add gradle wrapper validation

jenschude · jenschude · commit c861bdc26dab · 2024-05-02T21:33:05.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -173,12 +173,12 @@ jobs:
       - name: build javadoc
         if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' && github.ref == 'refs/heads/main'
         run: ./gradlew alljavadoc
-  dependency-submission:
-    permissions:
-      contents: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-      - name: Generate and submit dependency graph
-        uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
+#  dependency-submission:
+#    permissions:
+#      contents: write
+#    runs-on: ubuntu-latest
+#    steps:
+#      - name: Checkout sources
+#        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+#      - name: Generate and submit dependency graph
+#        uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -19,6 +19,9 @@ on:
   schedule:
     - cron: '37 10 * * 6'
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   analyze:
     name: Analyze
@@ -47,6 +50,8 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
+    - uses: gradle/wrapper-validation-action@b231772637bb498f11fdbc86052b6e8a8dc9fc92 # v2.1.2
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -54,6 +54,8 @@ jobs:
           distribution: 'temurin'
           java-version: '17'
 
+      - uses: gradle/wrapper-validation-action@b231772637bb498f11fdbc86052b6e8a8dc9fc92 # v2.1.2
+
       - name: Setup Graphviz
         uses: ts-graphviz/setup-graphviz@d5b2b6b67007094b256f3fd2fa6cf0ac41ceef25 # v2.0.0
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -45,9 +45,6 @@ jobs:
   update_readme:
     runs-on: ubuntu-latest
 
-    permissions:
-        contents: write  # for stefanzweifel/git-auto-commit-action to push code in repo
-
     needs: [release_tag]
     if: startsWith( github.ref, 'refs/tags/')
 
@@ -108,9 +105,6 @@ jobs:
   docs:
     name: Build and release docs
 
-    permissions:
-        contents: write  # for stefanzweifel/git-auto-commit-action to push code in repo
-
     runs-on: ubuntu-latest
     needs: [release_tag]
     if: startsWith( github.ref, 'refs/tags/')
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -36,6 +36,8 @@ jobs:
         with:
           persist-credentials: false
 
+      - uses: gradle/wrapper-validation-action@b231772637bb498f11fdbc86052b6e8a8dc9fc92 # v2.1.2
+
       - name: "Run analysis"
         uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
