Adding a new dedicated workflow for validation should be discouraged
Closed this issue · 2 comments
Adding a new dedicated workflow for validation should be discouraged. A new dedicated workflow will not stop any other workflows from running that may execute a Gradle wrapper. In other words, if a bad wrapper is contributed then by the time the wrapper validation fails, or by the time a maintainer notices, the bad wrapper may have already been executed in other workflows.
The Add a new dedicated Workflow section should either be removed, or strongly discouraged. The recommendation should be to add the validation immediately after checkout on any workflow that may execute a Gradle wrapper.
I think that's reasonable. I think that maybe offering a "here's the best way to do this" and a "here's how to do this if you're just using this GH action alone, and your CI is executed elsewhere"?
I think this should be done as part of gradle/actions#12.
With that work, we'll likely deprecate this action and possibly add a dedicated gradle/actions/wrapper-validation
. Ideally, wrapper checks will happen transparently and automatically.