From 3b7b2a945365a60ac4be8eceb6a3a9e74aa7cd01 Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Tue, 21 Dec 2021 14:30:57 -0800
Subject: [PATCH] Update release.yml

---
 .github/workflows/release.yml | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 113f06b..5e46fc4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,10 +22,23 @@ jobs:
     permissions:
       contents: write
     steps:
+    - uses: step-security/harden-runner@v1
+      with:
+        egress-policy: audit
     - uses: actions/checkout@v2
-
-    - name: Update the ${{ env.TAG_NAME }} tag
-      id: update-major-tag
-      uses: step-security/publish-action@63abd0d521e21329399edb30e8f577a7ab85443c
+    - name: Update the rc tag
+      uses: step-security/publish-action@cde4f11ad41e4f61d537fbbb989ea5fe812f8d50
+      with:
+        source-tag: ${{ env.TAG_NAME }}
+        rc: true
+
+    - name: Canary test
+      uses: docker://ghcr.io/step-security/integration-test/int:latest
+      env:
+        PAT: ${{ secrets.PAT }}
+        canary: true
+
+    - name: Update the ${{ env.TAG_NAME }} tag
+      uses: step-security/publish-action@cde4f11ad41e4f61d537fbbb989ea5fe812f8d50
       with:
         source-tag: ${{ env.TAG_NAME }}