generated from actions/typescript-action
-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wasteful network utilization? #96
Milestone
Comments
Seems reasonable. Interested in opening a pull request? |
mikepenz
added a commit
to mikepenz/wrapper-validation-action
that referenced
this issue
Aug 24, 2023
…detected versions - version is detected from `gradle-wrapper.properties` - checksum is only fetched for these particular versions - FIX gradle#96 While not specifically targeted, this also - RESOLVES gradle#142 May enable gradle#35
mikepenz
added a commit
to mikepenz/wrapper-validation-action
that referenced
this issue
Jan 25, 2024
…detected versions - version is detected from `gradle-wrapper.properties` - checksum is only fetched for these particular versions - FIX gradle#96 While not specifically targeted, this also - RESOLVES gradle#142 May enable gradle#35
mikepenz
added a commit
to mikepenz/wrapper-validation-action
that referenced
this issue
Jan 30, 2024
…detected versions - version is detected from `gradle-wrapper.properties` - checksum is only fetched for these particular versions - FIX gradle#96 While not specifically targeted, this also - RESOLVES gradle#142 May enable gradle#35
mikepenz
added a commit
to mikepenz/wrapper-validation-action
that referenced
this issue
Jan 30, 2024
…detected versions - version is detected from `gradle-wrapper.properties` - checksum is only fetched for these particular versions - FIX gradle#96 While not specifically targeted, this also - RESOLVES gradle#142 May enable gradle#35
Fixed by #161 |
mikepenz
added a commit
to mikepenz/wrapper-validation-action
that referenced
this issue
Feb 23, 2024
…detected versions - version is detected from gradle-wrapper.properties - checksum is only fetched for these particular versions - FIX gradle#96 - update action.yml with new config option - update and introduce testcases for the new configuration option
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Projects using the Gradle wrapper include the URL to it in
./gradle/gradle.properties
:The https://services.gradle.org/versions/all API also includes the URL to each Gradle version:
But right now, the
fetchValidChecksums
function connects to all 216wrapperChecksumUrl
s mentioned in the index. Isn't it possible to checkgradle.properties
, and at least make an educated guess as to which.sha256
URL to download first?It's true that
gradle.properties
is only parsed by the wrapper jar itself (if you put malware in the jar it doesn't matter what's in gradle.properties), so it's important to only treat hints ingradle.properties
as hints, but it's a hint that best-case saves over 200 HTTP requests.In an ideal world the services.gradle.org API would directly return hashes instead of requiring indirection, though...
Additionally, it looks like there's an
allow-checksums
option in the action, which lets the user specify additional hashes that are considered valid wrapper jars. If the hash matches one of those, what's the point in downloading any hashes from services.gradle.org?The text was updated successfully, but these errors were encountered: