actions/code-coverage-summary
1
0
Fork 0
mirror of https://github.com/irongut/CodeCoverageSummary.git synced 2026-05-18 07:50:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

implement stepsecurity policy for release workflow #51

Browse Source
This commit is contained in:
irongut
2022-08-05 23:47:41 +01:00
parent 3216094ffb
commit 74295b4928
1 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/release-build.yml
+27 -6
View File
@@ -4,13 +4,16 @@ on:
release:
types: [published]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
permissions:
contents: read
env:
DOTNET_NOLOGO: true # Disable the .NET logo in the console output
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true # Disable the .NET first time experience to skip caching NuGet packages and speed up the build
DOTNET_CLI_TELEMETRY_OPTOUT: true # Disable sending .NET CLI telemetry to Microsoft
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
name: Test Build
@@ -20,7 +23,13 @@ jobs:
- name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
egress-policy: block
allowed-endpoints: >
api.nuget.org:443
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
dotnetcli.blob.core.windows.net:443
github.com:443
- name: Checkout
uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf
@@ -55,7 +64,19 @@ jobs:
- name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
egress-policy: block
allowed-endpoints: >
api.github.com:443
api.nuget.org:443
auth.docker.io:443
fulcio.sigstore.dev:443
ghcr.io:443
github.com:443
mcr.microsoft.com:443
pipelines.actions.githubusercontent.com:443
pkg-containers.githubusercontent.com:443
registry-1.docker.io:443
storage.googleapis.com:443
- name: Checkout
uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf