Bump to v3.5.0

Bump to v3.4.2
Bump to v3.4.1
2025-04-20 14:19:19 +08:00 · 2024-07-15 13:31:04 -06:00 · 2024-06-17 11:46:29 -07:00 · 2024-06-14 21:35:04 -06:00 · 2024-06-13 15:12:19 -06:00 · 2024-04-25 14:50:56 -06:00
29 changed files with 108 additions and 18988 deletions
--- a/.eslintignore
+++ b/.eslintignore
@ -1,3 +0,0 @@
-dist/
-lib/
-node_modules/
--- a/.eslintrc.json
+++ b/.eslintrc.json
@ -1,52 +0,0 @@
-{
-    "plugins": ["jest", "@typescript-eslint"],
-    "extends": ["plugin:github/typescript"],
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-      "ecmaVersion": 9,
-      "sourceType": "module",
-      "project": "./tsconfig.json"
-    },
-    "rules": {
-      "eslint-comments/no-use": "off",
-      "import/no-namespace": "off",
-      "no-unused-vars": "off",
-      "@typescript-eslint/no-unused-vars": "error",
-      "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
-      "@typescript-eslint/no-require-imports": "error",
-      "@typescript-eslint/array-type": "error",
-      "@typescript-eslint/await-thenable": "error",
-      "camelcase": "off",
-      "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
-      "@typescript-eslint/func-call-spacing": ["error", "never"],
-      "@typescript-eslint/no-array-constructor": "error",
-      "@typescript-eslint/no-empty-interface": "error",
-      "@typescript-eslint/no-explicit-any": "error",
-      "@typescript-eslint/no-extraneous-class": "error",
-      "@typescript-eslint/no-for-in-array": "error",
-      "@typescript-eslint/no-inferrable-types": "error",
-      "@typescript-eslint/no-misused-new": "error",
-      "@typescript-eslint/no-namespace": "error",
-      "@typescript-eslint/no-non-null-assertion": "warn",
-      "@typescript-eslint/no-unnecessary-qualifier": "error",
-      "@typescript-eslint/no-unnecessary-type-assertion": "error",
-      "@typescript-eslint/no-useless-constructor": "error",
-      "@typescript-eslint/no-var-requires": "error",
-      "@typescript-eslint/prefer-for-of": "warn",
-      "@typescript-eslint/prefer-function-type": "warn",
-      "@typescript-eslint/prefer-includes": "error",
-      "@typescript-eslint/prefer-string-starts-ends-with": "error",
-      "@typescript-eslint/promise-function-async": "error",
-      "@typescript-eslint/require-array-sort-compare": "error",
-      "@typescript-eslint/restrict-plus-operands": "error",
-      "semi": "off",
-      "@typescript-eslint/semi": ["error", "never"],
-      "@typescript-eslint/type-annotation-spacing": "error",
-      "@typescript-eslint/unbound-method": "error"
-    },
-    "env": {
-      "node": true,
-      "es6": true,
-      "jest/globals": true
-    }
-  }
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      github-actions:
+        patterns:
+        - "*"
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@ -1,55 +0,0 @@
-# `dist/index.js` is a special file in Actions.
-# When you reference an action with `uses:` in a workflow,
-# `index.js` is the code that will run.
-# For our project, we generate this file through a build process from other source files.
-# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
-name: Check dist/
-
-on:
-  push:
-    branches:
-      - main
-      - master
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  workflow_dispatch:
-
-jobs:
-  check-dist:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Set Node.js 16.x
-        uses: actions/setup-node@v2.4.1
-        with:
-          node-version: 16.x
-      
-      - name: Validate package-lock
-        run: npx lockfile-lint --path package-lock.json --allowed-hosts npm yarn --validate-https
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Rebuild the dist/ directory
-        run: npm run build
-
-      - name: Compare the expected and actual dist/ directories
-        run: |
-          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
-            echo "Detected uncommitted changes after build.  See status below:"
-            git diff
-            exit 1
-          fi
-        id: diff
-
-      # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v2
-        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
-        with:
-          name: dist
-          path: dist/
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -3,22 +3,65 @@ on: # rebuild any PRs and main branch changes
  pull_request:
  push:
    branches:
-      - master
+      - main
      - 'releases/*'

 jobs:
-  build: # make sure build/ci work properly
+
+  # Integration test for successful validation of wrappers
+  test-validation-success:
+    name: 'Test: Validation success'
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v2
-    - run: |
-        npm install
-        npm run all
-  test: # make sure the action works on a clean machine without building
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - uses: ./
+    - uses: actions/checkout@v4
+
+    - name: Run wrapper-validation-action
+      id: action-test
+      uses: ./
      with:
        # to allow the invalid wrapper jar present in test data
        allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+
+    - name: Check outcome
+      env:
+        # Evaluate workflow expressions here as env variable values instead of inside shell script
+        # below to not accidentally inject code into shell script or break its syntax
+        FAILED_WRAPPERS: ${{ steps.action-test.outputs.failed-wrapper }}
+        FAILED_WRAPPERS_MATCHES: ${{ steps.action-test.outputs.failed-wrapper == '' }}
+      run: |
+        if [ "$FAILED_WRAPPERS_MATCHES" != "true" ] ; then
+          echo "'outputs.failed-wrapper' has unexpected content: $FAILED_WRAPPERS"
+          exit 1
+        fi
+
+
+  # Integration test for failing validation of wrappers
+  test-validation-error:
+    name: 'Test: Validation error'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Run wrapper-validation-action
+      id: action-test
+      uses: ./
+      # Expected to fail; validated below
+      continue-on-error: true
+
+    - name: Check outcome
+      env:
+        # Evaluate workflow expressions here as env variable values instead of inside shell script
+        # below to not accidentally inject code into shell script or break its syntax
+        VALIDATION_FAILED: ${{ steps.action-test.outcome == 'failure' }}
+        FAILED_WRAPPERS: ${{ steps.action-test.outputs.failed-wrapper }}
+        FAILED_WRAPPERS_MATCHES: ${{ steps.action-test.outputs.failed-wrapper == '__tests__/data/invalid/gradle-wrapper.jar|__tests__/data/invalid/gradlе-wrapper.jar' }}
+      run: |
+        if [ "$VALIDATION_FAILED" != "true" ] ; then
+          echo "Expected validation to fail, but it didn't"
+          exit 1
+        fi
+
+        if [ "$FAILED_WRAPPERS_MATCHES" != "true" ] ; then
+          echo "'outputs.failed-wrapper' has unexpected content: $FAILED_WRAPPERS"
+          exit 1
+        fi
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,56 +0,0 @@
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
-  schedule:
-    - cron: '24 4 * * 6'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
--- a/.gitignore
+++ b/.gitignore
@ -1,102 +0,0 @@
-# Dependency directory
-node_modules
-
-# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
-# Logs
-logs
-*.log
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-lerna-debug.log*
-
-# Diagnostic reports (https://nodejs.org/api/report.html)
-report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
-
-# Runtime data
-pids
-*.pid
-*.seed
-*.pid.lock
-
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
-# Coverage directory used by tools like istanbul
-coverage
-*.lcov
-
-# nyc test coverage
-.nyc_output
-
-# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# Bower dependency directory (https://bower.io/)
-bower_components
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (https://nodejs.org/api/addons.html)
-build/Release
-
-# Dependency directories
-jspm_packages/
-
-# TypeScript v1 declaration files
-typings/
-
-# TypeScript cache
-*.tsbuildinfo
-
-# Optional npm cache directory
-.npm
-
-# Optional eslint cache
-.eslintcache
-
-# Optional REPL history
-.node_repl_history
-
-# Output of 'npm pack'
-*.tgz
-
-# Yarn Integrity file
-.yarn-integrity
-
-# dotenv environment variables file
-.env
-.env.test
-
-# parcel-bundler cache (https://parceljs.org/)
-.cache
-
-# next.js build output
-.next
-
-# nuxt.js build output
-.nuxt
-
-# vuepress build output
-.vuepress/dist
-
-# Serverless directories
-.serverless/
-
-# FuseBox cache
-.fusebox/
-
-# DynamoDB Local files
-.dynamodb/
-
-# OS metadata
-.DS_Store
-Thumbs.db
-
-# Ignore built ts files
-__tests__/runner/*
-lib/**/*
-
-.idea/
-*.iml
--- a/.prettierignore
+++ b/.prettierignore
@ -1,3 +0,0 @@
-dist/
-lib/
-node_modules/
--- a/.prettierrc.json
+++ b/.prettierrc.json
@ -1,12 +0,0 @@
-{
-  "printWidth": 80,
-  "tabWidth": 2,
-  "useTabs": false,
-  "semi": false,
-  "singleQuote": true,
-  "trailingComma": "none",
-  "bracketSpacing": false,
-  "arrowParens": "avoid",
-  "parser": "typescript",
-  "endOfLine": "auto"
-}
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,12 +0,0 @@
-## Project Goals
-
-We aim to keep the scope of this project limited so that it is easy for maintainers to apply and forget about.
-
-### Goals
-
-To verify that all the gradle-wrapper.jar(s) in a given GitHub repository or pull request against that repo is an official Gradle Wrapper release.
-
-### Non-Goals
-
-It is not the goal of this action to verify that the gradle-wrapper.jar matches a specific version of Gradle,
-nor that the version declared in the build.gradle or gradle-wrapper.properties file matches.
--- a/4
+++ b/4
@ -1,7 +1,7 @@

 The MIT License (MIT)

-Copyright (c) 2018 GitHub, Inc. and contributors
+Copyright (c) 2023 Gradle Inc.

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@ -19,4 +19,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE.
--- a/README.md
+++ b/README.md
@ -1,59 +1,27 @@
-<p align="center">
-  <a href="https://github.com/gradle/wrapper-validation-action/actions"><img alt="gradle/wrapper-validation-action status" src="https://github.com/gradle/wrapper-validation-action/workflows/ci/badge.svg"></a>
-</p>
+> [!IMPORTANT]
+> As of `v3` this action has been superceded by `gradle/actions/wrapper-validation`.
+> Any workflow that uses `gradle/wrapper-validation-action@v3` will transparently delegate to `gradle/actions/wrapper-validation@v3`.
+>
+> Users are encouraged to update their workflows, replacing:
+> ```
+> uses: gradle/wrapper-validation-action@v3
+> ```
+>
+> with
+> ```
+> uses: gradle/actions/wrapper-validation@v3
+> ```
+>
+> See the [wrapper-validation documentation](https://github.com/gradle/actions/tree/main/wrapper-validation) for up-to-date documentation for `gradle/actions/wrapper-validation`. 

 # Gradle Wrapper Validation Action

-This action validates the checksums of [Gradle Wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html) JAR files present in the source tree and fails if unknown Gradle Wrapper JAR files are found.
+This action validates the checksums of _all_ [Gradle Wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html) JAR files present in the repository and fails if any unknown Gradle Wrapper JAR files are found.

-## The Gradle Wrapper Problem in Open Source
+The action should be run in the root of the repository, as it will recursively search for any files named `gradle-wrapper.jar`.

-The `gradle-wrapper.jar` is a binary blob of executable code that is checked into nearly
-[2.8 Million GitHub Repositories](https://github.com/search?l=&q=filename%3Agradle-wrapper.jar&type=Code).
+### Example workflow

-Searching across GitHub you can find many pull requests (PRs) with helpful titles like 'Update to Gradle xxx'.
-Many of these PRs are contributed by individuals outside of the organization maintaining the project.
-
-Many maintainers are incredibly grateful for these kinds of contributions as it takes an item off of their backlog.
-We assume that most maintainers do not consider the security implications of accepting the Gradle Wrapper binary from external contributors.
-There is a certain amount of blind trust open source maintainers have.
-Further compounding the issue is that maintainers are most often greeted in these PRs with a diff to the `gradle-wrapper.jar` that looks like this.
-
-![Image of a GitHub Diff of Gradle Wrapper displaying text 'Binary file not shown.'](https://user-images.githubusercontent.com/1323708/71915219-477d7780-3149-11ea-9254-90c80dbffb0a.png)
-
-A fairly simple social engineering supply chain attack against open source would be contribute a helpful “Updated to Gradle xxx” PR that contains malicious code hidden inside this binary JAR.
-A malicious `gradle-wrapper.jar` could execute, download, or install arbitrary code while otherwise behaving like a completely normal `gradle-wrapper.jar`.
-
-## Solution
-
-We have created a simple GitHub Action that can be applied to any GitHub repository.
-This GitHub Action will do one simple task:
-verify that any and all `gradle-wrapper.jar` files in the repository match the SHA-256 checksums of any of our official releases.
-
-If any are found that do not match the SHA-256 checksums of our official releases, the action will fail.
-
-Additionally, the action will find and SHA-256 hash all
-[homoglyph](https://en.wikipedia.org/wiki/Homoglyph)
-variants of files named `gradle-wrapper.jar`,
-for example a file named `gradlе-wrapper.jar` (which uses a Cyrillic `е` instead of `e`).
-The goal is to prevent homoglyph attacks which may be very difficult to spot in a GitHub diff.
-We created an example [Homoglyph attack PR here](https://github.com/JLLeitschuh/playframework/pull/1/files).
-
-## Usage
-
-### Add to an existing Workflow
-
-Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
-
-```yaml
-uses: gradle/wrapper-validation-action@v1
-```
-
-### Add a new dedicated Workflow
-
-Here's a sample complete workflow you can add to your repositories:
-
-**`.github/workflows/gradle-wrapper-validation.yml`**
 ```yaml
 name: "Validate Gradle Wrapper"
 on: [push, pull_request]
@ -63,44 +31,11 @@ jobs:
    name: "Validation"
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
-      - uses: gradle/wrapper-validation-action@v1
+      - uses: actions/checkout@v4
+      - uses: gradle/wrapper-validation-action@v3
 ```

-## Contributing to an external GitHub Repository
+As of `v3`, the `gradle/wrapper-validation-action` action delegates to `gradle/actions/wrapper-validation` with the same version.
+Configuration and usage of these actions is identical for releases with the same version number.

-Since [GitHub Actions](https://github.com/features/actions)
-are completely free for open source projects and are automatically enabled on almost all projects,
-adding this check to a project's build is as simple as contributing a PR.
-Enabling the check requires no overhead on behalf of the project maintainer beyond merging the action.
-
-You can add this action to your favorite Gradle based project without checking out their source locally via the
-GitHub Web UI thanks to the 'Create new file' button.
-
-![GitHub 'Create new file' Button bar picture](https://user-images.githubusercontent.com/1323708/73676469-6c023c00-4682-11ea-8c0a-5a1e2d29b17f.png)
-
-Simply add a new file named `.github/workflows/gradle-wrapper-validation.yml` with the contents mentioned above.
-
-We recommend the message commit contents of:
- - Title: `Official Gradle Wrapper Validation Action`
- - Body (at minimum): `See: https://github.com/gradle/wrapper-validation-action`
-
-From there, you can easily follow the rest of the prompts to create a Pull Request against the project.
-
-## Reporting Failures
-
-If this GitHub action fails because a `gradle-wrapper.jar` doesn't match one of our published SHA-256 checksums,
-we highly recommend that you reach out to us at [security@gradle.com](mailto:security@gradle.com).
-
-**Note:** `gradle-wrapper.jar` generated by Gradle 3.3 to 4.0 are not verifiable because those files were dynamically generated by Gradle in a non-reproducible way. It's not possible to verify the `gradle-wrapper.jar` for those versions are legitimate using a hash comparison. You should try to determine if the `gradle-wrapper.jar` was generated by one of these versions before running the build.
-
-If the Gradle version in `gradle-wrapper.properties` is out of this range, you may need to regenerate the `gradle-wrapper.jar` by running `./gradlew wrapper`. If you need to use a version of Gradle between 3.3 and 4.0, you can use a newer version of Gradle to generate the `gradle-wrapper.jar`.
-
-If you're curious and want to explore what the differences are between the `gradle-wrapper.jar` in your possession
-and one of our valid release, you can compare them using this online utility: [DiffScope](https://try.diffoscope.org/).
-Regardless of what you find, we still kindly request that you reach out to us and let us know.
-
-## Resources
-
-To learn more about verifying the Gradle Wrapper JAR locally, see our
-[guide on the topic](https://docs.gradle.org/current/userguide/gradle_wrapper.html#wrapper_checksum_verification).
+See the [full wrapper-validation documentation](https://github.com/gradle/actions/tree/main/wrapper-validation) for more details. 
--- a/RELEASING.md
+++ b/RELEASING.md
@ -1,18 +0,0 @@
-# Release
-
-* starting on `master`
-* `npm install`
-* `npm run all`
-* `git checkout releases/v1`
-* `git merge master`
-* `npm prune --production`
-* `git add -f node_modules`
-  * if changed dependencies `git commit -m Dependencies && git push`
-* `git tag v1.0.x && git push --tags` with the actual version number
-* `git tag --delete v1 && git push --delete origin v1 && git tag v1 && git push --tags`
-* go to https://github.com/gradle/wrapper-validation-action/releases
-  * edit and publish the now drafted `v1` release
-  * create a new release from the new full version number `v1.0.x`, list the fixed issues and publish the release
-* go to https://github.com/marketplace/actions/gradle-wrapper-validation
-  * verify that it displays the latest README
-  * verify that the version dropdown displays the new version
--- a/tests/checksums.test.ts
+++ b/tests/checksums.test.ts
@ -1,32 +0,0 @@
-import * as checksums from '../src/checksums'
-import nock from 'nock'
-import {afterEach, describe, expect, test, jest} from '@jest/globals'
-
-jest.setTimeout(30000)
-
-test('fetches wrapper jars checksums', async () => {
-  const validChecksums = await checksums.fetchValidChecksums(false)
-  expect(validChecksums.length).toBeGreaterThan(10)
-})
-
-describe('retry', () => {
-  afterEach(() => {
-    nock.cleanAll()
-  })
-
-  describe('for /versions/all API', () => {
-    test('retry three times', async () => {
-      nock('https://services.gradle.org', {allowUnmocked: true})
-        .get('/versions/all')
-        .times(3)
-        .replyWithError({
-          message: 'connect ECONNREFUSED 104.18.191.9:443',
-          code: 'ECONNREFUSED'
-        })
-
-      const validChecksums = await checksums.fetchValidChecksums(false)
-      expect(validChecksums.length).toBeGreaterThan(10)
-      nock.isDone()
-    })
-  })
-})
--- a/tests/find.test.ts
+++ b/tests/find.test.ts
@ -1,12 +0,0 @@
-import * as path from 'path'
-import * as find from '../src/find'
-import {expect, test} from '@jest/globals'
-
-test('finds test data wrapper jars', async () => {
-  const repoRoot = path.resolve('.')
-  const wrapperJars = await find.findWrapperJars(repoRoot)
-  expect(wrapperJars.length).toBe(3)
-  expect(wrapperJars).toContain('__tests__/data/valid/gradle-wrapper.jar')
-  expect(wrapperJars).toContain('__tests__/data/invalid/gradle-wrapper.jar')
-  expect(wrapperJars).toContain('__tests__/data/invalid/gradlе-wrapper.jar') // homoglyph
-})
--- a/tests/hash.test.ts
+++ b/tests/hash.test.ts
@ -1,12 +0,0 @@
-import * as path from 'path'
-import * as hash from '../src/hash'
-import {expect, test} from '@jest/globals'
-
-test('can sha256 files', async () => {
-  const sha = await hash.sha256File(
-    path.resolve('__tests__/data/invalid/gradle-wrapper.jar')
-  )
-  expect(sha).toEqual(
-    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
-  )
-})
--- a/tests/validate.test.ts
+++ b/tests/validate.test.ts
@ -1,74 +0,0 @@
-import * as path from 'path'
-import * as validate from '../src/validate'
-import {expect, test, jest} from '@jest/globals'
-
-jest.setTimeout(30000)
-
-const baseDir = path.resolve('.')
-
-test('succeeds if all found wrapper jars are valid', async () => {
-  const result = await validate.findInvalidWrapperJars(baseDir, 3, false, [
-    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
-  ])
-
-  expect(result.isValid()).toBe(true)
-
-  expect(result.toDisplayString()).toBe(
-    '✓ Found known Gradle Wrapper JAR files:\n' +
-      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 __tests__/data/invalid/gradle-wrapper.jar\n' +
-      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 __tests__/data/invalid/gradlе-wrapper.jar\n' + // homoglyph
-      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce __tests__/data/valid/gradle-wrapper.jar'
-  )
-})
-
-test('fails if invalid wrapper jars are found', async () => {
-  const result = await validate.findInvalidWrapperJars(baseDir, 3, false, [])
-
-  expect(result.isValid()).toBe(false)
-
-  expect(result.valid).toEqual([
-    new validate.WrapperJar(
-      '__tests__/data/valid/gradle-wrapper.jar',
-      '3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce'
-    )
-  ])
-
-  expect(result.invalid).toEqual([
-    new validate.WrapperJar(
-      '__tests__/data/invalid/gradle-wrapper.jar',
-      'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
-    ),
-    new validate.WrapperJar(
-      '__tests__/data/invalid/gradlе-wrapper.jar', // homoglyph
-      'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
-    )
-  ])
-
-  expect(result.toDisplayString()).toBe(
-    '✗ Found unknown Gradle Wrapper JAR files:\n' +
-      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 __tests__/data/invalid/gradle-wrapper.jar\n' +
-      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 __tests__/data/invalid/gradlе-wrapper.jar\n' + // homoglyph
-      '✓ Found known Gradle Wrapper JAR files:\n' +
-      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce __tests__/data/valid/gradle-wrapper.jar'
-  )
-})
-
-test('fails if not enough wrapper jars are found', async () => {
-  const result = await validate.findInvalidWrapperJars(baseDir, 4, false, [])
-
-  expect(result.isValid()).toBe(false)
-
-  expect(result.errors).toEqual([
-    'Expected to find at least 4 Gradle Wrapper JARs but got only 3'
-  ])
-
-  expect(result.toDisplayString()).toBe(
-    '✗ Found unknown Gradle Wrapper JAR files:\n' +
-      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 __tests__/data/invalid/gradle-wrapper.jar\n' +
-      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 __tests__/data/invalid/gradlе-wrapper.jar\n' + // homoglyph
-      '✗ Other validation errors:\n' +
-      '  Expected to find at least 4 Gradle Wrapper JARs but got only 3\n' +
-      '✓ Found known Gradle Wrapper JAR files:\n' +
-      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce __tests__/data/valid/gradle-wrapper.jar'
-  )
-})
--- a/action.yml
+++ b/action.yml
@ -4,21 +4,35 @@ author: 'Gradle'

 inputs:
  min-wrapper-count:
-    description: 'Minimum expected wrapper JAR files'
+    description: 'Minimum number expected gradle-wrapper.jar files found in the repository. Non-negative number. Higher number is useful in monorepos where each project might have their own wrapper.'
    required: false
    default: '1'
  allow-snapshots:
-    description: 'Allow snapshot Gradle versions'
+    description: 'Allow Gradle snapshot versions during checksum verification. Boolean, true or false.'
    required: false
    default: 'false'
  allow-checksums:
-    description: 'Allow arbitrary checksums, comma separated'
+    description: 'Accept arbitrary user-defined checksums as valid. Comma separated list of SHA256 checksums (lowercase hex).'
    required: false
    default: ''

+outputs:
+  failed-wrapper:
+    description: 'The path of the Gradle Wrapper(s) JAR that failed validation. Path is a platform-dependent relative path to git repository root. Multiple paths are separated by a | character.'
+    value: ${{ steps.wrapper-validation.outputs.failed-wrapper }}
+
 runs:
-  using: 'node16'
-  main: 'dist/index.js'
+  using: "composite"
+  steps:
+    - name: Wrapper Validation
+      id: wrapper-validation
+      uses: gradle/actions/wrapper-validation@v3.5.0
+      with:
+        min-wrapper-count: ${{ inputs.min-wrapper-count }}
+        allow-snapshots: ${{ inputs.allow-snapshots }}
+        allow-checksums: ${{ inputs.allow-checksums }}
+      env:
+        GRADLE_ACTION_ID: gradle/wrapper-validation-action

 branding:
  icon: 'shield'
--- a/dist/index.js
+++ b/dist/index.js
--- a/jest.config.js
+++ b/jest.config.js
@ -1,8 +0,0 @@
-module.exports = {
-  clearMocks: true,
-  moduleFileExtensions: ['js', 'ts', 'json'],
-  testMatch: ['**/*.test.ts'],
-  preset: 'ts-jest',
-  verbose: true,
-  setupFilesAfterEnv: ['./jest.setup.js']
-}
--- a/jest.setup.js
+++ b/jest.setup.js
@ -1 +0,0 @@
-jest.setTimeout(10000) // in milliseconds
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,47 +0,0 @@
-{
-  "name": "wrapper-validation-action",
-  "version": "0.0.0",
-  "private": true,
-  "description": "Gradle Wrapper Validation Action",
-  "main": "lib/main.js",
-  "scripts": {
-    "build": "tsc",
-    "format": "prettier --write **/*.ts",
-    "format-check": "prettier --check **/*.ts",
-    "lint": "eslint src/**/*.ts",
-    "pack": "ncc build",
-    "test": "jest",
-    "all": "npm run build && npm run format && npm run lint && npm run pack && npm test"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/gradle/wrapper-validation-action.git"
-  },
-  "keywords": [
-    "actions",
-    "node",
-    "setup"
-  ],
-  "author": "Gradle Inc.",
-  "license": "MIT",
-  "dependencies": {
-    "@actions/core": "1.10.0",
-    "typed-rest-client": "1.8.4",
-    "unhomoglyph": "1.0.6"
-  },
-  "devDependencies": {
-    "@types/node": "12.20.16",
-    "@typescript-eslint/parser": "5.8.0",
-    "@vercel/ncc": "0.29.0",
-    "eslint": "8.5.0",
-    "eslint-plugin-github": "4.3.5",
-    "eslint-plugin-jest": "25.3.0",
-    "glob-parent": ">=5.1.2",
-    "jest": "27.0.6",
-    "js-yaml": "4.1.0",
-    "nock": "13.1.1",
-    "prettier": "2.3.2",
-    "ts-jest": "27.0.4",
-    "typescript": "4.5.4"
-  }
-}
--- a/src/checksums.ts
+++ b/src/checksums.ts
@ -1,40 +0,0 @@
-import * as httpm from 'typed-rest-client/HttpClient'
-
-const httpc = new httpm.HttpClient(
-  'gradle/wrapper-validation-action',
-  undefined,
-  {allowRetries: true, maxRetries: 3}
-)
-
-export async function fetchValidChecksums(
-  allowSnapshots: boolean
-): Promise<string[]> {
-  const all = await httpGetJsonArray('https://services.gradle.org/versions/all')
-  const withChecksum = all.filter(
-    entry =>
-      typeof entry === 'object' &&
-      entry != null &&
-      entry.hasOwnProperty('wrapperChecksumUrl')
-  )
-  const allowed = withChecksum.filter(
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    (entry: any) => allowSnapshots || !entry.snapshot
-  )
-  const checksumUrls = allowed.map(
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    (entry: any) => entry.wrapperChecksumUrl as string
-  )
-  const checksums = await Promise.all(
-    checksumUrls.map(async (url: string) => httpGetText(url))
-  )
-  return [...new Set(checksums)]
-}
-
-async function httpGetJsonArray(url: string): Promise<unknown[]> {
-  return JSON.parse(await httpGetText(url))
-}
-
-async function httpGetText(url: string): Promise<string> {
-  const response = await httpc.get(url)
-  return await response.readBody()
-}
--- a/src/find.ts
+++ b/src/find.ts
@ -1,27 +0,0 @@
-import * as util from 'util'
-import * as path from 'path'
-import * as fs from 'fs'
-import unhomoglyph from 'unhomoglyph'
-
-const readdir = util.promisify(fs.readdir)
-
-export async function findWrapperJars(baseDir: string): Promise<string[]> {
-  const files = await recursivelyListFiles(baseDir)
-  return files
-    .filter(file => unhomoglyph(file).endsWith('gradle-wrapper.jar'))
-    .map(wrapperJar => path.relative(baseDir, wrapperJar))
-    .sort((a, b) => a.localeCompare(b))
-}
-
-async function recursivelyListFiles(baseDir: string): Promise<string[]> {
-  const childrenNames = await readdir(baseDir)
-  const childrenPaths = await Promise.all(
-    childrenNames.map(async childName => {
-      const childPath = path.resolve(baseDir, childName)
-      return fs.lstatSync(childPath).isDirectory()
-        ? recursivelyListFiles(childPath)
-        : new Promise(resolve => resolve([childPath]))
-    })
-  )
-  return Array.prototype.concat(...childrenPaths)
-}
--- a/src/hash.ts
+++ b/src/hash.ts
@ -1,18 +0,0 @@
-import * as crypto from 'crypto'
-import * as fs from 'fs'
-
-export async function sha256File(path: string): Promise<string> {
-  return new Promise((resolve, reject) => {
-    const hash = crypto.createHash('sha256')
-    const stream = fs.createReadStream(path)
-    stream.on('data', data => hash.update(data))
-    stream.on('end', () => {
-      stream.destroy()
-      resolve(hash.digest('hex'))
-    })
-    stream.on('error', error => {
-      stream.destroy()
-      reject(error)
-    })
-  })
-}
--- a/src/main.ts
+++ b/src/main.ts
@ -1,30 +0,0 @@
-import * as path from 'path'
-import * as core from '@actions/core'
-
-import * as validate from './validate'
-
-export async function run(): Promise<void> {
-  try {
-    const result = await validate.findInvalidWrapperJars(
-      path.resolve('.'),
-      +core.getInput('min-wrapper-count'),
-      core.getInput('allow-snapshots') === 'true',
-      core.getInput('allow-checksums').split(',')
-    )
-    if (result.isValid()) {
-      core.info(result.toDisplayString())
-    } else {
-      core.setFailed(
-        `Gradle Wrapper Validation Failed!\n  See https://github.com/gradle/wrapper-validation-action#reporting-failures\n${result.toDisplayString()}`
-      )
-    }
-  } catch (error) {
-    if (error instanceof Error) {
-      core.setFailed(error.message)
-    } else {
-      core.setFailed(`Unknown object was thrown: ${error}`)
-    }
-  }
-}
-
-run()
--- a/src/validate.ts
+++ b/src/validate.ts
@ -1,86 +0,0 @@
-import * as find from './find'
-import * as checksums from './checksums'
-import * as hash from './hash'
-
-export async function findInvalidWrapperJars(
-  gitRepoRoot: string,
-  minWrapperCount: number,
-  allowSnapshots: boolean,
-  allowChecksums: string[]
-): Promise<ValidationResult> {
-  const wrapperJars = await find.findWrapperJars(gitRepoRoot)
-  const result = new ValidationResult([], [])
-  if (wrapperJars.length < minWrapperCount) {
-    result.errors.push(
-      `Expected to find at least ${minWrapperCount} Gradle Wrapper JARs but got only ${wrapperJars.length}`
-    )
-  }
-  if (wrapperJars.length > 0) {
-    const validChecksums = await checksums.fetchValidChecksums(allowSnapshots)
-    validChecksums.push(...allowChecksums)
-    for (const wrapperJar of wrapperJars) {
-      const sha = await hash.sha256File(wrapperJar)
-      if (!validChecksums.includes(sha)) {
-        result.invalid.push(new WrapperJar(wrapperJar, sha))
-      } else {
-        result.valid.push(new WrapperJar(wrapperJar, sha))
-      }
-    }
-  }
-  return result
-}
-
-export class ValidationResult {
-  valid: WrapperJar[]
-  invalid: WrapperJar[]
-  errors: string[] = []
-
-  constructor(valid: WrapperJar[], invalid: WrapperJar[]) {
-    this.valid = valid
-    this.invalid = invalid
-  }
-
-  isValid(): boolean {
-    return this.invalid.length === 0 && this.errors.length === 0
-  }
-
-  toDisplayString(): string {
-    let displayString = ''
-    if (this.invalid.length > 0) {
-      displayString += `✗ Found unknown Gradle Wrapper JAR files:\n${ValidationResult.toDisplayList(
-        this.invalid
-      )}`
-    }
-    if (this.errors.length > 0) {
-      if (displayString.length > 0) displayString += '\n'
-      displayString += `✗ Other validation errors:\n  ${this.errors.join(
-        `\n  `
-      )}`
-    }
-    if (this.valid.length > 0) {
-      if (displayString.length > 0) displayString += '\n'
-      displayString += `✓ Found known Gradle Wrapper JAR files:\n${ValidationResult.toDisplayList(
-        this.valid
-      )}`
-    }
-    return displayString
-  }
-
-  private static toDisplayList(wrapperJars: WrapperJar[]): string {
-    return `  ${wrapperJars.map(wj => wj.toDisplayString()).join(`\n  `)}`
-  }
-}
-
-export class WrapperJar {
-  path: string
-  checksum: string
-
-  constructor(path: string, checksum: string) {
-    this.path = path
-    this.checksum = checksum
-  }
-
-  toDisplayString(): string {
-    return `${this.checksum} ${this.path}`
-  }
-}
--- a/tsconfig.json
+++ b/tsconfig.json
@ -1,12 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2021",                       /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
-    "module": "commonjs",                     /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */
-    "outDir": "./lib",                        /* Redirect output structure to the directory. */
-    "rootDir": "./src",                       /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
-    "strict": true,                           /* Enable all strict type-checking options. */
-    "noImplicitAny": true,                    /* Raise error on expressions and declarations with an implied 'any' type. */
-    "esModuleInterop": true                   /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
-  },
-  "exclude": ["node_modules", "**/*.test.ts"]
-}