Merge pull request #33 from step-security/feature-26

Add egress policy input

action.yml

@@ -2,9 +2,13 @@ name: 'Harden Runner'
 description: 'GitHub Actions Runtime Security'
 inputs:
   allowed-endpoints:
-    description: 'Allowed endpoints'
+    description: 'Only these endpoints will be allowed if egress-policy is set to block'
     required: false
     default: ''
+  egress-policy:
+    description: 'Policy for outbound traffic, can be either audit or block'
+    required: false
+    default: 'block'
 branding:
   icon: 'check-square'  
   color: 'green'

dist/pre/index.js

@@ -2406,6 +2406,7 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
             working_directory: process.env["GITHUB_WORKSPACE"],
             api_url: api_url,
             allowed_endpoints: core.getInput("allowed-endpoints"),
+            egress_policy: core.getInput("egress-policy"),
         };
         let _http = new http_client.HttpClient();
         yield _http.get(`${api_url}/github/${process.env["GITHUB_REPOSITORY"]}/actions/runs/${process.env["GITHUB_RUN_ID"]}/monitor`);

src/setup.ts

@@ -26,6 +26,7 @@ import * as httpm from "@actions/http-client";
       working_directory: process.env["GITHUB_WORKSPACE"],
       api_url: api_url,
       allowed_endpoints: core.getInput("allowed-endpoints"),
+      egress_policy: core.getInput("egress-policy"),
     };
 
     let _http = new httpm.HttpClient();