matrix:\n        os: [ ubuntu-latest, windows-latest, macos-latest ]\n    steps:\n      - uses: actions/checkout@v6\n      - uses: fwilhe2/setup-kotlin@main\n        with:\n          install-native: true\n      - run: kotlinc-native foo.kt\n      - run: ./program.exe\n        if: ${{ matrix.os == 'windows-latest' }}\n      - run: ./program.kexe\n        if: ${{ matrix.os != 'windows-latest' }}\n```\n\n## Running a script inline\n\nIf you provide a string-argument `script`, the action will execute it via [`kotlin-main-kts` script definition jar](https://github.com/Kotlin/kotlin-script-examples/blob/master/jvm/main-kts/MainKts.md), see this example:\n\n```yaml\n    - uses: fwilhe2/setup-kotlin@main\n      with:\n        script: |\n            #!/usr/bin/env kotlin\n            //more kotlin script code here\n```\n\n### Using `kotlin` as a shell\n\n Starting with version [`1.4.30`](https://github.com/JetBrains/kotlin/releases/tag/v1.4.30), you can configure `kotlin` as a shell in Actions like in this example:\n```yaml\n      - uses: fwilhe2/setup-kotlin@main\n        with:\n          version: 2.3.0\n\n      - run: |\n            java.io.File(\".\").listFiles().forEach {it -\u003e println(it.getName().toString())}\n        shell: kotlin -howtorun .main.kts {0}\n```\n\nSee https://youtrack.jetbrains.com/issue/KT-43534 and https://github.com/actions/runner/issues/813 for more details.\n\n## Disclaimer\n\nThis software is not affiliated with or endorsed by the owner of the [Kotlin trademark](https://kotlinlang.org/foundation/guidelines.html).\nThe name is used to describe what this software does.\n\n## License\n\nThis software is released under the MIT License (MIT), see [LICENSE](./LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffwilhe2%2Fsetup-kotlin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffwilhe2%2Fsetup-kotlin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffwilhe2%2Fsetup-kotlin/lists"}