From dd50e695221eca1f98295cfa3bd3ad581e87cacc Mon Sep 17 00:00:00 2001
From: Aleksandr Misonizhnik <misonijnik@gmail.com>
Date: Fri, 20 Mar 2026 12:48:46 +0300
Subject: [PATCH] fix(github): Add java-version input to control compilation
 Java version

---
 github/README.md  | 49 ++++++++++++++++++++++++++---------------------
 github/action.yml | 13 +++++++++++++
 2 files changed, 40 insertions(+), 22 deletions(-)

diff --git a/github/README.md b/github/README.md
index 4453d12cd..3d0db8422 100644
--- a/github/README.md
+++ b/github/README.md
@@ -9,9 +9,7 @@ Run [OpenTaint](https://github.com/seqra/opentaint) static analysis in your CI,
 
 ### Prerequisites
 
-OpenTaint analyzes compiled bytecode of your project. Before running this action, ensure your CI environment is configured to compile the project. For example:
-
-- **Java/Kotlin projects:** Set up a JDK using `actions/setup-java@v5`
+OpenTaint analyzes compiled bytecode of your project. Before running this action, ensure your CI environment is configured to compile the project.
 
 ### Quick Start
 
@@ -29,12 +27,6 @@ jobs:
       - name: Checkout your repository
         uses: actions/checkout@v6
 
-      - name: Set up JDK
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
       - name: Run OpenTaint code analysis
         uses: seqra/opentaint/github@github/v0
 ```
@@ -59,12 +51,6 @@ jobs:
       - name: Checkout your repository
         uses: actions/checkout@v6
 
-      - name: Set up JDK
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
       - name: Run OpenTaint code analysis
         uses: seqra/opentaint/github@github/v0
         with:
@@ -73,6 +59,27 @@ jobs:
 ```
 
 
+### Scan with a specific Java version
+
+```yaml
+name: OpenTaint Analysis
+on:
+    workflow_dispatch
+
+jobs:
+  opentaint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout your repository
+        uses: actions/checkout@v6
+
+      - name: Run OpenTaint code analysis
+        uses: seqra/opentaint/github@github/v0
+        with:
+          java-version: '25'
+```
+
+
 ### All Inputs
 
 ```yaml
@@ -92,12 +99,6 @@ jobs:
       - name: Checkout your repository
         uses: actions/checkout@v6
 
-      - name: Set up JDK
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
       - name: Run OpenTaint code analysis
         uses: seqra/opentaint/github@github/v0
         with:
@@ -131,6 +132,10 @@ jobs:
             # Severity levels to report (comma-separated)
             # Valid values: note, warning, error
             severity: 'warning,error'
+
+            # Java version for compilation (e.g., 8, 11, 17, 21, 25)
+            # By default uses the CLI default
+            java-version: ''
 ```
 
 
@@ -178,7 +183,7 @@ with:
 
 ## Troubleshooting
 
-* **"Compilation has failed:"** OpenTaint needs to compile your project to analyze bytecode. Ensure you have set up the required build tools (e.g., JDK via `actions/setup-java@v5`) before running this action. See [Prerequisites](#prerequisites).
+* **"Compilation has failed:"** OpenTaint automatically downloads the required JDK for compilation. If your project requires a specific Java version, set the `java-version` input (e.g., `java-version: '17'`).
 * **Monorepos:** You can analyze only the project you need using `project-root`.
 * **Timeouts:** If the scan times out, increase `timeout` (e.g., `30m`).
 
diff --git a/github/action.yml b/github/action.yml
index 5623d8d86..60fd67a42 100644
--- a/github/action.yml
+++ b/github/action.yml
@@ -37,6 +37,9 @@ inputs:
   severity:
     description: 'Severity levels to report (comma-separated). Valid values: note, warning, error'
     default: 'warning,error'
+  java-version:
+    description: 'Java version for compilation (e.g., 8, 11, 17, 21, 25)'
+    default: ''
 
 runs:
   using: 'composite'
@@ -98,8 +101,14 @@ runs:
 
            TOKEN_ARGS=(--github-token "${{ inputs.token || github.token }}")
 
+            COMPILE_ARGS=()
+           if [ -n "${{ inputs.java-version }}" ]; then
+             COMPILE_ARGS+=(--java-version "${{ inputs.java-version }}")
+           fi
+
             "${{ steps.globals.outputs.OPENTAINT_BIN }}" --quiet "${TOKEN_ARGS[@]}" compile \
               --verbosity "${{ inputs.verbosity }}" \
+              "${COMPILE_ARGS[@]}" \
               --output "${{ steps.globals.outputs.OPENTAINT_PROJECT }}" "${{ inputs.project-root }}"
 
     - name: Run analysis
@@ -133,6 +142,10 @@ runs:
 
             CMD=("${{ steps.globals.outputs.OPENTAINT_BIN }}" --quiet "${TOKEN_ARGS[@]}" scan)
 
+           if [ -n "${{ inputs.java-version }}" ]; then
+             CMD+=(--java-version "${{ inputs.java-version }}")
+           fi
+
            append_csv_args "ruleset" "${{ inputs.rules-path }}"
 
            CMD+=(--timeout "${{ inputs.timeout }}")