Allow wrapper validation via the 'setup-gradle' action (#162)

Adds a 'validate-wrappers' option to `gradle/actions/setup-gradle`, which defaults to 'false'. When 'true', the action will first validate all Gradle wrappers in the repository before proceeding. Fixes #161
2025-08-18 23:01:27 +08:00 · 2024-04-11 12:40:45 -06:00 · 2024-04-11 12:40:45 -06:00 · 38e549269f
commit 38e549269f
parent 1c25312b02 e9d1819b96
15 changed files with 148 additions and 66 deletions
--- a/.github/actions/init-integ-test/action.yml
+++ b/.github/actions/init-integ-test/action.yml
@ -11,6 +11,7 @@ runs:
    # Downloads a 'dist' directory artifact that was uploaded in an earlier 'build-dist' step
    - name: Download dist
      if: ${{ !env.ACT }}
      uses: actions/download-artifact@v4
      with:
        name: dist
--- a/.github/workflows/ci-integ-test.yml
+++ b/.github/workflows/ci-integ-test.yml
@ -183,3 +183,5 @@ jobs:
  wrapper-validation:
    needs: [determine-suite, build-distribution]
    uses: ./.github/workflows/integ-test-wrapper-validation.yml
    with:
      runner-os: '["ubuntu-latest"]'
--- a/.github/workflows/integ-test-wrapper-validation.yml
+++ b/.github/workflows/integ-test-wrapper-validation.yml
@ -1,12 +1,40 @@
-name: Test sample Kotlin DSL project
+name: Test wrapper validation
 on:
  workflow_call:
    inputs:
      runner-os:
        type: string
        default: '["ubuntu-latest", "windows-latest", "macos-latest"]'
 jobs:
-  # Integration test for successful validation of wrappers
+  test-setup-gradle-validation:
    strategy:
      fail-fast: false
      matrix:
        os: ${{fromJSON(inputs.runner-os)}}
    runs-on: ${{ matrix.os }}
    steps:
    - name: Checkout sources
      uses: actions/checkout@v4
    - name: Initialize integ-test
      uses: ./.github/actions/init-integ-test
    - name: Run wrapper-validation-action
      id: setup-gradle
      uses: ./setup-gradle
      with:
        validate-wrappers: true
      continue-on-error: true
    - name: Check failure
      run: |
        if [ "${{ steps.setup-gradle.outcome}}" != "failure" ] ; then
          echo "Expected validation to fail, but it didn't"
          exit 1
        fi
  test-validation-success:
    name: 'Test: Validation success'
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
@ -33,9 +61,7 @@ jobs:
          exit 1
        fi
  # Integration test for failing validation of wrappers
  test-validation-error:
    name: 'Test: Validation error'
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
--- a/23
+++ b/23
@ -3,8 +3,21 @@
 cd sources
 npm install
-if [ "$1" == "all" ]; then
+case "$1" in
-    npm run all
+    all)
-else
+        nprm run all
-    npm run build
+        ;;
-fi
+    act)
        # Build and copy outputs to the dist directory
        npm run build
        cd ..
        cp -r sources/dist .
        # Run act
        $@
        # Revert the changes to the dist directory
        git co -- dist
        ;;
    *)
        npm run build
        ;;
 esac
--- a/docs/setup-gradle.md
+++ b/docs/setup-gradle.md
@ -503,6 +503,21 @@ located at `USER_HOME/.gradle/init.d/gradle-actions.build-result-capture.init.gr
 If you are adding any custom init scripts to the `USER_HOME/.gradle/init.d` directory, it may be necessary to ensure these files are applied before `gradle-actions.build-result-capture.init.gradle`.
 Since Gradle applies init scripts in alphabetical order, one way to ensure this is via file naming.
 ## Gradle Wrapper validation
 Instead of using the [wrapper-validation action](./wrapper-validation.md) separately, you can enable 
 wrapper validation directly in your Setup Gradle step.
 ```yaml
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@v3
      with:
        validate-wrappers: true
 ```
 If you need more advanced configuration, then you're advised to continue using a separate workflow step
 with `gradle/actions/wrapper-validation`.
 ## Support for GitHub Enterprise Server (GHES)
 You can use the `setup-gradle` action on GitHub Enterprise Server, and benefit from the improved integration with Gradle. Depending on the version of GHES you are running, certain features may be limited:
--- a/setup-gradle/action.yml
+++ b/setup-gradle/action.yml
@ -100,6 +100,14 @@ inputs:
    description: Indicate that you agree to the Build Scan® terms of use. This input value must be "yes".
    required: false
  # Wrapper validation configuration
  validate-wrappers:
    description: |
      When 'true', the action will perform the 'wrapper-validation' action automatically.
      If the wrapper checksums are not valid, the action will fail.
    required: false
    default: false
  # DEPRECATED ACTION INPUTS
  build-scan-terms-of-service-url:
    description: The URL to the Build Scan® terms of use. This input must be set to 'https://gradle.com/terms-of-service'.
--- a/sources/src/configuration.ts
+++ b/sources/src/configuration.ts
@ -261,6 +261,10 @@ export class GradleExecutionConfig {
    }
 }
 export function doValidateWrappers(): boolean {
    return getBooleanInput('validate-wrappers')
 }
 // Internal parameters
 export function getJobMatrix(): string {
    return core.getInput('workflow-job-context')
--- a/sources/src/dependency-graph.ts
+++ b/sources/src/dependency-graph.ts
@ -9,7 +9,7 @@ import type {PullRequestEvent} from '@octokit/webhooks-types'
 import * as path from 'path'
 import fs from 'fs'
-import {PostActionJobFailure} from './errors'
+import {JobFailure} from './errors'
 import {DependencyGraphConfig, DependencyGraphOption, getGithubToken, getWorkspaceDirectory} from './configuration'
 const DEPENDENCY_GRAPH_PREFIX = 'dependency-graph_'
@ -208,7 +208,7 @@ function markProcessed(dependencyGraphFile: string): void {
 function warnOrFail(config: DependencyGraphConfig, option: String, error: unknown): void {
    if (!config.getDependencyGraphContinueOnFailure()) {
-        throw new PostActionJobFailure(error)
+        throw new JobFailure(error)
    }
    core.warning(`Failed to ${option} dependency graph. Will continue.\n${String(error)}`)
--- a/sources/src/dependency-submission/main.ts
+++ b/sources/src/dependency-submission/main.ts
@ -1,5 +1,3 @@
 import * as core from '@actions/core'
 import * as setupGradle from '../setup-gradle'
 import * as gradle from '../execution/gradle'
 import * as dependencyGraph from '../dependency-graph'
@ -14,6 +12,7 @@ import {
    setActionId
 } from '../configuration'
 import {saveDeprecationState} from '../deprecation-collector'
 import {handleMainActionError} from '../errors'
 /**
 * The main entry point for the action, called by Github Actions for the step.
@ -56,10 +55,7 @@ export async function run(): Promise<void> {
        saveDeprecationState()
    } catch (error) {
-        core.setFailed(String(error))
+        handleMainActionError(error)
        if (error instanceof Error && error.stack) {
            core.info(error.stack)
        }
    }
    // Explicit process.exit() to prevent waiting for hanging promises.
--- a/sources/src/dependency-submission/post.ts
+++ b/sources/src/dependency-submission/post.ts
@ -1,13 +1,12 @@
 import * as core from '@actions/core'
 import * as setupGradle from '../setup-gradle'
 import {CacheConfig, SummaryConfig} from '../configuration'
-import {PostActionJobFailure} from '../errors'
+import {handlePostActionError} from '../errors'
 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
 // throw an uncaught exception.  Instead of failing this action, just warn.
-process.on('uncaughtException', e => handleFailure(e))
+process.on('uncaughtException', e => handlePostActionError(e))
 /**
 * The post-execution entry point for the action, called by Github Actions after completing all steps for the Job.
