General Maintenance / JDK 22 (#354)

chore: general maintenance - chore: add bindist mappings for jdk 22 (ce + oracle) - chore: add version considerations for sdk `24.x.x` - chore: add `genhash` script for generating a quick dist hash - test: add integration test for ce on jdk22 - test: add integration test for oracle gvm on jdk22 - test: add new integration tests to ci - chore: cleanup older python-based version-gen script - chore: update ci actions - chore: apply ci hardening - chore(deps): update bzlmod lock after `apple_support` update - chore(deps): lock file maintenance - chore(deps): bump org.graalvm.compiler:compiler from 23.1.2 to 24.0.0 - chore(deps): bump org.graalvm.nativeimage:svm from 23.1.2 to 24.0.0 - chore(deps): bump org.graalvm.polyglot:polyglot from 23.1.2 to 24.0.0 - chore(deps): bump org.graalvm.sdk:graal-sdk from 23.1.2 to 24.0.0 - chore(deps): bump org.graalvm.nativeimage:native-image-base - chore(deps): update all npm deps Bumps [org.graalvm.compiler:compiler](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) Bumps [org.graalvm.nativeimage:svm](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) Bumps [org.graalvm.polyglot:polyglot](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) Bumps [org.graalvm.sdk:graal-sdk](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) Bumps [org.graalvm.nativeimage:native-image-base](https://github.com/oracle/graal) from 23.1.2 to 24.0.0. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-23.1.2...vm-24.0.0) --- updated-dependencies: - dependency-name: org.graalvm.compiler:compiler dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.graalvm.nativeimage:svm dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.graalvm.polyglot:polyglot dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.graalvm.sdk:graal-sdk dependency-type: direct:production update-type: version-update:semver-major - dependency-name: org.graalvm.nativeimage:native-image-base dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.ventures>
sgammon · Apr 3, 2024 · aab9189 · aab9189
1 parent 024d4e3
commit aab9189
Show file tree

Hide file tree

Showing 65 changed files with 3,184 additions and 3,703 deletions.
diff --git a/.bazelproject b/.bazelproject
@@ -20,9 +20,7 @@ targets:
 
 test_sources:
   tests/*
-  tools/scripts/mapping_generator_tests/*
 
 additional_languages:
   java
   javascript
-  python
diff --git a/.github/workflows/check.buildifier.yml b/.github/workflows/check.buildifier.yml
@@ -34,7 +34,7 @@ jobs:
     continue-on-error: true
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

diff --git a/.github/workflows/check.codeql.yml b/.github/workflows/check.codeql.yml
@@ -40,7 +40,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: Checkout repository

diff --git a/.github/workflows/check.lint-yaml.yml b/.github/workflows/check.lint-yaml.yml
@@ -38,7 +38,7 @@ jobs:
   ## Task: Lint workflows via Actionlint
   lint-workflows:
     name: "Lint: Workflows"
-    uses: elide-dev/build-infra/.github/workflows/check.actions-lint.ci.yml@c54d8227f4bd37839a67ab9cb71fb59a0d197aee
+    uses: elide-dev/build-infra/.github/workflows/check.actions-lint.ci.yml@ae4a1343b5e45ea1e2133f0105863058a1d0527c
     permissions:
       checks: write
       pull-requests: read
@@ -56,9 +56,12 @@ jobs:
       pull-requests: "read"
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
       - name: "Setup: Checkout"
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - name: "Lint: YAML"
@@ -80,9 +83,12 @@ jobs:
       pull-requests: "read"
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
       - name: "Setup: Checkout"
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - name: "Lint: YAML"

diff --git a/.github/workflows/check.scorecards.yml b/.github/workflows/check.scorecards.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: "Checkout code"

diff --git a/.github/workflows/deploy.docs.yml b/.github/workflows/deploy.docs.yml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
@@ -55,7 +55,7 @@ jobs:
     continue-on-error: true
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: "Deploy: GitHub Pages"

diff --git a/.github/workflows/module.build.yml b/.github/workflows/module.build.yml
@@ -122,16 +122,28 @@ jobs:
     continue-on-error: ${{ inputs.labs }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            bazel.less.build:443
+            bcr.bazel.build:443
+            github.com:443
+            github.com:80
+            global.less.build:443
+            mirror.bazel.build:443
+            objects.githubusercontent.com:443
+            releases.bazel.build:443
+            remote.buildbuddy.io:443
       - name: "Setup: Checkout"
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - name: "Setup: msbuild"
         uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
         if: ${{ contains(inputs.runner, 'windows') }}
       - name: "Setup: Bazel"
-        uses: bazelbuild/setup-bazelisk@95c9bf48d0c570bb3e28e57108f3450cd67c1a44 # v2.0.0
+        uses: bazel-contrib/setup-bazel@b388b84bb637e50cdae241d0f255670d4bd79f29 # 0.8.1
       - name: "Setup: Cache"
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
@@ -318,6 +330,14 @@ jobs:
             labs: false
             skip: false
 
+          # Test: GVM CE 22
+          - label: GraalVM CE 22
+            target: sample
+            action: build
+            directory: "./example/integration_tests/graalvm-ce-22"
+            labs: false
+            skip: false
+
           # Test: Oracle GVM 17
           - label: Oracle GraalVM 17
             target: sample
@@ -342,18 +362,44 @@ jobs:
             labs: false
             skip: false
 
+          # Test: Oracle GVM 22
+          - label: Oracle GraalVM 22
+            target: sample
+            action: build
+            directory: "./example/integration_tests/graalvm-oracle-22"
+            labs: false
+            skip: false
+
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            bazel.less.build:443
+            bcr.bazel.build:443
+            github.com:443
+            github.com:80
+            global.less.build:443
+            mirror.bazel.build:443
+            objects.githubusercontent.com:443
+            releases.bazel.build:443
+            download.oracle.com:443
+            gds.oracle.com:443
+            remote.buildbuddy.io:443
+            objectstorage.*.oraclecloud.com:443
+            www.graalvm.org:443
+            repo1.maven.org:443
+            maven.pkg.st:443
       - name: "Setup: Checkout"
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - name: "Setup: msbuild"
         uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
         if: ${{ contains(inputs.runner, 'windows') }}
       - name: "Setup: Bazel"
-        uses: bazelbuild/setup-bazelisk@95c9bf48d0c570bb3e28e57108f3450cd67c1a44 # v2.0.0
+        uses: bazel-contrib/setup-bazel@b388b84bb637e50cdae241d0f255670d4bd79f29 # 0.8.1
       - name: "Configure: Bazel Version"
         shell: bash
         if: matrix.skip != true && inputs.bazel_version != '' && inputs.bazel_config != ''

diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml
@@ -32,7 +32,7 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: "Setup: Checkout"
@@ -50,7 +50,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: "Checkout Repository"

diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml
@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit
       - name: "Setup: Checkout"

diff --git a/MODULE.bazel b/MODULE.bazel
@@ -60,11 +60,6 @@ bazel_dep(
     version = "0.0.9",
     dev_dependency = True,
 )
-bazel_dep(
-    name = "rules_python",
-    version = "0.25.0",
-    dev_dependency = True,
-)
 bazel_dep(
     name = "rules_testing",
     version = "0.4.0",
@@ -146,9 +141,8 @@ MAVEN_ARTIFACTS = [
 ]
 
 MAVEN_REPOSITORIES = [
-    "https://maven.pkg.st",
-    "https://maven.google.com",
     "https://repo1.maven.org/maven2",
+    "https://maven.google.com",
 ]
 
 maven = use_extension(