Updated Microsoft distribution to always be aware of up-to-date list of available jdk versions#1071
Updated Microsoft distribution to always be aware of up-to-date list of available jdk versions#1071jmjaffe37 wants to merge 5 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request updates the Microsoft distribution’s “available versions” manifest source so setup-java no longer relies on an in-repo JSON file that can become stale, and instead pulls the manifest from a Microsoft-owned repository intended to stay current automatically.
Changes:
- Removed the large, static
microsoft-openjdk-versions.jsonmanifest from this repository. - Updated the Microsoft distribution installer to fetch
general_info/microsoft-openjdk-versions.jsonfrommicrosoft/openjdk-adoptium-marketplace-data. - Updated the compiled
dist/setup/index.jsoutput to reflect the new manifest source.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/distributions/microsoft/microsoft-openjdk-versions.json | Removes the in-repo Microsoft OpenJDK version manifest. |
| src/distributions/microsoft/installer.ts | Switches manifest fetching to the Microsoft-owned repo/path. |
| dist/setup/index.js | Updates the built distribution bundle to match the source change. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const owner = 'microsoft'; | ||
| const repository = 'openjdk-adoptium-marketplace-data'; | ||
| const branch = 'main'; | ||
| const filePath = | ||
| 'src/distributions/microsoft/microsoft-openjdk-versions.json'; | ||
|
|
||
| const filePath = 'general_info/microsoft-openjdk-versions.json'; | ||
| let releases: tc.IToolRelease[] | null = null; |
| let releases: tc.IToolRelease[] | null = null; | ||
| const fileUrl = `https://api.github.com/repos/${owner}/${repository}/contents/${filePath}?ref=${branch}`; | ||
|
|
There was a problem hiding this comment.
Yeah this one is likely a blocker, you'll get rate limited almost immediately. My initial thought is that we should upload this JSON file to the Visual Studio CDN as part of our release process and then update the link to it using aka.ms? WDYT @jmjaffe37?
There was a problem hiding this comment.
Might also be worth talking to @dagood about this one @jmjaffe37 as we'd been talking about doing something similar for the Microsoft build of Go.
There was a problem hiding this comment.
Yeah, we currently upload a branch-specific metadata file along with the artifacts to the VS CDN ("asset manifest (json)" row) and update a bunch of aka.ms URLs to point to it so you can get the latest build of a given branch, but we don't yet put our "which branches are actively supported" json on a CDN, and therefore we don't use it from places like this yet. (https://github.com/microsoft/go-lab/issues/201)
We do, though, for the pwsh install script in particular, use the GitHub raw endpoint if the user directs the script to do so. It downloads it through an aka.ms link that we can point to a better file later: https://github.com/microsoft/go-infra/blob/ab7545d931d0cc24e4bc8fc707fe31000826517d/goinstallscript/powershell/go-install.ps1#L293
If you need a live-updated JSON that encompasses all Java branches right away, raw might be a way around it, but I'm not familiar with how production-ready it's considered nowadays.
(All of our CDN publishes happen from branch-specific pipeline runs for now, so we don't have a trivial way to toss a combined JSON file up on a CDN yet. No clue which parts of our path towards a good CDN-based approach are easy/hard/already-done for the Java infra. 😄)
There was a problem hiding this comment.
There was a problem hiding this comment.
Tbh for this use-case I'm probably okay with this. @dagood maybe we should just take the same approach for go?
There was a problem hiding this comment.
.NET eventually moved away from this approach (a handful of years ago), so for me, at first glance, no, we shouldn't. 😄 It needs more investigation to be used in production IMO at the very least.
I asked Opus for some more info and it seems worse than I thought, in fact:
Should you depend on raw.githubusercontent.com for production or CI/CD?
Short answer: No. raw.githubusercontent.com is a convenience endpoint for viewing/fetching files interactively, not a supported content-delivery or distribution endpoint. GitHub itself now steers unauthenticated automated traffic away from it, and many large projects (including .NET) have migrated release metadata and install scripts to their own CDNs.
More details: https://gist.github.com/dagood/0532accee626f3c5219664da283f4c8c
There was a problem hiding this comment.
https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/ in particular alludes to raw being subject to rate limits, although not clear about it. E.g. maybe not the same limit as APIs.
gdams
left a comment
There was a problem hiding this comment.
blocking until #1071 (comment) is resolved.
|
I discovered a small bug: there is a mislabeled test. A test labeled Link to proof in run logs: https://github.com/actions/setup-java/actions/runs/28541053114/job/84615774435?pr=1071#step:1:16 Edit: created gh issue -- #1072 |
Description:
Previously, the Microsoft distribution pointed at a json within this repo that has been outdated for a while now. This update now points the install script at a json in a Microsoft owned repo. This new json has automation in place to be updated automatically, so all future releases of
setup-javawill always have an up-to-date list of MS OpenJDK builds without need for updated setup-java versions :)Related issue:
Add link to the related issue.
Check list:
npm run checklocally (format, lint, build, test) and all checks pass.