Add production dependencies & build

* Throw an informative error for non-existent version

* npm install && npm run build

.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+- package-ecosystem: gitsubmodule
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10

.github/workflows/example-builds-nightly.yml

@@ -13,7 +13,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        julia-version: [nightly, 1.6-nightly]
+        julia-version: [nightly, 1.7-nightly]
         julia-arch: [x64, x86]
         os: [ubuntu-latest, macOS-latest, windows-latest]
         # 32-bit Julia binaries are not available on macOS

.github/workflows/windows-tests.yml

@@ -1,44 +0,0 @@
-name: Windows Benchmark
-
-on: [push]
-
-jobs:
-  installer:
-    name: Installer
-    runs-on: windows-latest
-
-    steps:
-      - name: Download
-        run: curl -O https://julialang-s3.julialang.org/bin/winnt/x64/1.5/julia-1.5.3-win64.exe
-        shell: bash
-
-      - name: Install
-        run: |
-          Start-Process -FilePath julia-1.5.3-win64.exe -ArgumentList "/SILENT /dir=C:\Julia" -NoNewWindow -Wait
-      
-      - name: Add to path
-        run: |
-          echo "C:\Julia\bin" >> $GITHUB_PATH
-        shell: bash
-      
-      - run: julia --version
-  
-  archive:
-    name: Archive
-    runs-on: windows-latest
-
-    steps:
-      - name: Download
-        run: curl -O https://julialang-s3.julialang.org/bin/winnt/x64/1.5/julia-1.5.3-win64.zip
-        shell: bash
-
-      - name: Install
-        run: |
-          [System.IO.Compression.ZipFile]::ExtractToDirectory('julia-1.5.3-win64.zip', 'C:\Julia')
-      
-      - name: Add to path
-        run: |
-          echo "C:\Julia\julia-1.5.3\bin" >> $GITHUB_PATH
-        shell: bash
-      
-      - run: julia --version

.gitignore

@@ -1,3 +1,3 @@
 node_modules/
 __tests__/runner/*
-dist/
+!dist/

README.md

@@ -103,7 +103,7 @@ You can either specify specific Julia versions or version ranges. If you specify
 - `^1.3.0-0` is a **caret** version range that includes _all_ pre-releases. It matches all versions `≥ 1.3.0-` and `< 2.0.0`.
 - `~1.3.0-0` is a **tilde** version range that includes _all_ pre-releases. It matches all versions `≥ 1.3.0-` and `< 1.4.0`.
 - `nightly` will install the latest nightly build.
-- `1.6-nightly` will install the latest nightly build for the upcoming 1.6 release. This version will only be available during certain phases of the Julia release cycle.
+- `1.7-nightly` will install the latest nightly build for the upcoming 1.7 release. This version will only be available during certain phases of the Julia release cycle.
 
 Internally the action uses node's semver package to resolve version ranges. Its [documentation](https://github.com/npm/node-semver#advanced-range-syntax) contains more details on the version range syntax. You can test what version will be selected for a given input in this JavaScript [REPL](https://repl.it/@SaschaMann/setup-julia-version-logic).
 

lib/installer.js

@@ -124,15 +124,19 @@ function getNightlyFileName(arch) {
     return `julia-latest${versionExt}.${ext}`;
 }
 function getFileInfo(versionInfo, version, arch) {
+    const err = `Could not find ${archMap[arch]}/${version} binaries`;
     if (version.endsWith('nightly')) {
         return null;
     }
+    if (!versionInfo[version]) {
+        throw err;
+    }
     for (let file of versionInfo[version].files) {
         if (file.os == osMap[osPlat] && file.arch == archMap[arch]) {
             return file;
         }
     }
-    throw `Could not find ${archMap[arch]}/${version} binaries`;
+    throw err;
 }
 exports.getFileInfo = getFileInfo;
 function getDownloadURL(fileInfo, version, arch) {
@@ -146,6 +150,10 @@ function getDownloadURL(fileInfo, version, arch) {
     if (version == 'nightly') {
         return `${baseURL}/${getNightlyFileName(arch)}`;
     }
+    // Verify that fileInfo.url points at the official Julia download servers
+    if (!fileInfo.url.startsWith('https://julialang-s3.julialang.org/')) {
+        throw new Error(`versions.json points at a download location outside of Julia's download server: ${fileInfo.url}. Aborting for security reasons.`);
+    }
     return fileInfo.url;
 }
 exports.getDownloadURL = getDownloadURL;

