Only fetch checksums for unknown wrapper versions (#292)

The checksum values for most wrapper versions are hard-coded into the action. These known checksum values are first used for validation: only if none of the known values work do we download checksums. Previously, we blindly downloaded all of the checksum values in this case: we now only download the checksums for versions that are not in our "known" set. Fixes #171
2025-11-26 17:09:10 +08:00 · 2024-07-16 13:04:57 -06:00
parent 01254b3eaa
commit dff3ef9b8d
4 changed files with 37 additions and 22 deletions
--- a/sources/src/wrapper-validation/checksums.ts
+++ b/sources/src/wrapper-validation/checksums.ts
@@ -4,21 +4,27 @@ import fileWrapperChecksums from './wrapper-checksums.json'

 const httpc = new httpm.HttpClient('gradle/wrapper-validation-action', undefined, {allowRetries: true, maxRetries: 3})

-function getKnownValidChecksums(): Map<string, Set<string>> {
-    const versionsMap = new Map<string, Set<string>>()
-    for (const entry of fileWrapperChecksums) {
-        const checksum = entry.checksum
+export class WrapperChecksums {
+    checksums = new Map<string, Set<string>>()
+    versions = new Set<string>()

-        let versionNames = versionsMap.get(checksum)
-        if (versionNames === undefined) {
-            versionNames = new Set()
-            versionsMap.set(checksum, versionNames)
+    add(version: string, checksum: string): void {
+        if (this.checksums.has(checksum)) {
+            this.checksums.get(checksum)!.add(version)
+        } else {
+            this.checksums.set(checksum, new Set([version]))
        }

-        versionNames.add(entry.version)
+        this.versions.add(version)
    }
+}

-    return versionsMap
+function loadKnownChecksums(): WrapperChecksums {
+    const checksums = new WrapperChecksums()
+    for (const entry of fileWrapperChecksums) {
+        checksums.add(entry.version, entry.checksum)
+    }
+    return checksums
 }

 /**
@@ -26,9 +32,12 @@ function getKnownValidChecksums(): Map<string, Set<string>> {
 *
 * Maps from the checksum to the names of the Gradle versions whose wrapper has this checksum.
 */
-export const KNOWN_VALID_CHECKSUMS = getKnownValidChecksums()
+export const KNOWN_CHECKSUMS = loadKnownChecksums()

-export async function fetchValidChecksums(allowSnapshots: boolean): Promise<Set<string>> {
+export async function fetchUnknownChecksums(
+    allowSnapshots: boolean,
+    knownChecksums: WrapperChecksums
+): Promise<Set<string>> {
    const all = await httpGetJsonArray('https://services.gradle.org/versions/all')
    const withChecksum = all.filter(
        entry => typeof entry === 'object' && entry != null && entry.hasOwnProperty('wrapperChecksumUrl')
@@ -37,7 +46,11 @@ export async function fetchValidChecksums(allowSnapshots: boolean): Promise<Set<
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        (entry: any) => allowSnapshots || !entry.snapshot
    )
-    const checksumUrls = allowed.map(
+    const notKnown = allowed.filter(
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        (entry: any) => !knownChecksums.versions.has(entry.version)
+    )
+    const checksumUrls = notKnown.map(
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        (entry: any) => entry.wrapperChecksumUrl as string
    )
--- a/sources/src/wrapper-validation/validate.ts
+++ b/sources/src/wrapper-validation/validate.ts
@@ -8,7 +8,7 @@ export async function findInvalidWrapperJars(
    minWrapperCount: number,
    allowSnapshots: boolean,
    allowedChecksums: string[],
-    knownValidChecksums: Map<string, Set<string>> = checksums.KNOWN_VALID_CHECKSUMS
+    knownValidChecksums: checksums.WrapperChecksums = checksums.KNOWN_CHECKSUMS
 ): Promise<ValidationResult> {
    const wrapperJars = await find.findWrapperJars(gitRepoRoot)
    const result = new ValidationResult([], [])
@@ -21,7 +21,7 @@ export async function findInvalidWrapperJars(
        const notYetValidatedWrappers = []
        for (const wrapperJar of wrapperJars) {
            const sha = await hash.sha256File(resolve(gitRepoRoot, wrapperJar))
-            if (allowedChecksums.includes(sha) || knownValidChecksums.has(sha)) {
+            if (allowedChecksums.includes(sha) || knownValidChecksums.checksums.has(sha)) {
                result.valid.push(new WrapperJar(wrapperJar, sha))
            } else {
                notYetValidatedWrappers.push(new WrapperJar(wrapperJar, sha))
@@ -31,7 +31,7 @@ export async function findInvalidWrapperJars(
        // Otherwise fall back to fetching checksums from Gradle API and compare against them
        if (notYetValidatedWrappers.length > 0) {
            result.fetchedChecksums = true
-            const fetchedValidChecksums = await checksums.fetchValidChecksums(allowSnapshots)
+            const fetchedValidChecksums = await checksums.fetchUnknownChecksums(allowSnapshots, knownValidChecksums)

            for (const wrapperJar of notYetValidatedWrappers) {
                if (!fetchedValidChecksums.has(wrapperJar.checksum)) {