RFR: 8263204: Add Gradle Wrapper Validation Action

John Neffenger github.com+1413266+jgneff at openjdk.java.net
Mon Mar 8 21:28:24 UTC 2021 

On Mon, 8 Mar 2021 20:38:09 GMT, Kevin Rushforth <kcr at openjdk.org> wrote:

>> See the [Gradle Wrapper Validation Action](https://github.com/marketplace/actions/gradle-wrapper-validation) for details on this pull request. I'll test the changes with the following sequence of commits:
>> 
>> 1. This commit adds a tampered Gradle Wrapper JAR file, which should go undetected.
>> 2. The next commit will add the Official Gradle Wrapper Validation Action, which should detect the tampered file.
>> 3. The final commit will remove the tampered file and replace it with the original Gradle 4.8 Wrapper.
>
>> 1. This commit adds a tampered Gradle Wrapper JAR file, which should go undetected.
>> 2. The next commit will add the Official Gradle Wrapper Validation Action, which should detect the tampered file.
>> 3. The final commit will remove the tampered file and replace it with the original Gradle 4.8 Wrapper.
> 
> This sounds like a good plan to test it.

So far, so good. The tampered file was not detected:

![all-checks-have-passed](https://user-images.githubusercontent.com/1413266/110383521-411ab200-8011-11eb-88ee-27102e0b6d81.png)

The next commit will add the Official Gradle Wrapper Validation Action.

-------------

PR: https://git.openjdk.java.net/jfx/pull/419

More information about the openjfx-dev mailing list