Adding a new dedicated workflow for validation should be discouraged

Question

Adding a new dedicated workflow for validation should be discouraged

Closed this issue 5 months ago · 2 comments

Adding a new dedicated workflow for validation should be discouraged. A new dedicated workflow will not stop any other workflows from running that may execute a Gradle wrapper. In other words, if a bad wrapper is contributed then by the time the wrapper validation fails, or by the time a maintainer notices, the bad wrapper may have already been executed in other workflows.

The Add a new dedicated Workflow section should either be removed, or strongly discouraged. The recommendation should be to add the validation immediately after checkout on any workflow that may execute a Gradle wrapper.

Answer 1 · 2023-03-14T03:44:02.000Z

I think that's reasonable. I think that maybe offering a "here's the best way to do this" and a "here's how to do this if you're just using this GH action alone, and your CI is executed elsewhere"?

Answer 2 · 2024-02-10T17:08:13.000Z

I think this should be done as part of gradle/actions#12.

With that work, we'll likely deprecate this action and possibly add a dedicated gradle/actions/wrapper-validation. Ideally, wrapper checks will happen transparently and automatically.