#ci #gradle #devops #android #supply-chain

app gwv

A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines

2 unstable releases

0.2.0 Apr 16, 2024
0.1.0 Mar 25, 2024

#450 in Command line utilities

MIT license

190KB
244 lines

Contains (JAR file, 71KB) gradle-wrapper.jar, (JAR file, 60KB) gradle-wrapper.jar, (JAR file, 64KB) gradle-wrapper.jar

gradle-wrapper-validator

rustfmt DeepSource CI Crates.io Version License

A validator for gradle/wrapper jar binaries for your CI pipelines.

Why

This projects is a small and ergonomic re-implementation of gradle/wrapper-validator-action, intended to be used within any CI pipeline environment. The aforementioned project is great, but not quite portable outside Github. If you already use it on Github Workflows, there is no need to change!

If you are into CircleCI, Bitrise, TeamCity, GitlabCI or others, this project may be useful!

What

This tool will recursively walk the provided path and flag any gradle/gradle-wrapper.jar files with unknown checksums, exiting with success otherwise.

Installing

[!NOTE] Minimum supported Rust version (MSRV) : 1.74.0

Installing from crates.io (requires Rust / Cargo):

cargo install gwv

More install methods to come! Stay tuned!

Using

One-off execution (current folder)

curl -sSf https://cdn.statically.io/gh/dotanuki-labs/gradle-wrapper-validator/main/run | bash

One-off execution (custom folder)

curl -sSf https://cdn.statically.io/gh/dotanuki-labs/gradle-wrapper-validator/main/run |\
  bash -s -- <path/to/folder>

If installed with Cargo (or other)

gwv --path <path/to/gradle/projects>

License

Copyright (c) 2024 - Dotanuki Labs - The MIT license

Dependencies

~8–18MB
~273K SLoC