General Maintenance / JDK 22 (#354)

chore: general maintenance - chore: add bindist mappings for jdk 22 (ce + oracle) - chore: add version considerations for sdk `24.x.x` - chore: add `genhash` script for generating a quick dist hash - test: add integration test for ce on jdk22 - test: add integration test for oracle gvm on jdk22 - test: add new integration tests to ci - chore: cleanup older python-based version-gen script - chore: update ci actions - chore: apply ci hardening - chore(deps): update bzlmod lock after `apple_support` update - chore(deps): lock file maintenance - chore(deps): bump org.graalvm.compiler:compiler from 23.1.2 to 24.0.0 - chore(deps): bump org.graalvm.nativeimage:svm from 23.1.2 to 24.0.0 - chore(deps): bump org.graalvm.polyglot:polyglot from 23.1.2 to 24.0.0 - chore(deps): bump org.graalvm.sdk:graal-sdk from 23.1.2 to 24.0.0 - chore(deps): bump org.graalvm.nativeimage:native-image-base - chore(deps): update all npm deps Bumps [org.graalvm.compiler:compiler](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) Bumps [org.graalvm.nativeimage:svm](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) Bumps [org.graalvm.polyglot:polyglot](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) Bumps [org.graalvm.sdk:graal-sdk](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) Bumps [org.graalvm.nativeimage:native-image-base](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) --- updated-dependencies: - dependency-name: org.graalvm.compiler:compiler dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.graalvm.nativeimage:svm dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.graalvm.polyglot:polyglot dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.graalvm.sdk:graal-sdk dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.graalvm.nativeimage:native-image-base dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.ventures>
sgammon · Apr 3, 2024 · aab9189 · aab9189
1 parent 024d4e3
commit aab9189
Show file tree

Hide file tree

Showing 65 changed files with 3,184 additions and 3,703 deletions.
diff --git a/.bazelproject b/.bazelproject
@@ -20,9 +20,7 @@ targets:
 
 test_sources:
  tests/*
- tools/scripts/mapping_generator_tests/*
 
 additional_languages:
  java
  javascript
- python
diff --git a/.github/workflows/check.buildifier.yml b/.github/workflows/check.buildifier.yml
@@ -34,7 +34,7 @@ jobs:
  continue-on-error: true
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
  egress-policy: audit
  - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

diff --git a/.github/workflows/check.codeql.yml b/.github/workflows/check.codeql.yml
@@ -40,7 +40,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
  egress-policy: audit
  - name: Checkout repository

diff --git a/.github/workflows/check.lint-yaml.yml b/.github/workflows/check.lint-yaml.yml
@@ -38,7 +38,7 @@ jobs:
  ## Task: Lint workflows via Actionlint
  lint-workflows:
  name: "Lint: Workflows"
- uses: elide-dev/build-infra/.github/workflows/check.actions-lint.ci.yml@c54d8227f4bd37839a67ab9cb71fb59a0d197aee
+ uses: elide-dev/build-infra/.github/workflows/check.actions-lint.ci.yml@ae4a1343b5e45ea1e2133f0105863058a1d0527c
  permissions:
  checks: write
  pull-requests: read
@@ -56,9 +56,12 @@ jobs:
  pull-requests: "read"
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
- egress-policy: audit
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ github.com:443
  - name: "Setup: Checkout"
  uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
  - name: "Lint: YAML"
@@ -80,9 +83,12 @@ jobs:
  pull-requests: "read"
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
- egress-policy: audit
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ github.com:443
  - name: "Setup: Checkout"
  uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
  - name: "Lint: YAML"

diff --git a/.github/workflows/check.scorecards.yml b/.github/workflows/check.scorecards.yml
@@ -20,7 +20,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
  egress-policy: audit
  - name: "Checkout code"

diff --git a/.github/workflows/deploy.docs.yml b/.github/workflows/deploy.docs.yml
@@ -29,7 +29,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
  egress-policy: audit
  - name: "Setup: Checkout"
@@ -55,7 +55,7 @@ jobs:
  continue-on-error: true
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
  egress-policy: audit
  - name: "Deploy: GitHub Pages"

diff --git a/.github/workflows/module.build.yml b/.github/workflows/module.build.yml
@@ -122,16 +122,28 @@ jobs:
  continue-on-error: ${{ inputs.labs }}
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
- egress-policy: audit
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ api.github.com:443
+ bazel.less.build:443
+ bcr.bazel.build:443
+ github.com:443
+ github.com:80
+ global.less.build:443
+ mirror.bazel.build:443
+ objects.githubusercontent.com:443
+ releases.bazel.build:443
+ remote.buildbuddy.io:443
  - name: "Setup: Checkout"
  uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
  - name: "Setup: msbuild"
  uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
  if: ${{ contains(inputs.runner, 'windows') }}
  - name: "Setup: Bazel"
- uses: bazelbuild/setup-bazelisk@95c9bf48d0c570bb3e28e57108f3450cd67c1a44 # v2.0.0
+ uses: bazel-contrib/setup-bazel@b388b84bb637e50cdae241d0f255670d4bd79f29 # 0.8.1
  - name: "Setup: Cache"
  uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
  with:
@@ -318,6 +330,14 @@ jobs:
  labs: false
  skip: false
 
+ # Test: GVM CE 22
+ - label: GraalVM CE 22
+ target: sample
+ action: build
+ directory: "./example/integration_tests/graalvm-ce-22"
+ labs: false
+ skip: false
+
  # Test: Oracle GVM 17
  - label: Oracle GraalVM 17
  target: sample
@@ -342,18 +362,44 @@ jobs:
  labs: false
  skip: false
 
+ # Test: Oracle GVM 22
+ - label: Oracle GraalVM 22
+ target: sample
+ action: build
+ directory: "./example/integration_tests/graalvm-oracle-22"
+ labs: false
+ skip: false
+
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
- egress-policy: audit
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ api.github.com:443
+ bazel.less.build:443
+ bcr.bazel.build:443
+ github.com:443
+ github.com:80
+ global.less.build:443
+ mirror.bazel.build:443
+ objects.githubusercontent.com:443
+ releases.bazel.build:443
+ download.oracle.com:443
+ gds.oracle.com:443
+ remote.buildbuddy.io:443
+ objectstorage.*.oraclecloud.com:443
+ www.graalvm.org:443
+ repo1.maven.org:443
+ maven.pkg.st:443
  - name: "Setup: Checkout"
  uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
  - name: "Setup: msbuild"
  uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
  if: ${{ contains(inputs.runner, 'windows') }}
  - name: "Setup: Bazel"
- uses: bazelbuild/setup-bazelisk@95c9bf48d0c570bb3e28e57108f3450cd67c1a44 # v2.0.0
+ uses: bazel-contrib/setup-bazel@b388b84bb637e50cdae241d0f255670d4bd79f29 # 0.8.1
  - name: "Configure: Bazel Version"
  shell: bash
  if: matrix.skip != true && inputs.bazel_version != '' && inputs.bazel_config != ''

diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml
@@ -32,7 +32,7 @@ jobs:
  contents: write
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
  egress-policy: audit
  - name: "Setup: Checkout"
@@ -50,7 +50,7 @@ jobs:
  pull-requests: write
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
  egress-policy: audit
  - name: "Checkout Repository"

diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml
@@ -30,7 +30,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
  with:
  egress-policy: audit
  - name: "Setup: Checkout"

diff --git a/MODULE.bazel b/MODULE.bazel
@@ -60,11 +60,6 @@ bazel_dep(
  version = "0.0.9",
  dev_dependency = True,
 )
-bazel_dep(
- name = "rules_python",
- version = "0.25.0",
- dev_dependency = True,
-)
 bazel_dep(
  name = "rules_testing",
  version = "0.4.0",
@@ -146,9 +141,8 @@ MAVEN_ARTIFACTS = [
 ]
 
 MAVEN_REPOSITORIES = [
- "https://maven.pkg.st",
- "https://maven.google.com",
  "https://repo1.maven.org/maven2",
+ "https://maven.google.com",
 ]
 
 maven = use_extension(