From 158017ac9f7c8531f6428854a2516ea94e82a551 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20F=C3=A4rnstrand?= <linus@mullvad.net>
Date: Wed, 25 Sep 2024 09:15:30 +0200
Subject: [PATCH] Run android-validate-gradle-wrapper on every matching push

This prevents the following possible ways of commiting a malicious
gradle-wrapper.jar to the repository:
* Commiting to another path than the one previously specified
* Pushing to `main` without going through a PR
---
 .github/workflows/android-validate-gradle-wrapper.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/android-validate-gradle-wrapper.yml b/.github/workflows/android-validate-gradle-wrapper.yml
index a669f49e4459..94c323970522 100644
--- a/.github/workflows/android-validate-gradle-wrapper.yml
+++ b/.github/workflows/android-validate-gradle-wrapper.yml
@@ -2,10 +2,10 @@ name: "Android - Validate gradle wrapper"
 
 on:
   workflow_dispatch:
-  pull_request:
+  push:
     paths:
       - .github/workflows/android-validate-gradle-wrapper.yml
-      - android/gradle/wrapper/gradle-wrapper.jar
+      - '**/gradle-wrapper.jar'
 
 permissions: {}