Add production dependencies & build

* fix aarch64 urls for nightly

* rebuild js for aarch64 nightly

* test nightly on apple m1 (aarch64)

* Run on more macOS versions, and add a few comments

---------

Co-authored-by: Dilum Aluthge <dilum@aluthge.com>

.github/dependabot.yml

@@ -3,15 +3,17 @@ updates:
 - package-ecosystem: gitsubmodule
   directory: "/"
   schedule:
-    interval: daily
-  open-pull-requests-limit: 10
+    interval: monthly
+  open-pull-requests-limit: 99
 
 - package-ecosystem: 'github-actions'
   directory: '/'
   schedule:
-    interval: 'daily'
+    interval: 'monthly'
+  open-pull-requests-limit: 99
     
 - package-ecosystem: npm
   directory: "/"
   schedule:
     interval: monthly
+  open-pull-requests-limit: 99

.github/scripts/common-tests.jl

@@ -0,0 +1,11 @@
+if !occursin("hostedtoolcache", Sys.BINDIR)
+    error("the wrong julia is being used: $(Sys.BINDIR)")
+end
+if VERSION >= v"1.7.0" # pkgdir was introduced here, and before then mtime wasn't a problem so just skip
+    using Pkg
+    src = pkgdir(Pkg, "src", "Pkg.jl")
+    # mtime is when it's compressed, ctime is when the file is extracted
+    if mtime(src) >= ctime(src)
+        error("source mtime ($(mtime(src))) is not earlier than ctime ($(ctime(src)))")
+    end
+end

.github/workflows/backup.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Configure cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ${{ env.GITHUB_WORKSPACE }}
@@ -21,7 +21,7 @@ jobs:
           key: ${{ runner.os }}
 
       - name: Install the correct Python version
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 

.github/workflows/checkin.yml

@@ -12,9 +12,9 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version: 16
 

.github/workflows/codeql-analysis.yml

@@ -42,11 +42,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -57,7 +57,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -71,4 +71,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/example-builds-defaultarch.yml

@@ -23,9 +23,9 @@ jobs:
         os: [ubuntu-latest, macOS-latest, windows-latest]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         if: ${{ ! startsWith(github.ref, 'refs/heads/releases') }}
         with:
           node-version: 16
@@ -44,3 +44,5 @@ jobs:
           version: ${{ matrix.julia-version }}
       - run: julia --version
       - run: julia --compile=min -O0 -e 'import InteractiveUtils; InteractiveUtils.versioninfo()'
+      - name: "Check that the correct julia is used and that archive mtimes are maintained"
+        run: julia --startup-file=no --color=yes ./.github/scripts/common-tests.jl

.github/workflows/example-builds-nightly-defaultarch.yml

@@ -19,12 +19,19 @@ jobs:
       fail-fast: false
       matrix:
         julia-version: [nightly, 1.10-nightly]
-        os: [ubuntu-latest, macOS-latest, windows-latest]
+        os:
+          - ubuntu-latest
+          - windows-latest
+          - macos-11 # Intel
+          - macos-12 # Intel
+          - macos-13 # Intel
+          - macos-14 # Apple Silicon
+          - macos-latest # Currently Intel, but will probably point to Apple Silicon in the future
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         if: ${{ ! startsWith(github.ref, 'refs/heads/releases') }}
         with:
           node-version: 16
@@ -42,3 +49,5 @@ jobs:
           version: ${{ matrix.julia-version }}
       - run: julia --version
       - run: julia --compile=min -O0 -e 'import InteractiveUtils; InteractiveUtils.versioninfo()'
+      - name: "Check that the correct julia is used and that archive mtimes are maintained"
+        run: julia --startup-file=no --color=yes ./.github/scripts/common-tests.jl

.github/workflows/example-builds-nightly.yml

@@ -29,9 +29,9 @@ jobs:
             julia-arch: x86
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         if: ${{ ! startsWith(github.ref, 'refs/heads/releases') }}
         with:
           node-version: 16
@@ -50,3 +50,5 @@ jobs:
           arch: ${{ matrix.julia-arch }}
       - run: julia --version
       - run: julia --compile=min -O0 -e 'import InteractiveUtils; InteractiveUtils.versioninfo()'
+      - name: "Check that the correct julia is used and that archive mtimes are maintained"
+        run: julia --startup-file=no --color=yes ./.github/scripts/common-tests.jl

.github/workflows/example-builds.yml

@@ -28,9 +28,9 @@ jobs:
             julia-arch: x86
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         if: ${{ ! startsWith(github.ref, 'refs/heads/releases') }}
         with:
           node-version: 16
@@ -50,3 +50,5 @@ jobs:
           arch: ${{ matrix.julia-arch }}
       - run: julia --version
       - run: julia --compile=min -O0 -e 'import InteractiveUtils; InteractiveUtils.versioninfo()'
+      - name: "Check that the correct julia is used and that archive mtimes are maintained"
+        run: julia --startup-file=no --color=yes ./.github/scripts/common-tests.jl

.gitignore

@@ -1,3 +1,3 @@
 node_modules/
 __tests__/runner/*
-!dist/
+# dist/

README.md

@@ -89,7 +89,7 @@ steps:
 - uses: actions/checkout@v1.0.0
 - uses: julia-actions/setup-julia@v1
   with:
-    version: 1.0.4
+    version: '1.10'
 - run: julia -e 'println("Hello, World!")'
 ```
 
@@ -103,14 +103,14 @@ You can either specify specific Julia versions or version ranges. If you specify
 
 #### Examples
 
-- `1.2.0` is a valid semver version. The action will try to download exactly this version. If it's not available, the build step will fail.
-- `1.0` is a version range that will match the highest available Julia version that starts with `1.0`, e.g. `1.0.5`, excluding pre-releases.
-- `^1.3.0-rc1` is a **caret** version range that includes pre-releases of `1.3.0` starting at `rc1`. It matches all versions `≥ 1.3.0-rc1` and `< 2.0.0`.
-- `~1.3.0-rc1` is a **tilde** version range that includes pre-releases of `1.3.0` starting at `rc1`. It matches all versions `≥ 1.3.0-rc1` and `< 1.4.0`.
-- `^1.3.0-0` is a **caret** version range that includes _all_ pre-releases of `1.3.0`. It matches all versions `≥ 1.3.0-` and `< 2.0.0`.
-- `~1.3.0-0` is a **tilde** version range that includes _all_ pre-releases of `1.3.0`. It matches all versions `≥ 1.3.0-` and `< 1.4.0`.
-- `nightly` will install the latest nightly build.
-- `1.7-nightly` will install the latest nightly build for the upcoming 1.7 release. This version will only be available during certain phases of the Julia release cycle.
+- `'1.2.0'` is a valid semver version. The action will try to download exactly this version. If it's not available, the build step will fail.
+- `'1.0'` is a version range that will match the highest available Julia version that starts with `1.0`, e.g. `1.0.5`, excluding pre-releases.
+- `'^1.3.0-rc1'` is a **caret** version range that includes pre-releases of `1.3.0` starting at `rc1`. It matches all versions `≥ 1.3.0-rc1` and `< 2.0.0`.
+- `'~1.3.0-rc1'` is a **tilde** version range that includes pre-releases of `1.3.0` starting at `rc1`. It matches all versions `≥ 1.3.0-rc1` and `< 1.4.0`.
+- `'^1.3.0-0'` is a **caret** version range that includes _all_ pre-releases of `1.3.0`. It matches all versions `≥ 1.3.0-` and `< 2.0.0`.
+- `'~1.3.0-0'` is a **tilde** version range that includes _all_ pre-releases of `1.3.0`. It matches all versions `≥ 1.3.0-` and `< 1.4.0`.
+- `'nightly'` will install the latest nightly build.
+- `'1.7-nightly'` will install the latest nightly build for the upcoming 1.7 release. This version will only be available during certain phases of the Julia release cycle.
 
 Internally the action uses node's semver package to resolve version ranges. Its [documentation](https://github.com/npm/node-semver#advanced-range-syntax) contains more details on the version range syntax. You can test what version will be selected for a given input in this JavaScript [REPL](https://repl.it/@SaschaMann/setup-julia-version-logic).
 
@@ -118,7 +118,7 @@ Internally the action uses node's semver package to resolve version ranges. Its
 
 There are two methods of including pre-releases in version matching:
 
-1. Including the pre-release tag in the version itself, e.g. `^1.3.0-rc1`.
+1. Including the pre-release tag in the version itself, e.g. `'^1.3.0-rc1'`.
 2. Setting the input `include-all-prereleases` to `true`.
 
 These behave slightly differently.

dist/index.js

@@ -163,10 +163,23 @@ function getNightlyFileName(arch) {
         if (arch == 'x86') {
             throw new Error('32-bit Julia is not available on macOS');
         }
-        versionExt = '-mac64';
+        else if (arch == 'aarch64') {
+            versionExt = '-macaarch64';
+        }
+        else {
+            versionExt = '-mac64';
+        }
     }
     else if (osPlat === 'linux') {
-        versionExt = arch == 'x64' ? '-linux64' : '-linux32';
+        if (arch == 'x86') {
+            versionExt = '-linux32';
+        }
+        else if (arch == 'aarch64') {
+            versionExt = '-linux-aarch64';
+        }
+        else {
+            versionExt = '-linux64';
+        }
     }
     else {
         throw new Error(`Platform ${osPlat} is not supported`);
@@ -223,7 +236,7 @@ function getDownloadURL(fileInfo, version, arch) {
     return fileInfo.url;
 }
 exports.getDownloadURL = getDownloadURL;
-function installJulia(versionInfo, version, arch) {
+function installJulia(dest, versionInfo, version, arch) {
     return __awaiter(this, void 0, void 0, function* () {
         // Download Julia
         const fileInfo = getFileInfo(versionInfo, version, arch);
@@ -250,39 +263,38 @@ function installJulia(versionInfo, version, arch) {
         else {
             core.debug('Skipping checksum check for nightly binaries.');
         }
-        const tempInstallDir = fs.mkdtempSync(`julia-${arch}-${version}-`);
         // Install it
         switch (osPlat) {
             case 'linux':
                 // tc.extractTar doesn't support stripping components, so we have to call tar manually
-                yield exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', tempInstallDir]);
-                return tempInstallDir;
+                yield exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', dest]);
+                return dest;
             case 'win32':
                 if (fileInfo !== null && fileInfo.extension == 'exe') {
                     if (version.endsWith('nightly') || semver.gtr(version, '1.3', { includePrerelease: true })) {
                         // The installer changed in 1.4: https://github.com/JuliaLang/julia/blob/ef0c9108b12f3ae177c51037934351ffa703b0b5/NEWS.md#build-system-changes
-                        yield exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/SILENT /dir=${path.join(process.cwd(), tempInstallDir)}" -NoNewWindow -Wait`]);
+                        yield exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/SILENT /dir=${path.join(process.cwd(), dest)}" -NoNewWindow -Wait`]);
                     }
                     else {
-                        yield exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/S /D=${path.join(process.cwd(), tempInstallDir)}" -NoNewWindow -Wait`]);
+                        yield exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/S /D=${path.join(process.cwd(), dest)}" -NoNewWindow -Wait`]);
                     }
                 }
                 else {
                     // This is the more common path. Using .tar.gz is much faster
-                    yield exec.exec('powershell', ['-Command', `tar xf ${juliaDownloadPath} --strip-components=1 -C ${tempInstallDir}`]);
+                    yield exec.exec('powershell', ['-Command', `tar xf ${juliaDownloadPath} --strip-components=1 -C ${dest}`]);
                 }
-                return tempInstallDir;
+                return dest;
             case 'darwin':
                 if (fileInfo !== null && fileInfo.extension == 'dmg') {
                     core.debug(`Support for .dmg files is deprecated and may be removed in a future release`);
                     yield exec.exec('hdiutil', ['attach', juliaDownloadPath]);
-                    yield exec.exec('/bin/bash', ['-c', `cp -a /Volumes/Julia-*/Julia-*.app/Contents/Resources/julia ${tempInstallDir}`]);
-                    return path.join(tempInstallDir, 'julia');
+                    yield exec.exec('/bin/bash', ['-c', `cp -a /Volumes/Julia-*/Julia-*.app/Contents/Resources/julia ${dest}`]);
+                    return path.join(dest, 'julia');
                 }
                 else {
                     // tc.extractTar doesn't support stripping components, so we have to call tar manually
-                    yield exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', tempInstallDir]);
-                    return tempInstallDir;
+                    yield exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', dest]);
+                    return dest;
                 }
             default:
                 throw new Error(`Platform ${osPlat} is not supported`);
@@ -428,12 +440,18 @@ function run() {
             juliaPath = tc.find('julia', version, arch);
             if (!juliaPath) {
                 core.debug(`could not find Julia ${arch}/${version} in cache`);
-                const juliaInstallationPath = yield installer.installJulia(versionInfo, version, arch);
-                // Add it to cache
-                juliaPath = yield tc.cacheDir(juliaInstallationPath, 'julia', version, arch);
+                // https://github.com/julia-actions/setup-julia/pull/196
+                // we want julia to be installed with unmodified file mtimes
+                // but `tc.cacheDir` uses `cp` internally which destroys mtime
+                // and `tc` provides no API to get the tool directory alone
+                // so hack it by installing a empty directory then use the path it returns
+                // and extract the archives directly to that location
+                const emptyDir = fs.mkdtempSync('empty');
+                juliaPath = yield tc.cacheDir(emptyDir, 'julia', version, arch);
+                yield installer.installJulia(juliaPath, versionInfo, version, arch);
                 core.debug(`added Julia to cache: ${juliaPath}`);
-                // Remove temporary dir
-                fs.rmSync(juliaInstallationPath, { recursive: true });
+                // Remove empty dir
+                fs.rmdirSync(emptyDir);
             }
             else {
                 core.debug(`using cached version of Julia: ${juliaPath}`);
@@ -1013,7 +1031,7 @@ class OidcClient {
                 .catch(error => {
                 throw new Error(`Failed to get ID Token. \n 
         Error Code : ${error.statusCode}\n 
-        Error Message: ${error.result.message}`);
+        Error Message: ${error.message}`);
             });
             const id_token = (_a = res.result) === null || _a === void 0 ? void 0 : _a.value;
             if (!id_token) {
@@ -5022,8 +5040,11 @@ var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||
 // Max safe segment length for coercion.
 var MAX_SAFE_COMPONENT_LENGTH = 16
 
+var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6
+
 // The actual regexps go on exports.re
 var re = exports.re = []
+var safeRe = exports.safeRe = []
 var src = exports.src = []
 var t = exports.tokens = {}
 var R = 0
@@ -5032,6 +5053,31 @@ function tok (n) {
   t[n] = R++
 }
 
+var LETTERDASHNUMBER = '[a-zA-Z0-9-]'
+
+// Replace some greedy regex tokens to prevent regex dos issues. These regex are
+// used internally via the safeRe object since all inputs in this library get
+// normalized first to trim and collapse all extra whitespace. The original
+// regexes are exported for userland consumption and lower level usage. A
+// future breaking change could export the safer regex only with a note that
+// all input should have extra whitespace removed.
+var safeRegexReplacements = [
+  ['\\s', 1],
+  ['\\d', MAX_LENGTH],
+  [LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH],
+]
+
+function makeSafeRe (value) {
+  for (var i = 0; i < safeRegexReplacements.length; i++) {
+    var token = safeRegexReplacements[i][0]
+    var max = safeRegexReplacements[i][1]
+    value = value
+      .split(token + '*').join(token + '{0,' + max + '}')
+      .split(token + '+').join(token + '{1,' + max + '}')
+  }
+  return value
+}
+
 // The following Regular Expressions can be used for tokenizing,
 // validating, and parsing SemVer version strings.
 
@@ -5041,14 +5087,14 @@ function tok (n) {
 tok('NUMERICIDENTIFIER')
 src[t.NUMERICIDENTIFIER] = '0|[1-9]\\d*'
 tok('NUMERICIDENTIFIERLOOSE')
-src[t.NUMERICIDENTIFIERLOOSE] = '[0-9]+'
+src[t.NUMERICIDENTIFIERLOOSE] = '\\d+'
 
 // ## Non-numeric Identifier
 // Zero or more digits, followed by a letter or hyphen, and then zero or
 // more letters, digits, or hyphens.
 
 tok('NONNUMERICIDENTIFIER')
-src[t.NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-][a-zA-Z0-9-]*'
+src[t.NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-]' + LETTERDASHNUMBER + '*'
 
 // ## Main Version
 // Three dot-separated numeric identifiers.
@@ -5090,7 +5136,7 @@ src[t.PRERELEASELOOSE] = '(?:-?(' + src[t.PRERELEASEIDENTIFIERLOOSE] +
 // Any combination of digits, letters, or hyphens.
 
 tok('BUILDIDENTIFIER')
-src[t.BUILDIDENTIFIER] = '[0-9A-Za-z-]+'
+src[t.BUILDIDENTIFIER] = LETTERDASHNUMBER + '+'
 
 // ## Build Metadata
 // Plus sign, followed by one or more period-separated build metadata
@@ -5170,6 +5216,7 @@ src[t.COERCE] = '(^|[^\\d])' +
               '(?:$|[^\\d])'
 tok('COERCERTL')
 re[t.COERCERTL] = new RegExp(src[t.COERCE], 'g')
+safeRe[t.COERCERTL] = new RegExp(makeSafeRe(src[t.COERCE]), 'g')
 
 // Tilde ranges.
 // Meaning is "reasonably at or greater than"
@@ -5179,6 +5226,7 @@ src[t.LONETILDE] = '(?:~>?)'
 tok('TILDETRIM')
 src[t.TILDETRIM] = '(\\s*)' + src[t.LONETILDE] + '\\s+'
 re[t.TILDETRIM] = new RegExp(src[t.TILDETRIM], 'g')
+safeRe[t.TILDETRIM] = new RegExp(makeSafeRe(src[t.TILDETRIM]), 'g')
 var tildeTrimReplace = '$1~'
 
 tok('TILDE')
@@ -5194,6 +5242,7 @@ src[t.LONECARET] = '(?:\\^)'
 tok('CARETTRIM')
 src[t.CARETTRIM] = '(\\s*)' + src[t.LONECARET] + '\\s+'
 re[t.CARETTRIM] = new RegExp(src[t.CARETTRIM], 'g')
+safeRe[t.CARETTRIM] = new RegExp(makeSafeRe(src[t.CARETTRIM]), 'g')
 var caretTrimReplace = '$1^'
 
 tok('CARET')
@@ -5215,6 +5264,7 @@ src[t.COMPARATORTRIM] = '(\\s*)' + src[t.GTLT] +
 
 // this one has to use the /g flag
 re[t.COMPARATORTRIM] = new RegExp(src[t.COMPARATORTRIM], 'g')
+safeRe[t.COMPARATORTRIM] = new RegExp(makeSafeRe(src[t.COMPARATORTRIM]), 'g')
 var comparatorTrimReplace = '$1$2$3'
 
 // Something like `1.2.3 - 1.2.4`
@@ -5243,6 +5293,14 @@ for (var i = 0; i < R; i++) {
   debug(i, src[i])
   if (!re[i]) {
     re[i] = new RegExp(src[i])
+
+    // Replace all greedy whitespace to prevent regex dos issues. These regex are
+    // used internally via the safeRe object since all inputs in this library get
+    // normalized first to trim and collapse all extra whitespace. The original
+    // regexes are exported for userland consumption and lower level usage. A
+    // future breaking change could export the safer regex only with a note that
+    // all input should have extra whitespace removed.
+    safeRe[i] = new RegExp(makeSafeRe(src[i]))
   }
 }
 
@@ -5267,7 +5325,7 @@ function parse (version, options) {
     return null
   }
 
-  var r = options.loose ? re[t.LOOSE] : re[t.FULL]
+  var r = options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL]
   if (!r.test(version)) {
     return null
   }
@@ -5322,7 +5380,7 @@ function SemVer (version, options) {
   this.options = options
   this.loose = !!options.loose
 
-  var m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL])
+  var m = version.trim().match(options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL])
 
   if (!m) {
     throw new TypeError('Invalid Version: ' + version)
@@ -5767,6 +5825,7 @@ function Comparator (comp, options) {
     return new Comparator(comp, options)
   }
 
+  comp = comp.trim().split(/\s+/).join(' ')
   debug('comparator', comp, options)
   this.options = options
   this.loose = !!options.loose
@@ -5783,7 +5842,7 @@ function Comparator (comp, options) {
 
 var ANY = {}
 Comparator.prototype.parse = function (comp) {
-  var r = this.options.loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]
+  var r = this.options.loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
   var m = comp.match(r)
 
   if (!m) {
@@ -5907,9 +5966,16 @@ function Range (range, options) {
   this.loose = !!options.loose
   this.includePrerelease = !!options.includePrerelease
 
-  // First, split based on boolean or ||
+  // First reduce all whitespace as much as possible so we do not have to rely
+  // on potentially slow regexes like \s*. This is then stored and used for
+  // future error messages as well.
   this.raw = range
-  this.set = range.split(/\s*\|\|\s*/).map(function (range) {
+    .trim()
+    .split(/\s+/)
+    .join(' ')
+
+  // First, split based on boolean or ||
+  this.set = this.raw.split('||').map(function (range) {
     return this.parseRange(range.trim())
   }, this).filter(function (c) {
     // throw out any that are not relevant for whatever reason
@@ -5917,7 +5983,7 @@ function Range (range, options) {
   })
 
   if (!this.set.length) {
-    throw new TypeError('Invalid SemVer Range: ' + range)
+    throw new TypeError('Invalid SemVer Range: ' + this.raw)
   }
 
   this.format()
@@ -5936,20 +6002,19 @@ Range.prototype.toString = function () {
 
 Range.prototype.parseRange = function (range) {
   var loose = this.options.loose
-  range = range.trim()
   // `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4`
-  var hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE]
+  var hr = loose ? safeRe[t.HYPHENRANGELOOSE] : safeRe[t.HYPHENRANGE]
   range = range.replace(hr, hyphenReplace)
   debug('hyphen replace', range)
   // `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5`
-  range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace)
-  debug('comparator trim', range, re[t.COMPARATORTRIM])
+  range = range.replace(safeRe[t.COMPARATORTRIM], comparatorTrimReplace)
+  debug('comparator trim', range, safeRe[t.COMPARATORTRIM])
 
   // `~ 1.2.3` => `~1.2.3`
-  range = range.replace(re[t.TILDETRIM], tildeTrimReplace)
+  range = range.replace(safeRe[t.TILDETRIM], tildeTrimReplace)
 
   // `^ 1.2.3` => `^1.2.3`
-  range = range.replace(re[t.CARETTRIM], caretTrimReplace)
+  range = range.replace(safeRe[t.CARETTRIM], caretTrimReplace)
 
   // normalize spaces
   range = range.split(/\s+/).join(' ')
@@ -5957,7 +6022,7 @@ Range.prototype.parseRange = function (range) {
   // At this point, the range is completely trimmed and
   // ready to be split into comparators.
 
-  var compRe = loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]
+  var compRe = loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
   var set = range.split(' ').map(function (comp) {
     return parseComparator(comp, this.options)
   }, this).join(' ').split(/\s+/)
@@ -6057,7 +6122,7 @@ function replaceTildes (comp, options) {
 }
 
 function replaceTilde (comp, options) {
-  var r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]
+  var r = options.loose ? safeRe[t.TILDELOOSE] : safeRe[t.TILDE]
   return comp.replace(r, function (_, M, m, p, pr) {
     debug('tilde', comp, _, M, m, p, pr)
     var ret
@@ -6098,7 +6163,7 @@ function replaceCarets (comp, options) {
 
 function replaceCaret (comp, options) {
   debug('caret', comp, options)
-  var r = options.loose ? re[t.CARETLOOSE] : re[t.CARET]
+  var r = options.loose ? safeRe[t.CARETLOOSE] : safeRe[t.CARET]
   return comp.replace(r, function (_, M, m, p, pr) {
     debug('caret', comp, _, M, m, p, pr)
     var ret
@@ -6157,7 +6222,7 @@ function replaceXRanges (comp, options) {
 
 function replaceXRange (comp, options) {
   comp = comp.trim()
-  var r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE]
+  var r = options.loose ? safeRe[t.XRANGELOOSE] : safeRe[t.XRANGE]
   return comp.replace(r, function (ret, gtlt, M, m, p, pr) {
     debug('xRange', comp, ret, gtlt, M, m, p, pr)
     var xM = isX(M)
@@ -6232,7 +6297,7 @@ function replaceXRange (comp, options) {
 function replaceStars (comp, options) {
   debug('replaceStars', comp, options)
   // Looseness is ignored here.  star is always as loose as it gets!
-  return comp.trim().replace(re[t.STAR], '')
+  return comp.trim().replace(safeRe[t.STAR], '')
 }
 
 // This function is passed to string.replace(re[t.HYPHENRANGE])
@@ -6558,7 +6623,7 @@ function coerce (version, options) {
 
   var match = null
   if (!options.rtl) {
-    match = version.match(re[t.COERCE])
+    match = version.match(safeRe[t.COERCE])
   } else {
     // Find the right-most coercible string that does not share
     // a terminus with a more left-ward coercible string.
@@ -6569,17 +6634,17 @@ function coerce (version, options) {
     // Stop when we get a match that ends at the string end, since no
     // coercible string can be more right-ward without the same terminus.
     var next
-    while ((next = re[t.COERCERTL].exec(version)) &&
+    while ((next = safeRe[t.COERCERTL].exec(version)) &&
       (!match || match.index + match[0].length !== version.length)
     ) {
       if (!match ||
           next.index + next[0].length !== match.index + match[0].length) {
         match = next
       }
-      re[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
+      safeRe[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
     }
     // leave it in a clean state
-    re[t.COERCERTL].lastIndex = -1
+    safeRe[t.COERCERTL].lastIndex = -1
   }
 
   if (match === null) {
@@ -8044,35 +8109,43 @@ const coerce = (version, options) => {
 
   let match = null
   if (!options.rtl) {
-    match = version.match(re[t.COERCE])
+    match = version.match(options.includePrerelease ? re[t.COERCEFULL] : re[t.COERCE])
   } else {
     // Find the right-most coercible string that does not share
     // a terminus with a more left-ward coercible string.
     // Eg, '1.2.3.4' wants to coerce '2.3.4', not '3.4' or '4'
