[Bug] Gradle Wrapper files do not match version supplied in gradle-wrapper.properties
ed-george opened this issue · 2 comments
Describe the bug
The local Gradle wrapper related files within the project do not match the expected files for the Gradle version specified within the gradle-wrapper.properties file
distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zipThis might be as the expected ./gradlew wrapper was not previously used to upgrade the wrapper and the file was edited manually
How to Reproduce
Run gradlew wrapper --gradle-version=8.2 --distribution-type=bin locally and observe there's a difference in a number of wrapper related files
$ ./gradlew wrapper --gradle-version=8.2 --distribution-type=bin
# [Truncated]
BUILD SUCCESSFUL in 5s
4 actionable tasks: 2 executed, 2 up-to-date
$ git status --porcelain
M gradle/wrapper/gradle-wrapper.jar
M gradle/wrapper/gradle-wrapper.properties
M gradlew
M gradlew.bat
Expected behavior
gradlew wrapper --gradle-version=8.2 --distribution-type=bin --gradle-distribution-sha256-sum=38f66cd6eef217b4c35855bb11ea4e9fbc53594ccccb5fb82dfd317ef8c2c5a3Running the above within the project will ensure the relevant Gradle wrapper files for Gradle 8.2 are added.
Additionally, by providing the expected SHA-256 checksum for the Gradle 8.2 distribution (source) in this way, a distributionSha256Sum property is created within gradle-wrapper.properties which provides additional protection against Gradle supply chain attacks by ensuring future downloads via the distributionUrl are matched against the checksum and failing the builds otherwise.
See this post and relevant docs for more information.
Environment
- All local/remote development environmentsThank you for opening an Issue in our Repository.
The issue has been forwarded to the team and we'll follow up as soon as we have time to investigate.
As stated in our Contribution Guidelines, requests for feedback should be addressed via the Feedback section in the Android app.
Thanks for this, I’ll discuss it with the team.