fix(github): Add java-version input to control compilation Java version

github/README.md

@@ -9,9 +9,7 @@ Run [OpenTaint](https://github.com/seqra/opentaint) static analysis in your CI,
 
 ### Prerequisites
 
-OpenTaint analyzes compiled bytecode of your project. Before running this action, ensure your CI environment is configured to compile the project. For example:
-
-- **Java/Kotlin projects:** Set up a JDK using `actions/setup-java@v5`
+OpenTaint analyzes compiled bytecode of your project. Before running this action, ensure your CI environment is configured to compile the project.
 
 ### Quick Start
 
@@ -29,12 +27,6 @@ jobs:
       - name: Checkout your repository
         uses: actions/checkout@v6
 
-      - name: Set up JDK
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
       - name: Run OpenTaint code analysis
         uses: seqra/opentaint/github@github/v0
 ```
@@ -59,12 +51,6 @@ jobs:
       - name: Checkout your repository
         uses: actions/checkout@v6
 
-      - name: Set up JDK
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
       - name: Run OpenTaint code analysis
         uses: seqra/opentaint/github@github/v0
         with:
@@ -73,6 +59,27 @@ jobs:
 ```
 
 
+### Scan with a specific Java version
+
+```yaml
+name: OpenTaint Analysis
+on:
+    workflow_dispatch
+
+jobs:
+  opentaint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout your repository
+        uses: actions/checkout@v6
+
+      - name: Run OpenTaint code analysis
+        uses: seqra/opentaint/github@github/v0
+        with:
+          java-version: '25'
+```
+
+
 ### All Inputs
 
 ```yaml
@@ -92,12 +99,6 @@ jobs:
       - name: Checkout your repository
         uses: actions/checkout@v6
 
-      - name: Set up JDK
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: '21'
-
       - name: Run OpenTaint code analysis
         uses: seqra/opentaint/github@github/v0
         with:
@@ -131,6 +132,10 @@ jobs:
             # Severity levels to report (comma-separated)
             # Valid values: note, warning, error
             severity: 'warning,error'
+
+            # Java version for compilation (e.g., 8, 11, 17, 21, 25)
+            # By default uses the CLI default
+            java-version: ''
 ```
 
 
@@ -178,7 +183,7 @@ with:
 
 ## Troubleshooting
 
-* **"Compilation has failed:"** OpenTaint needs to compile your project to analyze bytecode. Ensure you have set up the required build tools (e.g., JDK via `actions/setup-java@v5`) before running this action. See [Prerequisites](#prerequisites).
+* **"Compilation has failed:"** OpenTaint automatically downloads the required JDK for compilation. If your project requires a specific Java version, set the `java-version` input (e.g., `java-version: '17'`).
 * **Monorepos:** You can analyze only the project you need using `project-root`.
 * **Timeouts:** If the scan times out, increase `timeout` (e.g., `30m`).
 

github/action.yml

@@ -37,6 +37,9 @@ inputs:
   severity:
     description: 'Severity levels to report (comma-separated). Valid values: note, warning, error'
     default: 'warning,error'
+  java-version:
+    description: 'Java version for compilation (e.g., 8, 11, 17, 21, 25)'
+    default: ''
 
 runs:
   using: 'composite'
@@ -98,8 +101,14 @@ runs:
 
            TOKEN_ARGS=(--github-token "${{ inputs.token || github.token }}")
 
+            COMPILE_ARGS=()
+           if [ -n "${{ inputs.java-version }}" ]; then
+             COMPILE_ARGS+=(--java-version "${{ inputs.java-version }}")
+           fi
+
             "${{ steps.globals.outputs.OPENTAINT_BIN }}" --quiet "${TOKEN_ARGS[@]}" compile \
               --verbosity "${{ inputs.verbosity }}" \
+              "${COMPILE_ARGS[@]}" \
               --output "${{ steps.globals.outputs.OPENTAINT_PROJECT }}" "${{ inputs.project-root }}"
 
     - name: Run analysis
@@ -133,6 +142,10 @@ runs:
 
             CMD=("${{ steps.globals.outputs.OPENTAINT_BIN }}" --quiet "${TOKEN_ARGS[@]}" scan)
 
+           if [ -n "${{ inputs.java-version }}" ]; then
+             CMD+=(--java-version "${{ inputs.java-version }}")
+           fi
+
            append_csv_args "ruleset" "${{ inputs.rules-path }}"
 
            CMD+=(--timeout "${{ inputs.timeout }}")