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "setup-julia",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -2884,6 +2884,12 @@
           "dev": true,
           "optional": true
         },
+        "ini": {
+          "version": "1.3.5",
+          "bundled": true,
+          "dev": true,
+          "optional": true
+        },
         "is-fullwidth-code-point": {
           "version": "1.0.0",
           "bundled": true,
@@ -3383,9 +3389,9 @@
       }
     },
     "hosted-git-info": {
-      "version": "2.8.8",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz",
-      "integrity": "sha512-f/wzC2QaWBs7t9IYqB4T3sR1xviIViXJRJTWBlx2Gf3g0Xi5vI7Yy4koXQ1c9OYDGHN9sBy1DQ2AB8fqZBWhUg==",
+      "version": "2.8.9",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz",
+      "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
       "dev": true
     },
     "html-encoding-sniffer": {
@@ -3466,13 +3472,6 @@
       "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
       "dev": true
     },
-    "ini": {
-      "version": "1.3.7",
-      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.7.tgz",
-      "integrity": "sha512-iKpRpXP+CrP2jyrxvg1kMUpXDyRUFDWurxbnVT1vQPx+Wz9uCYsMIqYuSBLV+PAaZG/d7kRLKRFc9oDMsH+mFQ==",
-      "dev": true,
-      "optional": true
-    },
     "invariant": {
       "version": "2.2.4",
       "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz",
@@ -5259,9 +5258,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.19",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
       "dev": true
     },
     "lodash.memoize": {
@@ -7001,9 +7000,9 @@
       "dev": true
     },
     "y18n": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
-      "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+      "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
       "dev": true
     },
     "yargs": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "setup-julia",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "private": true,
   "description": "setup Julia action",
   "main": "lib/setup-julia.js",

src/installer.ts

@@ -115,17 +115,23 @@ function getNightlyFileName(arch: string): string {
 }
 
 export function getFileInfo(versionInfo, version: string, arch: string) {
+    const err = `Could not find ${archMap[arch]}/${version} binaries`
+
     if (version.endsWith('nightly')) {
         return null
     }
 
+    if (!versionInfo[version]) {
+       throw err
+    }
+
     for (let file of versionInfo[version].files) {
         if (file.os == osMap[osPlat] && file.arch == archMap[arch]) {
             return file
         }
     }
 
-    throw `Could not find ${archMap[arch]}/${version} binaries`
+    throw err
 }
 
 export function getDownloadURL(fileInfo, version: string, arch: string): string {
@@ -142,6 +148,10 @@ export function getDownloadURL(fileInfo, version: string, arch: string): string
         return `${baseURL}/${getNightlyFileName(arch)}`
     }
 
+    // Verify that fileInfo.url points at the official Julia download servers
+    if (!fileInfo.url.startsWith('https://julialang-s3.julialang.org/')) {
+        throw new Error(`versions.json points at a download location outside of Julia's download server: ${fileInfo.url}. Aborting for security reasons.`)
+    }
     return fileInfo.url
 }
 
@@ -200,12 +210,12 @@ export async function installJulia(versionInfo, version: string, arch: string):
 
 /**
  * Test if Julia has been installed and print the version.
- * 
+ *
  * true => always show versioninfo
  * false => only show on nightlies
  * never => never show it anywhere
- * 
- * @param showVersionInfoInput 
+ *
+ * @param showVersionInfoInput
  */
 export async function showVersionInfo(showVersionInfoInput: string, version: string): Promise<void> {
     // --compile=min -O0 reduces the time from ~1.8-1.9s to ~0.8-0.9s
@@ -215,7 +225,7 @@ export async function showVersionInfo(showVersionInfoInput: string, version: str
         case 'true':
             exitCode = await exec.exec('julia', ['--compile=min', '-O0', '-e', 'using InteractiveUtils; versioninfo()'])
             break
-    
+
         case 'false':
             if (version.endsWith('nightly')) {
                 exitCode = await exec.exec('julia', ['--compile=min', '-O0', '-e', 'using InteractiveUtils; versioninfo()'])
@@ -223,7 +233,7 @@ export async function showVersionInfo(showVersionInfoInput: string, version: str
                 exitCode = await exec.exec('julia', ['--version'])
             }
             break
-        
+
         case 'never':
             exitCode = await exec.exec('julia', ['--version'])
             break