Initial import of wrapper-validation-action

2025-11-26 17:09:10 +08:00 · 2024-04-10 20:43:44 -06:00
parent 3252e655d0
commit f1476a710d
17 changed files with 1709 additions and 95 deletions
--- a/sources/src/wrapper-validation/checksums.ts
+++ b/sources/src/wrapper-validation/checksums.ts
@@ -0,0 +1,55 @@
+import * as httpm from 'typed-rest-client/HttpClient'
+
+import fileWrapperChecksums from './wrapper-checksums.json'
+
+const httpc = new httpm.HttpClient('gradle/wrapper-validation-action', undefined, {allowRetries: true, maxRetries: 3})
+
+function getKnownValidChecksums(): Map<string, Set<string>> {
+    const versionsMap = new Map<string, Set<string>>()
+    for (const entry of fileWrapperChecksums) {
+        const checksum = entry.checksum
+
+        let versionNames = versionsMap.get(checksum)
+        if (versionNames === undefined) {
+            versionNames = new Set()
+            versionsMap.set(checksum, versionNames)
+        }
+
+        versionNames.add(entry.version)
+    }
+
+    return versionsMap
+}
+
+/**
+ * Known checksums from previously published Wrapper versions.
+ *
+ * Maps from the checksum to the names of the Gradle versions whose wrapper has this checksum.
+ */
+export const KNOWN_VALID_CHECKSUMS = getKnownValidChecksums()
+
+export async function fetchValidChecksums(allowSnapshots: boolean): Promise<Set<string>> {
+    const all = await httpGetJsonArray('https://services.gradle.org/versions/all')
+    const withChecksum = all.filter(
+        entry => typeof entry === 'object' && entry != null && entry.hasOwnProperty('wrapperChecksumUrl')
+    )
+    const allowed = withChecksum.filter(
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        (entry: any) => allowSnapshots || !entry.snapshot
+    )
+    const checksumUrls = allowed.map(
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        (entry: any) => entry.wrapperChecksumUrl as string
+    )
+    const checksums = await Promise.all(checksumUrls.map(async (url: string) => httpGetText(url)))
+    return new Set(checksums)
+}
+
+async function httpGetJsonArray(url: string): Promise<unknown[]> {
+    return JSON.parse(await httpGetText(url))
+}
+
+async function httpGetText(url: string): Promise<string> {
+    const response = await httpc.get(url)
+    return await response.readBody()
+}
--- a/sources/src/wrapper-validation/find.ts
+++ b/sources/src/wrapper-validation/find.ts
@@ -0,0 +1,27 @@
+import * as util from 'util'
+import * as path from 'path'
+import * as fs from 'fs'
+import unhomoglyph from 'unhomoglyph'
+
+const readdir = util.promisify(fs.readdir)
+
+export async function findWrapperJars(baseDir: string): Promise<string[]> {
+    const files = await recursivelyListFiles(baseDir)
+    return files
+        .filter(file => unhomoglyph(file).endsWith('gradle-wrapper.jar'))
+        .map(wrapperJar => path.relative(baseDir, wrapperJar))
+        .sort((a, b) => a.localeCompare(b))
+}
+
+async function recursivelyListFiles(baseDir: string): Promise<string[]> {
+    const childrenNames = await readdir(baseDir)
+    const childrenPaths = await Promise.all(
+        childrenNames.map(async childName => {
+            const childPath = path.resolve(baseDir, childName)
+            return fs.lstatSync(childPath).isDirectory()
+                ? recursivelyListFiles(childPath)
+                : new Promise(resolve => resolve([childPath]))
+        })
+    )
+    return Array.prototype.concat(...childrenPaths)
+}
--- a/sources/src/wrapper-validation/hash.ts
+++ b/sources/src/wrapper-validation/hash.ts
@@ -0,0 +1,18 @@
+import * as crypto from 'crypto'
+import * as fs from 'fs'
+
+export async function sha256File(path: string): Promise<string> {
+    return new Promise((resolve, reject) => {
+        const hash = crypto.createHash('sha256')
+        const stream = fs.createReadStream(path)
+        stream.on('data', data => hash.update(data))
+        stream.on('end', () => {
+            stream.destroy()
+            resolve(hash.digest('hex'))
+        })
+        stream.on('error', error => {
+            stream.destroy()
+            reject(error)
+        })
+    })
+}
--- a/sources/src/wrapper-validation/main.ts
+++ b/sources/src/wrapper-validation/main.ts
@@ -0,0 +1,38 @@
+import * as path from 'path'
+import * as core from '@actions/core'
+
+import * as validate from './validate'
+
+export async function run(): Promise<void> {
+    try {
+        const result = await validate.findInvalidWrapperJars(
+            path.resolve('.'),
+            +core.getInput('min-wrapper-count'),
+            core.getInput('allow-snapshots') === 'true',
+            core.getInput('allow-checksums').split(',')
+        )
+        if (result.isValid()) {
+            core.info(result.toDisplayString())
+        } else {
+            core.setFailed(
+                `Gradle Wrapper Validation Failed!\n  See https://github.com/gradle/wrapper-validation-action#reporting-failures\n${result.toDisplayString()}`
+            )
+            if (result.invalid.length > 0) {
+                core.setOutput('failed-wrapper', `${result.invalid.map(w => w.path).join('|')}`)
+            }
+        }
+    } catch (error) {
+        if (error instanceof AggregateError) {
+            core.setFailed(`Multiple errors returned`)
+            for (const err of error.errors) {
+                core.error(`Error ${error.errors.indexOf(err)}: ${err.message}`)
+            }
+        } else if (error instanceof Error) {
+            core.setFailed(error.message)
+        } else {
+            core.setFailed(`Unknown object was thrown: ${error}`)
+        }
+    }
+}
+
+run()
--- a/sources/src/wrapper-validation/validate.ts
+++ b/sources/src/wrapper-validation/validate.ts
@@ -0,0 +1,98 @@
+import * as find from './find'
+import * as checksums from './checksums'
+import * as hash from './hash'
+import {resolve} from 'path'
+
+export async function findInvalidWrapperJars(
+    gitRepoRoot: string,
+    minWrapperCount: number,
+    allowSnapshots: boolean,
+    allowedChecksums: string[],
+    knownValidChecksums: Map<string, Set<string>> = checksums.KNOWN_VALID_CHECKSUMS
+): Promise<ValidationResult> {
+    const wrapperJars = await find.findWrapperJars(gitRepoRoot)
+    const result = new ValidationResult([], [])
+    if (wrapperJars.length < minWrapperCount) {
+        result.errors.push(
+            `Expected to find at least ${minWrapperCount} Gradle Wrapper JARs but got only ${wrapperJars.length}`
+        )
+    }
+    if (wrapperJars.length > 0) {
+        const notYetValidatedWrappers = []
+        for (const wrapperJar of wrapperJars) {
+            const sha = await hash.sha256File(resolve(gitRepoRoot, wrapperJar))
+            if (allowedChecksums.includes(sha) || knownValidChecksums.has(sha)) {
+                result.valid.push(new WrapperJar(wrapperJar, sha))
+            } else {
+                notYetValidatedWrappers.push(new WrapperJar(wrapperJar, sha))
+            }
+        }
+
+        // Otherwise fall back to fetching checksums from Gradle API and compare against them
+        if (notYetValidatedWrappers.length > 0) {
+            result.fetchedChecksums = true
+            const fetchedValidChecksums = await checksums.fetchValidChecksums(allowSnapshots)
+
+            for (const wrapperJar of notYetValidatedWrappers) {
+                if (!fetchedValidChecksums.has(wrapperJar.checksum)) {
+                    result.invalid.push(wrapperJar)
+                } else {
+                    result.valid.push(wrapperJar)
+                }
+            }
+        }
+    }
+    return result
+}
+
+export class ValidationResult {
+    valid: WrapperJar[]
+    invalid: WrapperJar[]
+    fetchedChecksums = false
+    errors: string[] = []
+
+    constructor(valid: WrapperJar[], invalid: WrapperJar[]) {
+        this.valid = valid
+        this.invalid = invalid
+    }
+
+    isValid(): boolean {
+        return this.invalid.length === 0 && this.errors.length === 0
+    }
+
+    toDisplayString(): string {
+        let displayString = ''
+        if (this.invalid.length > 0) {
+            displayString += `✗ Found unknown Gradle Wrapper JAR files:\n${ValidationResult.toDisplayList(
+                this.invalid
+            )}`
+        }
+        if (this.errors.length > 0) {
+            if (displayString.length > 0) displayString += '\n'
+            displayString += `✗ Other validation errors:\n  ${this.errors.join(`\n  `)}`
+        }
+        if (this.valid.length > 0) {
+            if (displayString.length > 0) displayString += '\n'
+            displayString += `✓ Found known Gradle Wrapper JAR files:\n${ValidationResult.toDisplayList(this.valid)}`
+        }
+        return displayString
+    }
+
+    private static toDisplayList(wrapperJars: WrapperJar[]): string {
+        return `  ${wrapperJars.map(wj => wj.toDisplayString()).join(`\n  `)}`
+    }
+}
+
+export class WrapperJar {
+    path: string
+    checksum: string
+
+    constructor(path: string, checksum: string) {
+        this.path = path
+        this.checksum = checksum
+    }
+
+    toDisplayString(): string {
+        return `${this.checksum} ${this.path}`
+    }
+}
--- a/sources/src/wrapper-validation/wrapper-checksums.json
+++ b/sources/src/wrapper-validation/wrapper-checksums.json