+    // With includePrerelease option set, '1.2.3.4-rc' wants to coerce '2.3.4-rc', not '2.3.4'
     //
     // Walk through the string checking with a /g regexp
     // Manually set the index so as to pick up overlapping matches.
     // Stop when we get a match that ends at the string end, since no
     // coercible string can be more right-ward without the same terminus.
+    const coerceRtlRegex = options.includePrerelease ? re[t.COERCERTLFULL] : re[t.COERCERTL]
     let next
-    while ((next = re[t.COERCERTL].exec(version)) &&
+    while ((next = coerceRtlRegex.exec(version)) &&
         (!match || match.index + match[0].length !== version.length)
     ) {
       if (!match ||
             next.index + next[0].length !== match.index + match[0].length) {
         match = next
       }
-      re[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
+      coerceRtlRegex.lastIndex = next.index + next[1].length + next[2].length
     }
     // leave it in a clean state
-    re[t.COERCERTL].lastIndex = -1
+    coerceRtlRegex.lastIndex = -1
   }
 
   if (match === null) {
     return null
   }
 
-  return parse(`${match[2]}.${match[3] || '0'}.${match[4] || '0'}`, options)
+  const major = match[2]
+  const minor = match[3] || '0'
+  const patch = match[4] || '0'
+  const prerelease = options.includePrerelease && match[5] ? `-${match[5]}` : ''
+  const build = options.includePrerelease && match[6] ? `+${match[6]}` : ''
+
+  return parse(`${major}.${minor}.${patch}${prerelease}${build}`, options)
 }
 module.exports = coerce
 
@@ -8764,12 +8837,17 @@ createToken('XRANGELOOSE', `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAINLOOSE]}$`)
 
 // Coercion.
 // Extract anything that could conceivably be a part of a valid semver
-createToken('COERCE', `${'(^|[^\\d])' +
+createToken('COERCEPLAIN', `${'(^|[^\\d])' +
               '(\\d{1,'}${MAX_SAFE_COMPONENT_LENGTH}})` +
               `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` +
-              `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` +
+              `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?`)
+createToken('COERCE', `${src[t.COERCEPLAIN]}(?:$|[^\\d])`)
+createToken('COERCEFULL', src[t.COERCEPLAIN] +
+              `(?:${src[t.PRERELEASE]})?` +
+              `(?:${src[t.BUILD]})?` +
               `(?:$|[^\\d])`)
 createToken('COERCERTL', src[t.COERCE], true)
+createToken('COERCERTLFULL', src[t.COERCEFULL], true)
 
 // Tilde ranges.
 // Meaning is "reasonably at or greater than"

lib/installer.js

@@ -156,10 +156,23 @@ function getNightlyFileName(arch) {
         if (arch == 'x86') {
             throw new Error('32-bit Julia is not available on macOS');
         }
-        versionExt = '-mac64';
+        else if (arch == 'aarch64') {
+            versionExt = '-macaarch64';
+        }
+        else {
+            versionExt = '-mac64';
+        }
     }
     else if (osPlat === 'linux') {
-        versionExt = arch == 'x64' ? '-linux64' : '-linux32';
+        if (arch == 'x86') {
+            versionExt = '-linux32';
+        }
+        else if (arch == 'aarch64') {
+            versionExt = '-linux-aarch64';
+        }
+        else {
+            versionExt = '-linux64';
+        }
     }
     else {
         throw new Error(`Platform ${osPlat} is not supported`);
@@ -216,7 +229,7 @@ function getDownloadURL(fileInfo, version, arch) {
     return fileInfo.url;
 }
 exports.getDownloadURL = getDownloadURL;
-function installJulia(versionInfo, version, arch) {
+function installJulia(dest, versionInfo, version, arch) {
     return __awaiter(this, void 0, void 0, function* () {
         // Download Julia
         const fileInfo = getFileInfo(versionInfo, version, arch);
@@ -243,39 +256,38 @@ function installJulia(versionInfo, version, arch) {
         else {
             core.debug('Skipping checksum check for nightly binaries.');
         }
-        const tempInstallDir = fs.mkdtempSync(`julia-${arch}-${version}-`);
         // Install it
         switch (osPlat) {
             case 'linux':
                 // tc.extractTar doesn't support stripping components, so we have to call tar manually
-                yield exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', tempInstallDir]);
-                return tempInstallDir;
+                yield exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', dest]);
+                return dest;
             case 'win32':
                 if (fileInfo !== null && fileInfo.extension == 'exe') {
                     if (version.endsWith('nightly') || semver.gtr(version, '1.3', { includePrerelease: true })) {
                         // The installer changed in 1.4: https://github.com/JuliaLang/julia/blob/ef0c9108b12f3ae177c51037934351ffa703b0b5/NEWS.md#build-system-changes
-                        yield exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/SILENT /dir=${path.join(process.cwd(), tempInstallDir)}" -NoNewWindow -Wait`]);
+                        yield exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/SILENT /dir=${path.join(process.cwd(), dest)}" -NoNewWindow -Wait`]);
                     }
                     else {
-                        yield exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/S /D=${path.join(process.cwd(), tempInstallDir)}" -NoNewWindow -Wait`]);
+                        yield exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/S /D=${path.join(process.cwd(), dest)}" -NoNewWindow -Wait`]);
                     }
                 }
                 else {
                     // This is the more common path. Using .tar.gz is much faster
-                    yield exec.exec('powershell', ['-Command', `tar xf ${juliaDownloadPath} --strip-components=1 -C ${tempInstallDir}`]);
+                    yield exec.exec('powershell', ['-Command', `tar xf ${juliaDownloadPath} --strip-components=1 -C ${dest}`]);
                 }
-                return tempInstallDir;
+                return dest;
             case 'darwin':
                 if (fileInfo !== null && fileInfo.extension == 'dmg') {
                     core.debug(`Support for .dmg files is deprecated and may be removed in a future release`);
                     yield exec.exec('hdiutil', ['attach', juliaDownloadPath]);
-                    yield exec.exec('/bin/bash', ['-c', `cp -a /Volumes/Julia-*/Julia-*.app/Contents/Resources/julia ${tempInstallDir}`]);
-                    return path.join(tempInstallDir, 'julia');
+                    yield exec.exec('/bin/bash', ['-c', `cp -a /Volumes/Julia-*/Julia-*.app/Contents/Resources/julia ${dest}`]);
+                    return path.join(dest, 'julia');
                 }
                 else {
                     // tc.extractTar doesn't support stripping components, so we have to call tar manually
-                    yield exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', tempInstallDir]);
-                    return tempInstallDir;
+                    yield exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', dest]);
+                    return dest;
                 }
             default:
                 throw new Error(`Platform ${osPlat} is not supported`);

lib/setup-julia.js

@@ -91,12 +91,18 @@ function run() {
             juliaPath = tc.find('julia', version, arch);
             if (!juliaPath) {
                 core.debug(`could not find Julia ${arch}/${version} in cache`);
-                const juliaInstallationPath = yield installer.installJulia(versionInfo, version, arch);
-                // Add it to cache
-                juliaPath = yield tc.cacheDir(juliaInstallationPath, 'julia', version, arch);
+                // https://github.com/julia-actions/setup-julia/pull/196
+                // we want julia to be installed with unmodified file mtimes
+                // but `tc.cacheDir` uses `cp` internally which destroys mtime
+                // and `tc` provides no API to get the tool directory alone
+                // so hack it by installing a empty directory then use the path it returns
+                // and extract the archives directly to that location
+                const emptyDir = fs.mkdtempSync('empty');
+                juliaPath = yield tc.cacheDir(emptyDir, 'julia', version, arch);
+                yield installer.installJulia(juliaPath, versionInfo, version, arch);
                 core.debug(`added Julia to cache: ${juliaPath}`);
-                // Remove temporary dir
-                fs.rmSync(juliaInstallationPath, { recursive: true });
+                // Remove empty dir
+                fs.rmdirSync(emptyDir);
             }
             else {
                 core.debug(`using cached version of Julia: ${juliaPath}`);

package.json

@@ -1,6 +1,6 @@
 {
   "name": "setup-julia",
-  "version": "1.9.4",
+  "version": "1.9.6",
   "private": true,
   "description": "setup Julia action",
   "main": "lib/setup-julia.js",
@@ -21,25 +21,25 @@
   "author": "Sascha Mann <git@mail.saschamann.eu>",
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.10.0",
+    "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.1",
     "@actions/io": "^1.1.3",
     "@actions/tool-cache": "^2.0.1",
     "async-retry": "^1.3.3",
-    "semver": "^7.5.4"
+    "semver": "^7.6.0"
   },
   "devDependencies": {
-    "@types/async-retry": "^1.4.5",
-    "@types/jest": "^29.5.0",
-    "@types/node": "^18.14.2",
-    "@types/retry": "^0.12.2",
+    "@types/async-retry": "^1.4.8",
+    "@types/jest": "^29.5.12",
+    "@types/node": "^20.11.16",
+    "@types/retry": "^0.12.5",
     "@types/semver": "^7.5.6",
-    "@vercel/ncc": "^0.36.1",
-    "jest": "^29.5.0",
-    "jest-circus": "^29.5.0",
-    "nock": "^13.3.8",
-    "prettier": "^3.1.0",
-    "ts-jest": "^29.0.5",
-    "typescript": "^5.3.2"
+    "@vercel/ncc": "^0.38.1",
+    "jest": "^29.7.0",
+    "jest-circus": "^29.7.0",
+    "nock": "^13.5.1",
+    "prettier": "^3.2.5",
+    "ts-jest": "^29.1.2",
+    "typescript": "^5.3.3"
   }
 }

src/installer.ts

@@ -128,10 +128,19 @@ function getNightlyFileName(arch: string): string {
     } else if (osPlat == 'darwin') {
         if (arch == 'x86') {
             throw new Error('32-bit Julia is not available on macOS')
+        } else if (arch == 'aarch64') {
+            versionExt = '-macaarch64'
+        } else {
+            versionExt = '-mac64'
         }
-        versionExt = '-mac64'
     } else if (osPlat === 'linux') {
-        versionExt = arch == 'x64' ? '-linux64' : '-linux32'
+        if (arch == 'x86') {
+            versionExt = '-linux32'
+        } else if (arch == 'aarch64') {
+            versionExt = '-linux-aarch64'
+        } else {
+            versionExt = '-linux64'
+        }
     } else {
         throw new Error(`Platform ${osPlat} is not supported`)
     }
@@ -198,7 +207,7 @@ export function getDownloadURL(fileInfo, version: string, arch: string): string
     return fileInfo.url
 }
 
-export async function installJulia(versionInfo, version: string, arch: string): Promise<string> {
+export async function installJulia(dest: string, versionInfo, version: string, arch: string): Promise<string> {
     // Download Julia
     const fileInfo = getFileInfo(versionInfo, version, arch)
     const downloadURL = getDownloadURL(fileInfo, version, arch)
@@ -226,37 +235,35 @@ export async function installJulia(versionInfo, version: string, arch: string):
         core.debug('Skipping checksum check for nightly binaries.')
     }
 
-    const tempInstallDir = fs.mkdtempSync(`julia-${arch}-${version}-`)
-
     // Install it
     switch (osPlat) {
         case 'linux':
             // tc.extractTar doesn't support stripping components, so we have to call tar manually
-            await exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', tempInstallDir])
-            return tempInstallDir
+            await exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', dest])
+            return dest
         case 'win32':
             if (fileInfo !== null && fileInfo.extension == 'exe') {
                 if (version.endsWith('nightly') || semver.gtr(version, '1.3', {includePrerelease: true})) {
                     // The installer changed in 1.4: https://github.com/JuliaLang/julia/blob/ef0c9108b12f3ae177c51037934351ffa703b0b5/NEWS.md#build-system-changes
-                    await exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/SILENT /dir=${path.join(process.cwd(), tempInstallDir)}" -NoNewWindow -Wait`])
+                    await exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/SILENT /dir=${path.join(process.cwd(), dest)}" -NoNewWindow -Wait`])
                 } else {
-                    await exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/S /D=${path.join(process.cwd(), tempInstallDir)}" -NoNewWindow -Wait`])
+                    await exec.exec('powershell', ['-Command', `Start-Process -FilePath ${juliaDownloadPath} -ArgumentList "/S /D=${path.join(process.cwd(), dest)}" -NoNewWindow -Wait`])
                 }
             } else {
                 // This is the more common path. Using .tar.gz is much faster
-                await exec.exec('powershell', ['-Command', `tar xf ${juliaDownloadPath} --strip-components=1 -C ${tempInstallDir}`])
+                await exec.exec('powershell', ['-Command', `tar xf ${juliaDownloadPath} --strip-components=1 -C ${dest}`])
             }
-            return tempInstallDir
+            return dest
         case 'darwin':
             if (fileInfo !== null && fileInfo.extension == 'dmg') {
                 core.debug(`Support for .dmg files is deprecated and may be removed in a future release`)
                 await exec.exec('hdiutil', ['attach', juliaDownloadPath])
-                await exec.exec('/bin/bash', ['-c', `cp -a /Volumes/Julia-*/Julia-*.app/Contents/Resources/julia ${tempInstallDir}`])
-                return path.join(tempInstallDir, 'julia')
+                await exec.exec('/bin/bash', ['-c', `cp -a /Volumes/Julia-*/Julia-*.app/Contents/Resources/julia ${dest}`])
+                return path.join(dest, 'julia')
             } else {
                 // tc.extractTar doesn't support stripping components, so we have to call tar manually
-                await exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', tempInstallDir])
-                return tempInstallDir
+                await exec.exec('tar', ['xf', juliaDownloadPath, '--strip-components=1', '-C', dest])
+                return dest
             }
         default:
             throw new Error(`Platform ${osPlat} is not supported`)

src/setup-julia.ts

@@ -69,14 +69,21 @@ async function run() {
 
         if (!juliaPath) {
             core.debug(`could not find Julia ${arch}/${version} in cache`)
-            const juliaInstallationPath = await installer.installJulia(versionInfo, version, arch)
 
-            // Add it to cache
-            juliaPath = await tc.cacheDir(juliaInstallationPath, 'julia', version, arch)
+            // https://github.com/julia-actions/setup-julia/pull/196
+            // we want julia to be installed with unmodified file mtimes
+            // but `tc.cacheDir` uses `cp` internally which destroys mtime
+            // and `tc` provides no API to get the tool directory alone
+            // so hack it by installing a empty directory then use the path it returns
+            // and extract the archives directly to that location
+            const emptyDir = fs.mkdtempSync('empty')
+            juliaPath = await tc.cacheDir(emptyDir, 'julia', version, arch)
+            await installer.installJulia(juliaPath, versionInfo, version, arch)
+
             core.debug(`added Julia to cache: ${juliaPath}`)
 
-            // Remove temporary dir
-            fs.rmSync(juliaInstallationPath, {recursive: true})
+            // Remove empty dir
+            fs.rmdirSync(emptyDir)
         } else {
             core.debug(`using cached version of Julia: ${juliaPath}`)
         }