From fdcde8343c1611481a457d1d0b51ce63cfc48aeb Mon Sep 17 00:00:00 2001 From: Gareth Healy Date: Wed, 3 Jan 2024 11:47:47 +0000 Subject: [PATCH] added harden runner action in audit mode --- .github/workflows/conftest-unittests.yaml | 5 +++++ .github/workflows/docs.yaml | 5 +++++ .github/workflows/gatekeeper-k8s-integrationtests.yaml | 5 +++++ .github/workflows/opa-profile.yaml | 5 +++++ .github/workflows/regal-lint.yaml | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/.github/workflows/conftest-unittests.yaml b/.github/workflows/conftest-unittests.yaml index 5001f572..f687f896 100644 --- a/.github/workflows/conftest-unittests.yaml +++ b/.github/workflows/conftest-unittests.yaml @@ -9,6 +9,11 @@ jobs: conftest: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 9f761930..1cced858 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -9,6 +9,11 @@ jobs: konstraint_doc: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 diff --git a/.github/workflows/gatekeeper-k8s-integrationtests.yaml b/.github/workflows/gatekeeper-k8s-integrationtests.yaml index b02c0b59..7a788b17 100644 --- a/.github/workflows/gatekeeper-k8s-integrationtests.yaml +++ b/.github/workflows/gatekeeper-k8s-integrationtests.yaml @@ -9,6 +9,11 @@ jobs: kind: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 diff --git a/.github/workflows/opa-profile.yaml b/.github/workflows/opa-profile.yaml index 6ce617ff..285fa5b9 100644 --- a/.github/workflows/opa-profile.yaml +++ b/.github/workflows/opa-profile.yaml @@ -9,6 +9,11 @@ jobs: opa: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 diff --git a/.github/workflows/regal-lint.yaml b/.github/workflows/regal-lint.yaml index e62bf297..ec29d2c7 100644 --- a/.github/workflows/regal-lint.yaml +++ b/.github/workflows/regal-lint.yaml @@ -12,6 +12,11 @@ jobs: # renovate: datasource=github-releases depName=StyraInc/regal REGAL_VERSION: v0.16.0 steps: + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + with: + egress-policy: audit + - name: Check out code uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4