diff --git a/.github/workflows/aws-auth.yml b/.github/workflows/aws-auth.yml index 7e5ddc1a..572a1c51 100644 --- a/.github/workflows/aws-auth.yml +++ b/.github/workflows/aws-auth.yml @@ -35,7 +35,7 @@ jobs: aws-secret-access-key: ${{ steps.encrypt-aws-secret-access-key.outputs.out }} aws-session-token: ${{ steps.encrypt-aws-session-token.outputs.out }} steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5e270c24..453f3399 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,7 +52,7 @@ jobs: sources-key: ${{ env.SOURCES_KEY }} sources-path: ${{ env.SOURCES_PATH }} steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -101,7 +101,7 @@ jobs: artifacts-path: ${{ env.ARTIFACTS_PATH }} checksums-sha256: ${{ steps.final-checksums.outputs.sha256 }} steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -219,7 +219,7 @@ jobs: artifacts-path: ${{ env.ARTIFACTS_PATH }} checksums-sha256: ${{ steps.final-checksums.outputs.sha256 }} steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 52b2fbb5..a37469d8 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -40,7 +40,7 @@ jobs: contents: read security-events: write steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -74,7 +74,7 @@ jobs: permissions: contents: read steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/dependabot-auto-approve.yml b/.github/workflows/dependabot-auto-approve.yml index 996e7dcf..30ef7de5 100644 --- a/.github/workflows/dependabot-auto-approve.yml +++ b/.github/workflows/dependabot-auto-approve.yml @@ -14,7 +14,7 @@ jobs: if: ${{ github.actor == 'dependabot[bot]' }} steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml index afa10f83..d0385fba 100644 --- a/.github/workflows/deploy-production.yml +++ b/.github/workflows/deploy-production.yml @@ -119,7 +119,7 @@ jobs: RELEASE_TAG: ${{ github.ref_name }} steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/publish-terraform-plan.yml b/.github/workflows/publish-terraform-plan.yml index a0f308f0..d6e28e82 100644 --- a/.github/workflows/publish-terraform-plan.yml +++ b/.github/workflows/publish-terraform-plan.yml @@ -43,7 +43,7 @@ jobs: contents: read pull-requests: write steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index 1d109a5e..bc2f6440 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -15,7 +15,7 @@ jobs: name: Prepare for Go QA runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -59,7 +59,7 @@ jobs: needs: - prepare-go-qa steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -101,7 +101,7 @@ jobs: needs: - prepare-go-qa steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -127,7 +127,7 @@ jobs: needs: - prepare-go-qa steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -156,7 +156,7 @@ jobs: needs: - prepare-go-qa steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block @@ -196,7 +196,7 @@ jobs: name: Lint terraform runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 4330f1f5..1add5c24 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 1969b335..7ba0eec4 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -63,7 +63,7 @@ jobs: group: ${{ inputs.concurrency-group }} cancel-in-progress: false steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index fe7f0aed..fa3efe9b 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -98,7 +98,7 @@ jobs: group: ${{ inputs.concurrency-group }} cancel-in-progress: false steps: - - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: disable-sudo: true egress-policy: block