harden-runner/action.yml

name: "Harden-Runner"
description: "Harden-Runner provides runtime security for GitHub-hosted and self-hosted runners"
inputs:
  allowed-endpoints:
    description: "Only these endpoints will be allowed if egress-policy is set to block"
    required: false
    default: ""
  egress-policy:
    description: "Policy for outbound traffic, can be either audit or block"
    required: false
    default: "block"
  token:
    description: "Used to avoid github rate limiting"
    default: ${{ github.token }}
  disable-telemetry:
    description: "Disable sending telemetry to StepSecurity API, can be set to true or false. This can only be set to true when egress-policy is set to block"
    required: false
    default: "false"
  disable-sudo:
    description: "Disable sudo access for the runner account. Note: This parameter will be deprecated in the future. Please use disable-sudo-and-containers instead."
    required: false
    default: "false"
  disable-sudo-and-containers:
    description: "Disable sudo and container access for the runner account"
    required: false
    default: "false"
  disable-file-monitoring:
    description: "Disable file monitoring"
    required: false
    default: "false"
  policy:
    description: "Policy name to be used from the policy store"
    required: false
    default: ""
  api-key:
    description: "StepSecurity API key for authenticating with the policy store"
    required: false
    default: ""
  use-policy-store:
    description: "Set to true to fetch policy from the policy store using the API key"
    required: false
    default: "false"

branding:
  icon: "check-square"
  color: "green"
runs:
  using: "node24"
  pre: "dist/pre/index.js"
  main: "dist/index.js"
  post: "dist/post/index.js"