Gradle Wrapper Validation
plugin to validate the checksums of Gradle Wrapper JAR files
Woodpecker CI plugin to to validate the checksums of Gradle Wrapper JAR files. This plugin is a port of gradle/wrapper-validation-action.
Features
This Woodpecker CI plugin will do one simple task: verify that any and all gradle-wrapper.jar files in the repository match the SHA-256 checksums of any of our official releases.
If any are found that do not match the SHA-256 checksums of our official releases, the action will fail.
Additionally, the action will find and SHA-256 hash all homoglyph variants of files named gradle-wrapper.jar, for example a file named gradlе-wrapper.jar (which uses a Cyrillic е instead of e). The goal is to prevent homoglyph attacks which may be very difficult to spot in a Git diff.
Settings
| Settings Name | Default | Description |
|---|---|---|
min-wrapper-count |
1 |
minimum (non-negative) number expected gradle-wrapper.jar files found in the repository. Useful in monorepos |
allow-snapshots |
false |
allow Gradle snapshot versions during checksum verification |
allow-checksums |
"" (none) |
accept arbitrary user-defined checksums as valid. Comma-separated list of lowercase hex-encoded SHA-256 checksums |
Examples
validate-gradle-wrapper:
image: codeberg.org/beaks/gradle-wrapper-validation
settings:
min-wrapper-count: 3
allow-snapshots: true
allow-checksums: d73d279b42b037972739203d1d0d15ce3511f5568f51dfbfb41e45b5307535d4
when:
event: pull_request
branch: ${CI_REPO_DEFAULT_BRANCH}