Adds the Official Gradle Wrapper Validation GitHub Action

The idea is to alert when a PR introduces non official gradle wrapper to prevent _social engineering supply chain attack_. See: https://github.com/gradle/wrapper-validation-action
mockito · Jan 22, 2020 · 67bd4e9 · 67bd4e9
1 parent f5c1aff
commit 67bd4e9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -6,3 +6,9 @@ insert_final_newline = true
 trim_trailing_whitespace = true
 indent_style = space
 indent_size = 4
+
+[{*.yml,*.yaml}]
+indent_size = 2
+ij_continuation_indent_size = 2
+ij_yaml_keep_indents_on_empty_lines = false
+ij_yaml_keep_line_breaks = true
diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
@@ -0,0 +1,10 @@
+name: "Validate Gradle Wrapper"
+on: [push, pull_request]
+
+jobs:
+  validation:
+    name: "Validation"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: gradle/wrapper-validation-action@v1