mirror of
https://github.com/natelandau/obsidian-metadata.git
synced 2025-11-18 09:53:40 -05:00
ci: update harden security runner (#42)
This commit is contained in:
Nathaniel Landau
3
.github/workflows/automated-tests.yml
vendored
3
.github/workflows/automated-tests.yml
vendored
@@ -38,7 +38,8 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
python-version: ["3.10", "3.11"]
|
python-version: ["3.10", "3.11"]
|
||||||
steps:
|
steps:
|
||||||
- uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
|
- name: Harden Security Runner
|
||||||
|
uses: step-security/harden-runner@v2
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
disable-sudo: true
|
disable-sudo: true
|
||||||
|
|||||||
4
.github/workflows/commit-linter.yml
vendored
4
.github/workflows/commit-linter.yml
vendored
@@ -22,8 +22,8 @@ jobs:
|
|||||||
pull-requests: read # for wagoid/commitlint-github-action to get commits in PR
|
pull-requests: read # for wagoid/commitlint-github-action to get commits in PR
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Security Runner
|
||||||
uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
|
uses: step-security/harden-runner@v2
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|||||||
3
.github/workflows/create-release.yml
vendored
3
.github/workflows/create-release.yml
vendored
@@ -22,7 +22,8 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
python-version: ["3.11"]
|
python-version: ["3.11"]
|
||||||
steps:
|
steps:
|
||||||
- uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
|
- name: Harden Security Runner
|
||||||
|
uses: step-security/harden-runner@v2
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
disable-sudo: true
|
disable-sudo: true
|
||||||
|
|||||||
8
.github/workflows/devcontainer-checker.yml
vendored
8
.github/workflows/devcontainer-checker.yml
vendored
@@ -27,17 +27,17 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
|
- name: Harden Security Runner
|
||||||
|
uses: step-security/harden-runner@v2
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
*.data.mcr.microsoft.com:443
|
||||||
api.snapcraft.io:443
|
api.snapcraft.io:443
|
||||||
auth.docker.io:443
|
auth.docker.io:443
|
||||||
centralus.data.mcr.microsoft.com:443
|
|
||||||
deb.debian.org:443
|
deb.debian.org:443
|
||||||
deb.debian.org:80
|
deb.debian.org:80
|
||||||
dl.yarnpkg.com:443
|
dl.yarnpkg.com:443
|
||||||
eastus.data.mcr.microsoft.com:443
|
|
||||||
files.pythonhosted.org:443
|
files.pythonhosted.org:443
|
||||||
ghcr.io:443
|
ghcr.io:443
|
||||||
git.rootprojects.org:443
|
git.rootprojects.org:443
|
||||||
@@ -51,8 +51,6 @@ jobs:
|
|||||||
registry-1.docker.io:443
|
registry-1.docker.io:443
|
||||||
registry.npmjs.org:443
|
registry.npmjs.org:443
|
||||||
webi.sh:443
|
webi.sh:443
|
||||||
westcentralus.data.mcr.microsoft.com:443
|
|
||||||
westus.data.mcr.microsoft.com:443
|
|
||||||
|
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|||||||
4
.github/workflows/labeler.yml
vendored
4
.github/workflows/labeler.yml
vendored
@@ -10,8 +10,8 @@ jobs:
|
|||||||
pull-requests: write
|
pull-requests: write
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Security Runner
|
||||||
uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
|
uses: step-security/harden-runner@v2
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|||||||
4
.github/workflows/pr-linter.yml
vendored
4
.github/workflows/pr-linter.yml
vendored
@@ -21,8 +21,8 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Security Runner
|
||||||
uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
|
uses: step-security/harden-runner@v2
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|||||||
3
.github/workflows/pypi-release.yml
vendored
3
.github/workflows/pypi-release.yml
vendored
@@ -18,7 +18,8 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
python-version: ["3.11"]
|
python-version: ["3.11"]
|
||||||
steps:
|
steps:
|
||||||
- uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
|
- name: Harden Security Runner
|
||||||
|
uses: step-security/harden-runner@v2
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
disable-sudo: true
|
disable-sudo: true
|
||||||
|
|||||||
Reference in New Issue
Block a user