{"id":14985963,"url":"https://github.com/graalvm/setup-graalvm","last_synced_at":"2026-01-28T11:18:01.913Z","repository":{"id":43259466,"uuid":"443997241","full_name":"graalvm/setup-graalvm","owner":"graalvm","description":"Set up your GitHub Actions workflow with a specific GraalVM distribution.","archived":false,"fork":false,"pushed_at":"2025-11-26T10:19:35.000Z","size":8530,"stargazers_count":211,"open_issues_count":6,"forks_count":35,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-11-29T09:17:15.954Z","etag":null,"topics":["action","actions","github","github-action","github-actions","graalvm","native-image","polyglot","truffle"],"latest_commit_sha":null,"homepage":"https://www.graalvm.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"upl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/graalvm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-01-03T08:57:53.000Z","updated_at":"2025-11-26T10:18:03.000Z","dependencies_parsed_at":"2024-03-27T09:25:15.107Z","dependency_job_id":"de58d992-1f42-43b8-9e8c-37be4a3aa013","html_url":"https://github.com/graalvm/setup-graalvm","commit_stats":{"total_commits":207,"total_committers":7,"mean_commits":"29.571428571428573","dds":"0.12560386473429952","last_synced_commit":"557ffcf459751b4d92319ee255bf3bec9b73964c"},"previous_names":[],"tags_count":56,"template":false,"template_full_name":null,"purl":"pkg:github/graalvm/setup-graalvm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graalvm%2Fsetup-graalvm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graalvm%2Fsetup-graalvm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graalvm%2Fsetup-graalvm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graalvm%2Fsetup-graalvm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/graalvm","download_url":"https://codeload.github.com/graalvm/setup-graalvm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graalvm%2Fsetup-graalvm/sbom","scorecard":{"id":442969,"data":{"date":"2025-08-11","repo":{"name":"github.com/graalvm/setup-graalvm","commit":"f6fd5af00f4fef05d872bdc17028b846210d1294"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.9,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"19 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:332","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:355","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:378","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:402","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:458","Info: topLevel 'contents' permission set to 'read': .github/workflows/check-dist.yml:25","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:13"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Universal Permissive License v1.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:358: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:381: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:335: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:405: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:466: update your workflow using https://app.stepsecurity.io/secureworkflow/graalvm/setup-graalvm/ci.yml/main?enable=pin","Info:   0 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T05:58:23.629Z","repository_id":43259466,"created_at":"2025-08-19T05:58:23.629Z","updated_at":"2025-08-19T05:58:23.629Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28844929,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T10:53:21.605Z","status":"ssl_error","status_checked_at":"2026-01-28T10:53:20.789Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","actions","github","github-action","github-actions","graalvm","native-image","polyglot","truffle"],"created_at":"2024-09-24T14:12:02.941Z","updated_at":"2026-01-28T11:18:01.907Z","avatar_url":"https://github.com/graalvm.png","language":"TypeScript","readme":"# GitHub Action for GraalVM [![CI](https://github.com/graalvm/setup-graalvm/actions/workflows/ci.yml/badge.svg)](https://github.com/graalvm/setup-graalvm/actions/workflows/ci.yml)\n\nSet up your GitHub Actions workflow with a specific [GraalVM][graalvm] distribution, and use it both as your JDK and for [ahead-of-time Native Image compilation][graalvm].