Fixing scorecards-analysis.yml (#36889)

Resolves broken CI on main
2026-05-23 00:49:03 +00:00 · 2025-12-08 09:45:37 -06:00 · 2025-12-08 09:45:37 -06:00 · 16c8c813f4
commit 16c8c813f4
parent a1fd214713
1 changed files with 18 additions and 3 deletions
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@ -14,6 +14,24 @@ on:
 permissions: read-all

 jobs:
+  gradle-wrapper-validation:
+    name: Validate Gradle wrapper
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
+      - name: "Checkout code"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          persist-credentials: false
+
+      - name: Validate Gradle wrapper
+        # Needed for OSSF Scorecard to OK our gradle-wrapper.jar binary.
+        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
+
  analysis:
    name: Scorecard analysis
    runs-on: ubuntu-latest
@ -34,9 +52,6 @@ jobs:
        with:
          persist-credentials: false

-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
-
      - name: "Run analysis"
        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
        with: