Enable wrapper validation with setup-gradle action

2025-04-19 01:09:20 +08:00 · 2024-04-11 11:56:55 -06:00 · 2024-04-11 11:56:55 -06:00 · 62557f3635
commit 62557f3635
parent 33741bd2bb
8 changed files with 72 additions and 9 deletions
--- a/.github/workflows/ci-integ-test.yml
+++ b/.github/workflows/ci-integ-test.yml
@ -183,3 +183,5 @@ jobs:
  wrapper-validation:
    needs: [determine-suite, build-distribution]
    uses: ./.github/workflows/integ-test-wrapper-validation.yml
+    with:
+      runner-os: '["ubuntu-latest"]'
--- a/.github/workflows/integ-test-wrapper-validation.yml
+++ b/.github/workflows/integ-test-wrapper-validation.yml
@ -1,12 +1,40 @@
-name: Test sample Kotlin DSL project
+name: Test wrapper validation

 on:
  workflow_call:
+    inputs:
+      runner-os:
+        type: string
+        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'

 jobs:
-  # Integration test for successful validation of wrappers
+  test-setup-gradle-validation:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ${{fromJSON(inputs.runner-os)}}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Initialize integ-test
+      uses: ./.github/actions/init-integ-test
+
+    - name: Run wrapper-validation-action
+      id: setup-gradle
+      uses: ./setup-gradle
+      with:
+        validate-wrappers: true
+      continue-on-error: true
+
+    - name: Check failure
+      run: |
+        if [ "${{ steps.setup-gradle.outcome}}" != "failure" ] ; then
+          echo "Expected validation to fail, but it didn't"
+          exit 1
+        fi
+
  test-validation-success:
-    name: 'Test: Validation success'
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@ -33,9 +61,7 @@ jobs:
          exit 1
        fi

-  # Integration test for failing validation of wrappers
  test-validation-error:
-    name: 'Test: Validation error'
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
--- a/setup-gradle/action.yml
+++ b/setup-gradle/action.yml
@ -100,6 +100,14 @@ inputs:
    description: Indicate that you agree to the Build Scan® terms of use. This input value must be "yes".
    required: false

+  # Wrapper validation configuration
+  validate-wrappers:
+    description: |
+      When 'true', the action will perform the 'wrapper-validation' action automatically.
+      If the wrapper checksums are not valid, the action will fail.
+    required: false
+    default: false
+
  # DEPRECATED ACTION INPUTS
  build-scan-terms-of-service-url:
    description: The URL to the Build Scan® terms of use. This input must be set to 'https://gradle.com/terms-of-service'.
--- a/sources/src/configuration.ts
+++ b/sources/src/configuration.ts
@ -261,6 +261,10 @@ export class GradleExecutionConfig {
    }
 }

+export function doValidateWrappers(): boolean {
+    return getBooleanInput('validate-wrappers')
+}
+
 // Internal parameters
 export function getJobMatrix(): string {
    return core.getInput('workflow-job-context')
--- a/sources/src/dependency-graph.ts
+++ b/sources/src/dependency-graph.ts
@ -9,7 +9,7 @@ import type {PullRequestEvent} from '@octokit/webhooks-types'
 import * as path from 'path'
 import fs from 'fs'

-import {PostActionJobFailure} from './errors'
+import {JobFailure} from './errors'
 import {DependencyGraphConfig, DependencyGraphOption, getGithubToken, getWorkspaceDirectory} from './configuration'

 const DEPENDENCY_GRAPH_PREFIX = 'dependency-graph_'
@ -208,7 +208,7 @@ function markProcessed(dependencyGraphFile: string): void {

 function warnOrFail(config: DependencyGraphConfig, option: String, error: unknown): void {
    if (!config.getDependencyGraphContinueOnFailure()) {
-        throw new PostActionJobFailure(error)
+        throw new JobFailure(error)
    }

    core.warning(`Failed to ${option} dependency graph. Will continue.\n${String(error)}`)
--- a/sources/src/errors.ts
+++ b/sources/src/errors.ts
@ -1,6 +1,6 @@
 import * as core from '@actions/core'

-export class PostActionJobFailure extends Error {
+export class JobFailure extends Error {
    constructor(error: unknown) {
        if (error instanceof Error) {
            super(error.message)
@ -21,6 +21,8 @@ export function handleMainActionError(error: unknown): void {
                core.info(err.stack)
            }
        }
+    } else if (error instanceof JobFailure) {
+        core.setFailed(String(error)) // No stack trace for JobFailure: these are known errors
    } else {
        core.setFailed(String(error))
        if (error instanceof Error && error.stack) {
@ -30,7 +32,7 @@ export function handleMainActionError(error: unknown): void {
 }

 export function handlePostActionError(error: unknown): void {
-    if (error instanceof PostActionJobFailure) {
+    if (error instanceof JobFailure) {
        core.setFailed(String(error))
    } else {
        core.warning(`Unhandled error in Gradle post-action - job will continue: ${error}`)
--- a/sources/src/setup-gradle.ts
+++ b/sources/src/setup-gradle.ts
@ -10,6 +10,8 @@ import {loadBuildResults, markBuildResultsProcessed} from './build-results'
 import {CacheListener, generateCachingReport} from './caching/cache-reporting'
 import {DaemonController} from './daemon-controller'
 import {BuildScanConfig, CacheConfig, SummaryConfig, getWorkspaceDirectory} from './configuration'
+import {findInvalidWrapperJars} from './wrapper-validation/validate'
+import {JobFailure} from './errors'

 const GRADLE_SETUP_VAR = 'GRADLE_BUILD_ACTION_SETUP_COMPLETED'
 const USER_HOME = 'USER_HOME'
@ -96,3 +98,16 @@ async function determineUserHome(): Promise<string> {
    core.debug(`Determined user.home from java -version output: '${userHome}'`)
    return userHome
 }
+
+export async function checkNoInvalidWrapperJars(rootDir = getWorkspaceDirectory()): Promise<void> {
+    const allowedChecksums = process.env['ALLOWED_GRADLE_WRAPPER_CHECKSUMS']?.split(',') || []
+    const result = await findInvalidWrapperJars(rootDir, 1, false, allowedChecksums)
+    if (result.isValid()) {
+        core.info(result.toDisplayString())
+    } else {
+        core.info(result.toDisplayString())
+        throw new JobFailure(
+            `Gradle Wrapper Validation Failed!\n  See https://github.com/gradle/actions/blob/main/docs/wrapper-validation.md#reporting-failures\n${result.toDisplayString()}`
+        )
+    }
+}
--- a/sources/src/setup-gradle/main.ts
+++ b/sources/src/setup-gradle/main.ts
@ -6,6 +6,7 @@ import {
    CacheConfig,
    DependencyGraphConfig,
    GradleExecutionConfig,
+    doValidateWrappers,
    getActionId,
    setActionId
 } from '../configuration'
@ -25,6 +26,11 @@ export async function run(): Promise<void> {
            setActionId('gradle/actions/setup-gradle')
        }

+        // Check for invalid wrapper JARs if requested
+        if (doValidateWrappers()) {
+            await setupGradle.checkNoInvalidWrapperJars()
+        }
+
        // Configure Gradle environment (Gradle User Home)
        await setupGradle.setup(new CacheConfig(), new BuildScanConfig())