@ -16,22 +15,11 @@ export async function run(): Promise<void> {
    try {
        await setupGradle.complete(new CacheConfig(), new SummaryConfig())
    } catch (error) {
-        if (error instanceof PostActionJobFailure) {
+        handlePostActionError(error)
            core.setFailed(String(error))
        } else {
            handleFailure(error)
        }
    }
    // Explicit process.exit() to prevent waiting for promises left hanging by `@actions/cache` on save.
    process.exit()
 }
 function handleFailure(error: unknown): void {
    core.warning(`Unhandled error in Gradle post-action - job will continue: ${error}`)
    if (error instanceof Error && error.stack) {
        core.info(error.stack)
    }
 }
 run()
--- a/sources/src/errors.ts
+++ b/sources/src/errors.ts
@ -1,4 +1,6 @@
-export class PostActionJobFailure extends Error {
+import * as core from '@actions/core'
 export class JobFailure extends Error {
    constructor(error: unknown) {
        if (error instanceof Error) {
            super(error.message)
@ -9,3 +11,33 @@ export class PostActionJobFailure extends Error {
        }
    }
 }
 export function handleMainActionError(error: unknown): void {
    if (error instanceof AggregateError) {
        core.setFailed(`Multiple errors returned`)
        for (const err of error.errors) {
            core.error(`Error ${error.errors.indexOf(err)}: ${err.message}`)
            if (err.stack) {
                core.info(err.stack)
            }
        }
    } else if (error instanceof JobFailure) {
        core.setFailed(String(error)) // No stack trace for JobFailure: these are known errors
    } else {
        core.setFailed(String(error))
        if (error instanceof Error && error.stack) {
            core.info(error.stack)
        }
    }
 }
 export function handlePostActionError(error: unknown): void {
    if (error instanceof JobFailure) {
        core.setFailed(String(error))
    } else {
        core.warning(`Unhandled error in Gradle post-action - job will continue: ${error}`)
        if (error instanceof Error && error.stack) {
            core.info(error.stack)
        }
    }
 }
--- a/sources/src/setup-gradle.ts
+++ b/sources/src/setup-gradle.ts
@ -10,6 +10,8 @@ import {loadBuildResults, markBuildResultsProcessed} from './build-results'
 import {CacheListener, generateCachingReport} from './caching/cache-reporting'
 import {DaemonController} from './daemon-controller'
 import {BuildScanConfig, CacheConfig, SummaryConfig, getWorkspaceDirectory} from './configuration'
 import {findInvalidWrapperJars} from './wrapper-validation/validate'
 import {JobFailure} from './errors'
 const GRADLE_SETUP_VAR = 'GRADLE_BUILD_ACTION_SETUP_COMPLETED'
 const USER_HOME = 'USER_HOME'
@ -96,3 +98,16 @@ async function determineUserHome(): Promise<string> {
    core.debug(`Determined user.home from java -version output: '${userHome}'`)
    return userHome
 }
 export async function checkNoInvalidWrapperJars(rootDir = getWorkspaceDirectory()): Promise<void> {
    const allowedChecksums = process.env['ALLOWED_GRADLE_WRAPPER_CHECKSUMS']?.split(',') || []
    const result = await findInvalidWrapperJars(rootDir, 1, false, allowedChecksums)
    if (result.isValid()) {
        core.info(result.toDisplayString())
    } else {
        core.info(result.toDisplayString())
        throw new JobFailure(
            `Gradle Wrapper Validation Failed!\n  See https://github.com/gradle/actions/blob/main/docs/wrapper-validation.md#reporting-failures\n${result.toDisplayString()}`
        )
    }
 }
--- a/sources/src/setup-gradle/main.ts
+++ b/sources/src/setup-gradle/main.ts
@ -1,5 +1,3 @@
 import * as core from '@actions/core'
 import * as setupGradle from '../setup-gradle'
 import * as gradle from '../execution/gradle'
 import * as dependencyGraph from '../dependency-graph'
@ -8,10 +6,12 @@ import {
    CacheConfig,
    DependencyGraphConfig,
    GradleExecutionConfig,
    doValidateWrappers,
    getActionId,
    setActionId
 } from '../configuration'
 import {recordDeprecation, saveDeprecationState} from '../deprecation-collector'
 import {handleMainActionError} from '../errors'
 /**
 * The main entry point for the action, called by Github Actions for the step.
@ -26,6 +26,11 @@ export async function run(): Promise<void> {
            setActionId('gradle/actions/setup-gradle')
        }
        // Check for invalid wrapper JARs if requested
        if (doValidateWrappers()) {
            await setupGradle.checkNoInvalidWrapperJars()
        }
        // Configure Gradle environment (Gradle User Home)
        await setupGradle.setup(new CacheConfig(), new BuildScanConfig())
@ -41,10 +46,7 @@ export async function run(): Promise<void> {
        saveDeprecationState()
    } catch (error) {
-        core.setFailed(String(error))
+        handleMainActionError(error)
        if (error instanceof Error && error.stack) {
            core.info(error.stack)
        }
    }
    // Explicit process.exit() to prevent waiting for hanging promises.
--- a/sources/src/setup-gradle/post.ts
+++ b/sources/src/setup-gradle/post.ts
@ -1,15 +1,14 @@
 import * as core from '@actions/core'
 import * as setupGradle from '../setup-gradle'
 import * as dependencyGraph from '../dependency-graph'
 import {CacheConfig, DependencyGraphConfig, SummaryConfig} from '../configuration'
-import {PostActionJobFailure} from '../errors'
+import {handlePostActionError} from '../errors'
 import {emitDeprecationWarnings, restoreDeprecationState} from '../deprecation-collector'
 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
 // throw an uncaught exception.  Instead of failing this action, just warn.
-process.on('uncaughtException', e => handleFailure(e))
+process.on('uncaughtException', e => handlePostActionError(e))
 /**
 * The post-execution entry point for the action, called by Github Actions after completing all steps for the Job.
@ -24,22 +23,11 @@ export async function run(): Promise<void> {
            await dependencyGraph.complete(new DependencyGraphConfig())
        }
    } catch (error) {
-        if (error instanceof PostActionJobFailure) {
+        handlePostActionError(error)
            core.setFailed(String(error))
        } else {
            handleFailure(error)
        }
    }
    // Explicit process.exit() to prevent waiting for promises left hanging by `@actions/cache` on save.
    process.exit()
 }
 function handleFailure(error: unknown): void {
    core.warning(`Unhandled error in Gradle post-action - job will continue: ${error}`)
    if (error instanceof Error && error.stack) {
        core.info(error.stack)
    }
 }
 run()
--- a/sources/src/wrapper-validation/main.ts
+++ b/sources/src/wrapper-validation/main.ts
@ -2,6 +2,7 @@ import * as path from 'path'
 import * as core from '@actions/core'
 import * as validate from './validate'
 import {handleMainActionError} from '../errors'
 export async function run(): Promise<void> {
    try {
@ -15,23 +16,14 @@ export async function run(): Promise<void> {
            core.info(result.toDisplayString())
        } else {
            core.setFailed(
-                `Gradle Wrapper Validation Failed!\n  See https://github.com/gradle/wrapper-validation-action#reporting-failures\n${result.toDisplayString()}`
+                `Gradle Wrapper Validation Failed!\n  See https://github.com/gradle/actions/blob/main/docs/wrapper-validation.md#reporting-failures\n${result.toDisplayString()}`
            )
            if (result.invalid.length > 0) {
                core.setOutput('failed-wrapper', `${result.invalid.map(w => w.path).join('|')}`)
            }
        }
    } catch (error) {
-        if (error instanceof AggregateError) {
+        handleMainActionError(error)
            core.setFailed(`Multiple errors returned`)
            for (const err of error.errors) {
                core.error(`Error ${error.errors.indexOf(err)}: ${err.message}`)
            }
        } else if (error instanceof Error) {
            core.setFailed(error.message)
        } else {
            core.setFailed(`Unknown object was thrown: ${error}`)
        }
    }
 }