The local Gradle wrapper-related files within the project do not match the expected files for the Gradle version specified within the gradle-wrapper.properties file
This is likely occurring as the expected ./gradlew wrapper call was not previously used to upgrade the wrapper and the file was edited manually
To confirm this locally, you can run gradlew wrapper --gradle-version=8.6 --distribution-type=bin locally and observe there's a difference in a number of the related wrapper files
$ ./gradlew wrapper --gradle-version=8.6 --distribution-type=bin
# [Truncated]
BUILD SUCCESSFUL in 5s
4 actionable tasks: 2 executed, 2 up-to-date
$ git status --porcelain
M gradle/wrapper/gradle-wrapper.jar
M gradle/wrapper/gradle-wrapper.properties
M gradlew
M gradlew.bat
What I've changed
This change contains the result of running the following command:
Running the above locally within the project will ensure the relevant Gradle wrapper files for Gradle 8.6 are added.
Additionally, by providing the expected SHA-256 checksum for the Gradle 8.6 distribution (source) in this way, a distributionSha256Sum property is created within gradle-wrapper.properties which provides additional protection against Gradle supply chain attacks by ensuring future downloads via the distributionUrl are matched against the checksum and failing the builds otherwise.
Background
The local Gradle wrapper-related files within the project do not match the expected files for the Gradle version specified within the
gradle-wrapper.properties
fileThis is likely occurring as the expected
./gradlew wrapper
call was not previously used to upgrade the wrapper and the file was edited manuallyTo confirm this locally, you can run
gradlew wrapper --gradle-version=8.6 --distribution-type=bin
locally and observe there's a difference in a number of the related wrapper filesWhat I've changed
This change contains the result of running the following command:
Running the above locally within the project will ensure the relevant Gradle wrapper files for Gradle 8.6 are added.
Additionally, by providing the expected SHA-256 checksum for the Gradle 8.6 distribution (source) in this way, a
distributionSha256Sum
property is created within gradle-wrapper.properties which provides additional protection against Gradle supply chain attacks by ensuring future downloads via thedistributionUrl
are matched against the checksum and failing the builds otherwise.See this post and relevant docs for more information.
Any questions, feel free to ask!