Compare commits
1 commit
main
...
stepsecuri
| Author | SHA1 | Date | |
|---|---|---|---|
|
cdd8e86cf3 |
6 changed files with 15 additions and 15 deletions
4
.github/workflows/canary.yml
vendored
4
.github/workflows/canary.yml
vendored
|
|
@ -37,13 +37,13 @@ jobs:
|
|||
rc: true
|
||||
|
||||
- name: Canary test
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||
env:
|
||||
PAT: ${{ secrets.PAT }}
|
||||
canary: true
|
||||
|
||||
- name: Canary TLS test
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||
env:
|
||||
PAT: ${{ secrets.PAT }}
|
||||
canary-tls: true
|
||||
|
|
|
|||
2
.github/workflows/code-review.yml
vendored
2
.github/workflows/code-review.yml
vendored
|
|
@ -20,4 +20,4 @@ jobs:
|
|||
int.api.stepsecurity.io:443
|
||||
|
||||
- name: Code Review
|
||||
uses: step-security/ai-codewise@int
|
||||
uses: step-security/ai-codewise@ab9fe138367d6094b2df7f8469ddc2c5a79c9cf4 # int
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ jobs:
|
|||
egress-policy: audit
|
||||
|
||||
- name: Checking out
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||
- name: Publish
|
||||
id: publish
|
||||
uses: actions/publish-immutable-action@0.0.4
|
||||
4
.github/workflows/recurring-int-tests.yml
vendored
4
.github/workflows/recurring-int-tests.yml
vendored
|
|
@ -18,7 +18,7 @@ jobs:
|
|||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
- name: Canary test
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||
env:
|
||||
PAT: ${{ secrets.PAT }}
|
||||
canary: true
|
||||
|
|
@ -33,7 +33,7 @@ jobs:
|
|||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
- name: Canary test
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||
env:
|
||||
PAT: ${{ secrets.PAT }}
|
||||
canary-tls: true
|
||||
|
|
|
|||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
|
|
@ -40,7 +40,7 @@ jobs:
|
|||
rc: true
|
||||
|
||||
- name: Canary test
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
||||
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:76fa60ea6375f276d2b6bc097a5cff08ae2e9db8eb53bea7a9b4627f13b77106
|
||||
env:
|
||||
PAT: ${{ secrets.PAT }}
|
||||
canary: true
|
||||
|
|
|
|||
16
.github/workflows/runs-on.yml
vendored
16
.github/workflows/runs-on.yml
vendored
|
|
@ -14,7 +14,7 @@ jobs:
|
|||
- image=ubuntu24-stepsecurity-x64
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@rc
|
||||
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # rc
|
||||
with:
|
||||
egress-policy: audit
|
||||
allowed-endpoints: >
|
||||
|
|
@ -23,7 +23,7 @@ jobs:
|
|||
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||
|
||||
- name: Run outbound calls from host
|
||||
run: |
|
||||
|
|
@ -43,7 +43,7 @@ jobs:
|
|||
- image=ubuntu24-stepsecurity-x64
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@rc
|
||||
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # rc
|
||||
with:
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
|
|
@ -56,7 +56,7 @@ jobs:
|
|||
security.ubuntu.com:80
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||
|
||||
- name: Run outbound calls from within Docker container
|
||||
continue-on-error: true
|
||||
|
|
@ -89,7 +89,7 @@ jobs:
|
|||
- image=ubuntu24-stepsecurity-x64
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@rc
|
||||
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # rc
|
||||
with:
|
||||
egress-policy: audit
|
||||
allowed-endpoints: >
|
||||
|
|
@ -103,7 +103,7 @@ jobs:
|
|||
security.ubuntu.com:80
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||
|
||||
- name: Build Docker image and test outbound calls during build
|
||||
continue-on-error: true
|
||||
|
|
@ -137,7 +137,7 @@ jobs:
|
|||
- image=ubuntu24-stepsecurity-x64
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@rc
|
||||
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # rc
|
||||
with:
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
|
|
@ -152,7 +152,7 @@ jobs:
|
|||
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
|
||||
|
||||
- name: Run long-running Docker container with outbound calls
|
||||
continue-on-error: true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue