diff --git a/.github/workflows/cmd.yml b/.github/workflows/cmd.yml
index ed30e74..7a17294 100644
--- a/.github/workflows/cmd.yml
+++ b/.github/workflows/cmd.yml
@@ -46,6 +46,10 @@ on:
         type: boolean
         required: false
         default: false
+      gradle-build-root:
+        type: string
+        required: false
+        default: ""
 
 jobs:
   prepare-matrix:
@@ -99,6 +103,15 @@ jobs:
         id: coursier-cache
         uses: coursier/cache-action@v6
 
+      - name: Gradle Cache
+        uses: burrunan/gradle-cache-action@v1
+        with:
+          build-root-directory: ${{ inputs.gradle-build-root }}
+          # Disable caching of ~/.gradle/caches/build-cache-*
+          save-local-build-cache: false
+          # Disable caching of ~/.m2/repository/
+          save-maven-dependencies-cache: false
+
       - name: Custom Cache
         uses: actions/cache@v3
         if: ${{ inputs.cache-key != '' && inputs.cache-path != '' }}
diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
new file mode 100644
index 0000000..28f8b5b
--- /dev/null
+++ b/.github/workflows/gradle-wrapper-validation.yml
@@ -0,0 +1,24 @@
+name: Gradle Wrapper Validation
+
+on:
+  workflow_call:
+    inputs:
+      ref:
+        type: string
+        required: false
+        default: ''
+
+jobs:
+  cmd:
+    name: Gradle Wrapper Validation
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          # we don't know what commit the last tag was it's safer to get entire repo so previousStableVersion resolves
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+
+      - name: Gradle Wrapper Validation
+        uses: gradle/wrapper-validation-action@v1
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 881c3ea..fec2f69 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -11,6 +11,14 @@ on:
         type: string
         required: false
         default: 11
+      cmd:
+        type: string
+        required: false
+        default: "sbt ci-release"
+      gradle-build-root:
+        type: string
+        required: false
+        default: ""
 
 jobs:
   cmd:
@@ -29,18 +37,32 @@ jobs:
         id: coursier-cache
         uses: coursier/cache-action@v6
 
+      - name: Gradle Cache
+        uses: burrunan/gradle-cache-action@v1
+        with:
+          build-root-directory: ${{ inputs.gradle-build-root }}
+          # Disable caching of ~/.gradle/caches/build-cache-*
+          save-local-build-cache: false
+          # Disable caching of ~/.m2/repository/
+          save-maven-dependencies-cache: false
+
       - name: Install Adoptium Temurin OpenJDK
         uses: coursier/setup-action@v1
         with:
           jvm: adoptium:${{ inputs.java }}
 
       - name: Publish artifacts
-        run: sbt ci-release
+        run: ${{ inputs.cmd }}
         env:
+          # Credentials for publishing to Sonatype https://github.com/sbt/sbt-ci-release#secrets
           SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
           SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          # Keys for signing https://github.com/sbt/sbt-ci-release#secrets
           PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
           PGP_SECRET: ${{ secrets.PGP_SECRET }}
+          # Gradle Plugin Portal API Keys https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html
+          GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
+          GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
 
       - name: Cleanup before cache
         shell: bash
diff --git a/README.md b/README.md
index f597b98..4061ec6 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ This repository contains a few configurations of GitHub features. For example a
 * [Universal CMD task](#universal-cmd-task)
 * [Publishing to Sonatype](#publishing-to-sonatype)
 * [Validate Binary Compatibility](#validate-binary-compatibility)
+* [Validate Gradle Wrapper](#validate-gradle-wrapper)
 * [Mark Pull Request as Ready To Merge](#mark-pull-request-as-ready-to-merge)
 * [Generate documentation with Antora](#generate-documentation-with-antora)
 
@@ -53,6 +54,7 @@ Every matrix dimension will be access by environment variable like `MATRIX_$(upp
 | cache-path             | 2.0.0 | :heavy_minus_sign: | ''      | Path of custom cache                            |
 | env                    | 2.0.0 | :heavy_minus_sign: | ''      | Custom ENV vars                                 |
 | run-scheduled-in-forks | 3.1.1 | :heavy_minus_sign: | false   | Run by schedule in fork                         |
+| gradle-build-root      | 3.3.0 | :heavy_minus_sign: | ''      | Directory for Gradle builds                     |
 
 
 **How to use**:
@@ -73,7 +75,7 @@ with:
 
 ### Publishing to Sonatype
 
-This workflow is used for publishing snapshots artifacts to [Sonatype Snapshots](https://oss.sonatype.org/content/repositories/snapshots/com/typesafe/play/) repository or release artifacts to [Maven Central](https://repo1.maven.org/maven2/com/typesafe/play/). 
+This workflow is used for publishing snapshots artifacts to [Sonatype Snapshots](https://oss.sonatype.org/content/repositories/snapshots/com/typesafe/play/) repository or release artifacts to [Maven Central](https://repo1.maven.org/maven2/com/typesafe/play/).
 
 :warning: For using this workflow project must uses the [CI Release](https://github.com/sbt/sbt-ci-release) plugin.
 
@@ -87,10 +89,12 @@ This workflow is used for publishing snapshots artifacts to [Sonatype Snapshots]
 
 **Parameters**:
 
-| Parameter | Since | Required           | Default | Description                        |
-|-----------|-------|--------------------|---------|------------------------------------|
-| ref       | 2.0.0 | :heavy_minus_sign: | ''      | Branch, tag or SHA for checkout    |
-| java      | 1.0.0 | :heavy_minus_sign: | 11      | _AdoptJDK_ version                 |
+| Parameter         | Since | Required           | Default        | Description                     |
+|-------------------|-------|--------------------|----------------|---------------------------------|
+| ref               | 2.0.0 | :heavy_minus_sign: | ''             | Branch, tag or SHA for checkout |
+| java              | 1.0.0 | :heavy_minus_sign: | 11             | _AdoptJDK_ version              |
+| cmd               | 3.3.0 | :heavy_minus_sign: | sbt ci-release | Running command                 |
+| gradle-build-root | 3.3.0 | :heavy_minus_sign: | ''             | Directory for Gradle builds     |
 
 **How to use**:
 
@@ -126,6 +130,29 @@ This workflow is used for validate binary compatibility the current version.
 uses: playframework/.github/.github/workflows/binary-check.yml@v3
 ```
 
+### Validate Gradle Wrapper
+
+This workflow is used to validate the checksums of [Gradle Wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html) JAR files present in the source tree and fails if unknown Gradle Wrapper JAR files are found.
+
+**Path**: [`.github/workflows/gradle-wrapper-validation.yml`](.github/workflows/gradle-wrapper-validation.yml)
+
+**Image**: [Ubuntu 20.04](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2004-Readme.md)
+
+**Uses actions**:
+* [Gradle/Wrapper Validation Action](https://github.com/gradle/wrapper-validation-action)
+
+**Parameters**:
+
+| Parameter              | Since | Required           | Default | Description                     | 
+|------------------------|-------|--------------------|---------|---------------------------------|
+| ref                    | 3.3.0 | :heavy_minus_sign: | ''      | Branch, tag or SHA for checkout |
+
+**How to use**:
+
+```yaml
+uses: playframework/.github/.github/workflows/gradle-wrapper-validation.yml@v3
+```
+
 ### Mark Pull Request as Ready To Merge
 
 This workflow is used for mark pull request as ready to merge and **should be last** in the workflows chain.