From 9123ee149f9e5e881f313d4a6390ef91e52afa85 Mon Sep 17 00:00:00 2001
From: Nathaniel Landau <nate@natelandau.com>
Date: Sun, 22 Jan 2023 17:17:09 +0000
Subject: [PATCH] ci: harden runner configuration

---
 .github/workflows/pypi-release.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml
index d362586..4d8bf28 100644
--- a/.github/workflows/pypi-release.yml
+++ b/.github/workflows/pypi-release.yml
@@ -20,8 +20,11 @@ jobs:
         steps:
             - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
               with:
-                  egress-policy: audit
+                  egress-policy: block
                   disable-sudo: true
+                  allowed-endpoints: >
+                      github.com:443
+                      upload.pypi.org:443
 
             - name: Checkout repository
               uses: actions/checkout@v3