From 67bd4e96c0224438675c936f2fc9d7d9907265ea Mon Sep 17 00:00:00 2001
From: Brice Dutheil <brice.dutheil@gmail.com>
Date: Wed, 22 Jan 2020 16:19:56 +0100
Subject: [PATCH] Adds the Official Gradle Wrapper Validation GitHub Action

The idea is to alert when a PR introduces non official gradle wrapper
to prevent _social engineering supply chain attack_.

See: https://github.com/gradle/wrapper-validation-action
---
 .editorconfig                                   |  6 ++++++
 .github/workflows/gradle-wrapper-validation.yml | 10 ++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 .github/workflows/gradle-wrapper-validation.yml

diff --git a/.editorconfig b/.editorconfig
index 88fd9c2e0b..925d8821f4 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -6,3 +6,9 @@ insert_final_newline = true
 trim_trailing_whitespace = true
 indent_style = space
 indent_size = 4
+
+[{*.yml,*.yaml}]
+indent_size = 2
+ij_continuation_indent_size = 2
+ij_yaml_keep_indents_on_empty_lines = false
+ij_yaml_keep_line_breaks = true
diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
new file mode 100644
index 0000000000..405a2b3065
--- /dev/null
+++ b/.github/workflows/gradle-wrapper-validation.yml
@@ -0,0 +1,10 @@
+name: "Validate Gradle Wrapper"
+on: [push, pull_request]
+
+jobs:
+  validation:
+    name: "Validation"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: gradle/wrapper-validation-action@v1