search

nickbutcher / plaid

An Android app which provides design news & inspiration as well as being an example of implementing material design.
Apache License 2.0
16.26k stars 3.16k forks source link

Official Gradle Wrapper Validation GitHub Action #816

Closed JLLeitschuh closed 4 years ago

JLLeitschuh commented 4 years ago

:loudspeaker: Type of change

:scroll: Description

Add a GitHub Action for verifying that the gradle-wrapper.jar is an official Gradle release.

:bulb: Motivation and Context

See: https://github.com/gradle/wrapper-validation-action

:green_heart: How did you test it?

:pencil: Checklist

:crystal_ball: Next steps

JLLeitschuh commented 4 years ago

Friendly ping?

nickbutcher commented 4 years ago

Thanks for the contribution!

trietbui85 commented 4 years ago

Oh, first time I know about wrapper-validation-action - it would be helpful to protect us from malicious gradle-wrapper.jar. How do you know about it @JLLeitschuh ?

JLLeitschuh commented 4 years ago

@anticafe I'm one of the authors (mostly did documentation for it though) and I also work for Gradle.

I wrote our blog post about it: https://blog.gradle.org/gradle-wrapper-checksum-verification-github-action