\n\n\n## Key Features\n\nThis action:\n\n- supports Oracle GraalVM [releases][graalvm-dl], [EA builds][ea-builds], GraalVM Community Edition (CE) [releases], [dev builds][dev-builds], GraalVM Enterprise Edition (EE) [releases][graalvm-ee] (set [`gds-token`](#options)) 22.1.0 and later, [Mandrel][mandrel], and [Liberica Native Image Kit][liberica] (see [Options](#options))\n- exports a `$GRAALVM_HOME` environment variable\n- adds `$GRAALVM_HOME/bin` to the `$PATH` environment variable\u003cbr\u003e(`native-image`, `javac`, and other JDK tools can be invoked directly)\n- sets `$JAVA_HOME` to `$GRAALVM_HOME` by default\u003cbr\u003e(can be disabled via `set-java-home: 'false'`, see [Options](#options))\n- supports `x64` and `aarch64/arm64` (see how to use [Linux arm64 runners](https://github.blog/changelog/2025-01-16-linux-arm64-hosted-runners-now-available-for-free-in-public-repositories-public-preview/))\n- supports dependency caching for Apache Maven, Gradle, and sbt (see [`cache` option](#options))\n\n\n## Templates\n\n### Quickstart Template\n\n```yml\nname: GraalVM build\non: [push, pull_request]\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: graalvm/setup-graalvm@v1\n        with:\n          java-version: '25'      # See 'Options' for more details\n          distribution: 'graalvm' # See 'Supported distributions' for available options\n          github-token: ${{ secrets.GITHUB_TOKEN }}\n      - name: Example step\n        run: |\n          echo \"GRAALVM_HOME: $GRAALVM_HOME\"\n          echo \"JAVA_HOME: $JAVA_HOME\"\n          java --version\n          native-image --version\n      - name: Example step using Maven plugin  # https://graalvm.github.io/native-build-tools/latest/maven-plugin.html\n        run: mvn -Pnative package\n      - name: Example step using Gradle plugin # https://graalvm.github.io/native-build-tools/latest/gradle-plugin.html\n        run: gradlew nativeCompile\n```\n\n### Building a HelloWorld with GraalVM Native Image on Different Platforms\n\n```yml\nname: GraalVM Native Image builds\non: [push, pull_request]\njobs:\n  build:\n    name: HelloWorld on ${{ matrix.os }}\n    runs-on: ${{ matrix.os }}\n    strategy:\n      matrix:\n        os: [macos-latest, windows-latest, ubuntu-latest]\n    steps:\n      - uses: actions/checkout@v4\n\n      - uses: graalvm/setup-graalvm@v1\n        with:\n          java-version: '25'\n          distribution: 'graalvm'\n          github-token: ${{ secrets.GITHUB_TOKEN }}\n          native-image-job-reports: 'true'\n\n      - name: Build and run HelloWorld.java\n        run: |\n          echo 'public class HelloWorld { public static void main(String[] args) { System.out.println(\"Hello, World!\"); } }' \u003e HelloWorld.java\n          javac HelloWorld.java\n          native-image HelloWorld\n          ./helloworld\n      \n      - name: Upload binary\n        uses: actions/upload-artifact@v4\n        with:\n          name: helloworld-${{ matrix.os }}\n          path: helloworld*\n```\n\n### Template for Oracle GraalVM Early Access (EA) builds\n\n```yml\nname: Oracle GraalVM Early Access build\non: [push, pull_request]\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: graalvm/setup-graalvm@v1\n        with:\n          java-version: '25e1-ea' # or 'latest-ea' for the latest Java version available\n          distribution: 'graalvm'\n          github-token: ${{ secrets.GITHUB_TOKEN }}\n```\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003ch4\u003eTemplate for Oracle GraalVM via GraalVM Download Service\u003c/h4\u003e\u003c/summary\u003e\n\n#### Prerequisites\n\n1. Obtain a token for the GraalVM Download Service. For this, replace `your@email.com` with your email address and run the following `curl` command:\n\n    ```bash\n    curl -sS -X POST \"https://gds.oracle.com/api/20220101/licenseAcceptance\" \\\n      -H \"Content-Type: application/json\" \\\n      -d \"{ \\\"email\\\": \\\"your@email.com\\\", \\\"licenseId\\\": \\\"D53FA58D12817B3CE0530F15000A74CA\\\", \\\"type\\\": \\\"GENERATE_TOKEN_AND_ACCEPT_LICENSE\\\"}\"\n    ```\n\n    The response should look like this:\n\n    ```json\n    {\"token\":\"\u003cyour-token\u003e\",\"status\":\"UNVERIFIED\"}\n    ```\n\n2. Store the value of `\u003cyour-token\u003e` as a [GitHub Action secret][gha-secrets]. For the following template, we use the name `GDS_TOKEN`.\n3. Check your emails and accept the license to activate the token.\n4. Use `java-version: '17'` (or a specific version such as `17.0.13`) and provide the `GDS_TOKEN` as shown in the following template:\n\n    ```yml\n    name: Build with Oracle GraalVM for JDK 17 via GDS\n    on: [push, pull_request]\n    jobs:\n      build:\n        runs-on: ubuntu-latest\n        steps:\n          - uses: actions/checkout@v4\n          - uses: graalvm/setup-graalvm@v1\n            with:\n              distribution: 'graalvm'\n              java-version: '17'\n              gds-token: ${{ secrets.GDS_TOKEN }}\n              github-token: ${{ secrets.GITHUB_TOKEN }}\n          - name: Example step\n            run: |\n              java --version\n              native-image --version\n    ```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003ch4\u003eTemplate for GraalVM Enterprise Edition\u003c/h4\u003e\u003c/summary\u003e\n\n#### Prerequisites\n\n1. Download the version of [GraalVM Enterprise Edition (EE)][graalvm-ee] you want to run on GitHub Actions.\n2. Use the [GraalVM Updater][gu] to install the GraalVM components you need on GitHub Actions and accept the corresponding licenses.\n3. Run `$GRAALVM_HOME/bin/gu --show-ee-token` to display your token for the GraalVM Download Service.\n4. Store this token as a [GitHub Action secret][gha-secrets]. In the following template, we use the name `GDS_TOKEN`:\n\n    ```yml\n    name: GraalVM Enterprise Edition build\n    on: [push, pull_request]\n    jobs:\n      build:\n        runs-on: ubuntu-latest\n        steps:\n          - uses: actions/checkout@v4\n          - uses: graalvm/setup-graalvm@v1\n            with:\n              version: '22.3.0'\n              gds-token: ${{ secrets.GDS_TOKEN }}\n              java-version: '17'\n              components: 'native-image'\n              github-token: ${{ secrets.GITHUB_TOKEN }}\n          - name: Example step\n            run: |\n              java --version\n              native-image --version\n    ```\n\n\u003c/details\u003e\n\n\n## Supported distributions\n\nCurrently, the following distributions are supported:\n\n| Keyword | Distribution | Official site | License |\n|-|-|-|-|\n| `graalvm` | Oracle GraalVM | [Link](https://www.graalvm.org/) | [Link](https://www.oracle.com/downloads/licenses/graal-free-license.html) |\n| `graalvm-community` | GraalVM Community Edition | [Link](https://www.graalvm.org/) | [Link](https://github.com/oracle/graal/blob/master/LICENSE) |\n| `mandrel` | Mandrel | [Link](https://github.com/graalvm/mandrel) | [Link](https://github.com/graalvm/mandrel/blob/default/LICENSE) |\n| `liberica` | Liberica NIK | [Link](https://bell-sw.com/liberica-native-image-kit/) | [Link](https://bell-sw.com/liberica_nik_eula/) |\n\n\n## Options\n\nThis actions can be configured with the following options:\n\n| Name            | Default  | Description |\n|-----------------|:--------:|-------------|\n| `java-version`\u003cbr\u003e*(required)* | n/a | Java version \u003cul\u003e\u003cli\u003emajor versions: `'25'`, `'21'`, `'17'`, `'11'`, `'8'`\u003c/li\u003e\u003cli\u003especific versions: `'21.0.3'`, `'17.0.11'`\u003c/li\u003e\u003cli\u003eearly access (EA) builds: `'25e1-ea'` *(requires `distribution: 'graalvm'`)*\u003c/li\u003e\u003cli\u003elatest EA build: `'latest-ea'` *(requires `distribution: 'graalvm'`)*\u003c/li\u003e\u003cli\u003edev builds: `'dev'` *(requires `distribution: 'graalvm-community'`)*\u003c/li\u003e\u003c/ul\u003e |\n| `distribution`  | `'graalvm'` | GraalVM distribution (see [supported distributions](#supported-distributions)) |\n| `java-package`  | `'jdk'` | The package type (`'jdk'` or `'jdk+fx'`). Currently applies to Liberica only. |\n| `github-token`  | `'${{ github.token }}'` | Token for communication with the GitHub API. Please set this to `${{ secrets.GITHUB_TOKEN }}` (see [templates](#templates)) to allow the action to authenticate with the GitHub API, which helps reduce rate-limiting issues. |\n| `set-java-home` | `'true'` | If set to `'true'`, instructs the action to set `$JAVA_HOME` to the path of the GraalVM installation. Overrides any previous action or command that sets `$JAVA_HOME`. |\n| `cache`         | `''`     | Name of the build platform to cache dependencies. Turned off by default (`''`). It can also be `'maven'`, `'gradle'`, or `'sbt'` and works the same way as described in [actions/setup-java][setup-java-caching]. |\n| `check-for-updates` | `'true'`  | [Annotate jobs][gha-annotations] with update notifications, for example when a new GraalVM release is available. |\n| `native-image-musl` | `'false'` | If set to `'true'`, sets up [musl] to build [static binaries][native-image-static] with GraalVM Native Image *(Linux only)*. [Example usage][native-image-musl-build] (be sure to replace `uses: ./` with `uses: graalvm/setup-graalvm@v1`). |\n| `native-image-job-reports` *) | `'false'` | If set to `'true'`, post a job summary containing a Native Image build report. |\n| `native-image-pr-reports`  *) | `'false'` | If set to `'true'`, post a comment containing a Native Image build report on pull requests. Requires `write` permissions for the [`pull-requests` scope][gha-permissions]. |\n| `native-image-pr-reports-update-existing` *) | `'false'` | Instead of posting another comment, update an existing PR comment with the latest Native Image build report. Requires `native-image-pr-reports` to be `true`. |\n| `native-image-enable-sbom` | `'false'` | If set to `'true'`, generate a minimal SBOM based on the Native Image static analysis and submit it to GitHub's dependency submission API. This enables the [dependency graph feature](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) for dependency tracking and vulnerability analysis. Requires `write` permissions for the [`contents` scope][gha-permissions] and the dependency graph to be actived (on by default for public repositories - see [how to activate](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph#enabling-and-disabling-the-dependency-graph-for-a-private-repository)). Only available in Oracle GraalVM for JDK 24 or later. |\n| `components`    | `''`     | Comma-separated list of GraalVM components (e.g., `native-image` or `ruby,nodejs`) that will be installed by the [GraalVM Updater][gu]. |\n| `version` | `''` | `X.Y.Z` (e.g., `22.3.0`) for a specific [GraalVM release][releases] up to `22.3.2`\u003cbr\u003e`mandrel-X.Y.Z.W` or `X.Y.Z.W-Final` (e.g., `mandrel-21.3.0.0-Final` or `21.3.0.0-Final`) for a specific [Mandrel release][mandrel-releases],\u003cbr\u003e`mandrel-latest` or `latest` for the latest Mandrel stable release. |\n| `gds-token`     | `''`     Download token for the GraalVM Download Service. If a non-empty token is provided, the action will set up Oracle GraalVM (see [Oracle GraalVM via GDS template](#template-for-oracle-graalvm-via-graalvm-download-service)) or GraalVM Enterprise Edition (see [GraalVM EE template](#template-for-graalvm-enterprise-edition)) via GDS. |\n\n**) Make sure that Native Image is used only once per build job. Otherwise, the report is only generated for the last Native Image build.*\n\n\n## Notes on Oracle GraalVM for JDK 17\n\nGraalVM for JDK 17.0.12 is the [last release of Oracle GraalVM for JDK 17 under the GFTC](https://blogs.oracle.com/java/post/jdk-17-approaches-endofpermissive-license).\nUpdates after September 2024 will be licensed under the [GraalVM OTN License Including License for Early Adopter Versions](https://www.oracle.com/downloads/licenses/graalvm-otn-license.html) (GOTN) and production use beyond the limited free grants of the GraalVM OTN license will require a fee.\n\nAs a user of `setup-graalvm`, you have the following options:\n\n- *Recommended*: Upgrade to Oracle GraalVM for JDK 21 or later to receive new updates.\n- *Not recommended*: Instead of `java-version: '17'`, use `java-version: '17.0.12'` in your workflow to keep using the last release under GFTC. This will also disable the warning. Note that switching to GraalVM Community Edition or other GraalVM distributions might provide you with even older releases of GraalVM.\n- Provide a `gds-token` to access Oracle GraalVM for JDK 17 under GOTN (see [Oracle GraalVM via GDS template](#template-for-oracle-graalvm-via-graalvm-download-service)).\n\n\n## Migrating from GraalVM 22.3 or Earlier to the New GraalVM for JDK 17 and Later\n\nThe [GraalVM for JDK 17 and JDK 20 release](https://medium.com/graalvm/a-new-graalvm-release-and-new-free-license-4aab483692f5) aligns the GraalVM version scheme with OpenJDK.\nAs a result, this action no longer requires the `version` option to select a specific GraalVM version.\nAt the same time, it introduces a new `distribution` option to select a specific GraalVM distribution (`graalvm`, `graalvm-community`, or `mandrel`).\nTherefore, to migrate your workflow to use the latest GraalVM release, replace the `version` with the `distribution` option in the workflow `yml` config, for example:\n\n```yml\n# ...\n- uses: graalvm/setup-graalvm@v1\n  with:\n    java-version: '17'\n    version: '22.3.2' # Old 'version' option for the GraalVM version\n    # ...\n```\n\ncan be replaced with:\n\n```yml\n# ...\n- uses: graalvm/setup-graalvm@v1\n  with:\n    java-version: '17.0.12' # for a specific JDK 17; or '17' for the latest JDK 17\n    distribution: 'graalvm' # New 'distribution' option\n    # ...\n```\n\n\n## Contributing\n\nWe welcome code contributions. To get started, you will need to sign the [Oracle Contributor Agreement][oca] (OCA).\n\nOnly pull requests from committers that can be verified as having signed the OCA can be accepted.\n\n\n[dev-build]: https://github.com/graalvm/graalvm-ce-dev-builds/releases/latest\n[dev-builds]: https://github.com/graalvm/graalvm-ce-dev-builds\n[ea-builds]: https://github.com/graalvm/oracle-graalvm-ea-builds\n[gftc]: https://www.oracle.com/downloads/licenses/graal-free-license.html\n[gha-annotations]: https://github.com/actions/toolkit/tree/main/packages/core#annotations\n[gha-permissions]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions\n[gha-secrets]: https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository\n[gha-self-hosted-runners]: https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners\n[gu]: https://www.graalvm.org/reference-manual/graalvm-updater/\n[graalvm]: https://www.graalvm.org/\n[graalvm-dl]: https://www.graalvm.org/downloads/\n[graalvm-ee]: https://www.oracle.com/downloads/graalvm-downloads.html\n[liberica]: https://bell-sw.com/liberica-native-image-kit/\n[mandrel]: https://github.com/graalvm/mandrel\n[mandrel-releases]: https://github.com/graalvm/mandrel/releases\n[mandrel-stable]: https://github.com/graalvm/mandrel/releases/latest\n[musl]: https://musl.libc.org/\n[native-image-musl-build]: https://github.com/graalvm/setup-graalvm/blob/778131f1d6837ccd4b2e91382c31830896a2d56e/.github/workflows/test.yml#L74-L92\n[native-image-static]: https://github.com/oracle/graal/blob/fa6f4a974dedacf4688dcc430dd100849d9882f2/docs/reference-manual/native-image/StaticImages.md\n[oca]: https://oca.opensource.oracle.com\n[releases]: https://github.com/graalvm/graalvm-ce-builds/releases\n[setup-java-caching]: https://github.com/actions/setup-java/tree/5b36705a13905facb447b6812d613a06a07e371d#caching-packages-dependencies\n[stable]: https://github.com/graalvm/graalvm-ce-builds/releases/latest\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraalvm%2Fsetup-graalvm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgraalvm%2Fsetup-graalvm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraalvm%2Fsetup-graalvm/lists"}