[StepSecurity] Remediate missing harden runner security issue in .github/workflows/recurring-int-tests.yml

2026-06-07 12:17:08 +00:00 · 2022-08-15 22:53:11 +00:00 · 2022-08-15 22:53:11 +00:00 · f5669ff9f5
commit f5669ff9f5
parent cfea24e28f
1 changed files with 6 additions and 1 deletions
--- a/.github/workflows/recurring-int-tests.yml
+++ b/.github/workflows/recurring-int-tests.yml
@ -12,8 +12,13 @@ jobs:
    name: int tests
    runs-on: ubuntu-latest
    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
    - name: Canary test
-      uses: docker://ghcr.io/step-security/integration-test/int:latest
+      uses: docker://ghcr.io/step-security/integration-test/int@sha256:a0e71f0f02a1298be8e34914f4d28df8e43275e63921faa4ee629822b376bd02 # latest
      env:
        PAT: ${{ secrets.PAT }}
        canary: true