Introduce configuration option to detect gradle versions from gradle-wrapper.properties
#145
Conversation
GitHub detected the "resolves #..." as keyword and linked the issue, so it would be closed if this PR here is merged. I assume this is not intended since as you said it only partially resolves it. |
mikepenz
force-pushed
the
feature/detect_versions
branch
from
3b03a0a
to
27b277e
Compare
|
@mikepenz apologies for the extended delay responding to this. I'm notionally responsible for maintenance of this action, but haven't had time to make it a priority. |
|
The changes to |
mikepenz
force-pushed
the
feature/detect_versions
branch
2 times, most recently
from
7459b78
to
1fb4000
Compare
|
@bigdaz no worries. Thank you for having a look at it. |
|
@mikepenz @Marcono1234 @JLLeitschuh With the change to include hardcoded checksums, do y'all feel that this is still desirable? I haven't had time to review these changes. It seems that the upgrade to Node 20 may have made the network situation worse, so my current thinking is that we promptly release Further, has this PR been updated to take advantage of the hardcoded checksums? |
Oof, well in that case, absolutely cut a release ASAP. Happy to consider this PR later |
|
I rebased this PR before the hardcoded checksum PR was merged. Need to check again as it appears to be in significant conflicts now. |
Yep, see these comments from @deejay1: #174 (comment) |
|
@mikepenz, the new |
I'm concerned about relying upon this generally. In my experience, many people don't know how to use the Given this, I'm concerned that this change will significantly increase the false-positive rate of this action, which will decrease user trust in it. If the hard-coded checksums solve the problem, I'd be more inclined to see if that solves most of the pain before we attempt including this strategy as well. If we were to move forward with this strategy, I'd advise that we instead use the |
…detected versions - version is detected from gradle-wrapper.properties - checksum is only fetched for these particular versions - FIX gradle#96 - update action.yml with new config option - update and introduce testcases for the new configuration option
mikepenz
force-pushed
the
feature/detect_versions
branch
from
b1516fa
to
ba65536
Compare
|
Thank you @JLLeitschuh for looking into this PR. I rebased it just in case, however feel free to close it, given the hardcoded checksum solution may solve it now. It may be valid to re-work this PR to offer a "strict" mode which would be more restrictive than just accepting any hash from the whole set. With the intention to force users to have the correct hash for the correct version. With some more messaging to inform that the double wrapper update may be the cause of the issue. |
I do understand that this PR does not match the "contribution guideline" specifically on the requirement for:
However, seeing related issues still being kept open - and overall comments indicate positive interest towards such a functionality (E.g. #96 (comment), #35 (comment))
It would be great to see this functionality being added as I believe this will speed up the validation as a whole, but also lower the network utilization. Especially as recently the occurrences for request timeouts seem to increase (with builds frequently failing) - Related tickets # 46, # 40,
This PR introduces a new configuration option (which is disabled by default) called
detect-version.When enabled the action will now try to retrieve the gradle version associated with a gradle wrapper via the
distributionUrlin thegradle-wrapper.properties.Furthermore, it adjusts the checksum fetching condition to only retrieve checksums for the detected versions (instead of fetching versions for all possible releases).
This PR aims to fix to open issue: #96
However, while it was not specifically designed for this purpose it resolves partially #142 as it will only include checksums for versions detected.
A future update could include that we retain wrapper <-> version && checksum <-> version details to only validate the specific combination.
Additionally, I believe that the initial discovery and parsing of the
gradle-wrapper.propertiesunlock and enable future expansions to for example handle: #35The PR includes the relevant changes to the action and updated test cases to cover the new functionality.