Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Support renamed gradle verification action and callers which pin to hash #4097

Merged
merged 2 commits into from May 9, 2024
Merged

🐛 Support renamed gradle verification action and callers which pin to hash #4097

merged 2 commits into from May 9, 2024

Conversation

spencerschrock
Copy link
Contributor

What kind of change does this PR introduce?

bug fix

What is the current behavior?

gradle/wrapper-validation-action must be present and pinned to a hash

What is the new behavior (if this is a feature change)?**

  • detects gradle/actions/wrapper-validation
    • From gradle/wrapper-validation-action's readme: "As of v3 this action has been superceded by gradle/actions/wrapper-validation"
  • Also support actions pinned to a hash.
  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #2477
Fixes #2357

Related to ossf/scorecard-action#782 (comment), but requires a release (which was going to be cut today anyway)

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Binary-Artifacts check now supports the new gradle wrapper validation action, and can be pinned to a hash.

@spencerschrock
Support renamed gradle verification action
630ddf7 
From gradle/wrapper-validation-action's readme:
"As of v3 this action has been superceded by
gradle/actions/wrapper-validation"

Also support actions pinned to a hash.

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock requested a review from a team as a code owner May 9, 2024 17:55
@spencerschrock spencerschrock requested review from justaugustus and raghavkaul and removed request for a team May 9, 2024 17:55
@spencerschrock
Copy link
Contributor Author

/scdiff generate Binary-Artifacts

@github-actions GitHub Actions
Copy link

github-actions bot commented May 9, 2024

Here's a link to the scdiff run

@spencerschrock
remove unneeded dependency
5e349c5 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock enabled auto-merge (squash) May 9, 2024 18:20
@spencerschrock spencerschrock merged commit 7ce8609 into ossf:main May 9, 2024
36 checks passed
@spencerschrock spencerschrock deleted the gradle-verify-name-update branch May 9, 2024 18:27
@spencerschrock spencerschrock mentioned this pull request May 9, 2024
Merged
@loosebazooka
Copy link
Contributor

nice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raghavkaul raghavkaul raghavkaul approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
Scorecard - NEW
Status: Done
Milestone
No milestone
3 participants
@spencerschrock @loosebazooka @raghavkaul