Hardened Gradle builds with Gradle dependency verification and defined module restrictions on third-party maven repositories. #227
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Used when building external pull requests | |
| # We don't want to publish build artifacts or expose our other caches to possibly untrusted code | |
| name: build-pull-request | |
| on: [ pull_request ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v3 | |
| - name: Initialize caches | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/loom-cache | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-build-external-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build-external- | |
| - name: Set up JDK | |
| uses: actions/setup-java@v2 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 17 | |
| - name: Build artifacts | |
| run: ./gradlew build |