ci: harden runner configuration

2025-11-17 09:23:40 -05:00 · 2023-01-22 17:17:09 +00:00
parent 6d26a41a36
commit 9123ee149f
1 changed files with 4 additions and 1 deletions
--- a/.github/workflows/pypi-release.yml
+++ b/.github/workflows/pypi-release.yml
@@ -20,8 +20,11 @@ jobs:
        steps:
            - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
              with:
-                  egress-policy: audit
+                  egress-policy: block
                  disable-sudo: true
+                  allowed-endpoints: >
+                      github.com:443
+                      upload.pypi.org:443

            - name: Checkout repository
              uses: actions/checkout@v3