Add egress policy input

action.yml

@@ -2,9 +2,13 @@ name: 'Harden Runner'
 description: 'GitHub Actions Runtime Security'
 inputs:
   allowed-endpoints:
-    description: 'Allowed endpoints'
+    description: 'Only these endpoints will be allowed if egress-policy is set to block'
     required: false
     default: ''
+  egress-policy:
+    description: 'Policy for outbound traffic, can be either audit or block'
+    required: false
+    default: 'block'
 branding:
   icon: 'check-square'  
   color: 'green'
@@ -12,4 +16,4 @@ runs:
   using: 'node12'
   pre: 'dist/pre/index.js'
   main: 'dist/index.js'
-  post: 'dist/post/index.js'
+  post: 'dist/post/index.js'

dist/pre/index.js

@@ -6298,6 +6298,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
             working_directory: process.env["GITHUB_WORKSPACE"],
             api_url: api_url,
             allowed_endpoints: core.getInput("allowed-endpoints"),
+            egress_policy: core.getInput("egress-policy"),
         };
         const confgStr = JSON.stringify(confg);
         external_child_process_.execSync("sudo mkdir -p /home/agent");

src/setup.ts

@@ -31,6 +31,7 @@ import * as tc from "@actions/tool-cache";
       working_directory: process.env["GITHUB_WORKSPACE"],
       api_url: api_url,
       allowed_endpoints: core.getInput("allowed-endpoints"),
+      egress_policy: core.getInput("egress-policy"),
     };
 
     const confgStr = JSON.stringify(confg);