ci: update harden security runner (#42)

2025-11-18 09:53:40 -05:00 · 2023-05-05 14:51:32 -04:00
parent 2d15760096
commit b762c34860
7 changed files with 15 additions and 14 deletions
--- a/.github/workflows/devcontainer-checker.yml
+++ b/.github/workflows/devcontainer-checker.yml
@@ -27,17 +27,17 @@ jobs:
        runs-on: ubuntu-latest

        steps:
-            - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
+            - name: Harden Security Runner
+              uses: step-security/harden-runner@v2
              with:
                  egress-policy: block
                  allowed-endpoints: >
+                      *.data.mcr.microsoft.com:443
                      api.snapcraft.io:443
                      auth.docker.io:443
-                      centralus.data.mcr.microsoft.com:443
                      deb.debian.org:443
                      deb.debian.org:80
                      dl.yarnpkg.com:443
-                      eastus.data.mcr.microsoft.com:443
                      files.pythonhosted.org:443
                      ghcr.io:443
                      git.rootprojects.org:443
@@ -51,8 +51,6 @@ jobs:
                      registry-1.docker.io:443
                      registry.npmjs.org:443
                      webi.sh:443
-                      westcentralus.data.mcr.microsoft.com:443
-                      westus.data.mcr.microsoft.com:443

            - name: Checkout
              uses: actions/checkout@v3