mirror of
https://github.com/step-security/harden-runner.git
synced 2026-06-09 06:17:08 +00:00
Compare commits
1 commit
main
...
stepsecuri
| Author | SHA1 | Date | |
|---|---|---|---|
|
cdd8e86cf3 |
6 changed files with 15 additions and 15 deletions
4
.github/workflows/canary.yml
vendored
4
.github/workflows/canary.yml
vendored
|
|
@ -37,13 +37,13 @@ jobs:
|
||||||
rc: true
|
rc: true
|
||||||
|
|
||||||
- name: Canary test
|
- name: Canary test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary: true
|
canary: true
|
||||||
|
|
||||||
- name: Canary TLS test
|
- name: Canary TLS test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary-tls: true
|
canary-tls: true
|
||||||
|
|
|
||||||
2
.github/workflows/code-review.yml
vendored
2
.github/workflows/code-review.yml
vendored
|
|
@ -20,4 +20,4 @@ jobs:
|
||||||
int.api.stepsecurity.io:443
|
int.api.stepsecurity.io:443
|
||||||
|
|
||||||
- name: Code Review
|
- name: Code Review
|
||||||
uses: step-security/ai-codewise@int
|
uses: step-security/ai-codewise@ab9fe138367d6094b2df7f8469ddc2c5a79c9cf4 # int
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ jobs:
|
||||||
egress-policy: audit
|
egress-policy: audit
|
||||||
|
|
||||||
- name: Checking out
|
- name: Checking out
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
- name: Publish
|
- name: Publish
|
||||||
id: publish
|
id: publish
|
||||||
uses: actions/publish-immutable-action@0.0.4
|
uses: actions/publish-immutable-action@0.0.4
|
||||||
4
.github/workflows/recurring-int-tests.yml
vendored
4
.github/workflows/recurring-int-tests.yml
vendored
|
|
@ -18,7 +18,7 @@ jobs:
|
||||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||||
|
|
||||||
- name: Canary test
|
- name: Canary test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary: true
|
canary: true
|
||||||
|
|
@ -33,7 +33,7 @@ jobs:
|
||||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||||
|
|
||||||
- name: Canary test
|
- name: Canary test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary-tls: true
|
canary-tls: true
|
||||||
|
|
|
||||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
|
|
@ -40,7 +40,7 @@ jobs:
|
||||||
rc: true
|
rc: true
|
||||||
|
|
||||||
- name: Canary test
|
- name: Canary test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary: true
|
canary: true
|
||||||
|
|
|
||||||
16
.github/workflows/runs-on.yml
vendored
16
.github/workflows/runs-on.yml
vendored
|
|
@ -14,7 +14,7 @@ jobs:
|
||||||
- image=ubuntu24-stepsecurity-x64
|
- image=ubuntu24-stepsecurity-x64
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Runner
|
||||||
uses: step-security/harden-runner@rc
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # rc
|
||||||
with:
|
with:
|
||||||
egress-policy: audit
|
egress-policy: audit
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|
@ -23,7 +23,7 @@ jobs:
|
||||||
|
|
||||||
|
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||||
|
|
||||||
- name: Run outbound calls from host
|
- name: Run outbound calls from host
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -43,7 +43,7 @@ jobs:
|
||||||
- image=ubuntu24-stepsecurity-x64
|
- image=ubuntu24-stepsecurity-x64
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Runner
|
||||||
uses: step-security/harden-runner@rc
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # rc
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|
@ -56,7 +56,7 @@ jobs:
|
||||||
security.ubuntu.com:80
|
security.ubuntu.com:80
|
||||||
|
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||||
|
|
||||||
- name: Run outbound calls from within Docker container
|
- name: Run outbound calls from within Docker container
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
|
@ -89,7 +89,7 @@ jobs:
|
||||||
- image=ubuntu24-stepsecurity-x64
|
- image=ubuntu24-stepsecurity-x64
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Runner
|
||||||
uses: step-security/harden-runner@rc
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # rc
|
||||||
with:
|
with:
|
||||||
egress-policy: audit
|
egress-policy: audit
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|
@ -103,7 +103,7 @@ jobs:
|
||||||
security.ubuntu.com:80
|
security.ubuntu.com:80
|
||||||
|
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||||
|
|
||||||
- name: Build Docker image and test outbound calls during build
|
- name: Build Docker image and test outbound calls during build
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
|
@ -137,7 +137,7 @@ jobs:
|
||||||
- image=ubuntu24-stepsecurity-x64
|
- image=ubuntu24-stepsecurity-x64
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Runner
|
||||||
uses: step-security/harden-runner@rc
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # rc
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|
@ -152,7 +152,7 @@ jobs:
|
||||||
|
|
||||||
|
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||||
|
|
||||||
- name: Run long-running Docker container with outbound calls
|
- name: Run long-running Docker container with outbound calls
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue