On Mon, 8 Mar 2021 20:38:09 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
>> See the [Gradle Wrapper Validation >> Action](https://github.com/marketplace/actions/gradle-wrapper-validation) >> for details on this pull request. I'll test the changes with the following >> sequence of commits: >> >> 1. This commit adds a tampered Gradle Wrapper JAR file, which should go >> undetected. >> 2. The next commit will add the Official Gradle Wrapper Validation Action, >> which should detect the tampered file. >> 3. The final commit will remove the tampered file and replace it with the >> original Gradle 4.8 Wrapper. > >> 1. This commit adds a tampered Gradle Wrapper JAR file, which should go >> undetected. >> 2. The next commit will add the Official Gradle Wrapper Validation Action, >> which should detect the tampered file. >> 3. The final commit will remove the tampered file and replace it with the >> original Gradle 4.8 Wrapper. > > This sounds like a good plan to test it. So far, so good. The tampered file was not detected:  The next commit will add the Official Gradle Wrapper Validation Action. ------------- PR: https://git.openjdk.java.net/jfx/pull/419
