implement stepsecurity policy for pm workflows #51

2026-05-14 14:10:14 +02:00 · 2022-08-05 23:22:13 +01:00
parent 7c7e56f29d
commit 9702896171
4 changed files with 12 additions and 4 deletions
@@ -22,7 +22,9 @@ jobs:
    - name: Harden Runner
      uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
      with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443

    - name: Assign Issues to Bugs
      uses: srggrs/assign-one-project-github-action@4d59cc619499b55ca689fb13cfcc72324a8b8435
@@ -15,7 +15,9 @@ jobs:
    - name: Harden Runner
      uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
      with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443

    - name: Auto Assign PR
      uses: samspills/assign-pr-to-author@b313feb250ff414d3aff26525b986f080ee7bd7a
@@ -19,7 +19,9 @@ jobs:
    - name: Harden Runner
      uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
      with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443

    - name: Mark Stale
      uses: actions/stale@9c1b1c6e115ca2af09755448e0dbba24e5061cc8
@@ -21,7 +21,9 @@ jobs:
    - name: Harden Runner
      uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
      with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443

    - uses: actions/labeler@472c5d3aaacde439785e94966eb2e545627f4935
      with: