--- name: "Dev Container Checker" on: workflow_dispatch: push: paths: - ".devcontainer/**" - ".github/workflows/devcontainer-checker.yml" branches: - main pull_request: types: - opened - reopened - synchronize paths: - ".devcontainer/**" - ".github/workflows/devcontainer-checker.yml" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: dev-container-checker: runs-on: ubuntu-latest steps: - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v2.2.0 with: egress-policy: block allowed-endpoints: > api.snapcraft.io:443 auth.docker.io:443 centralus.data.mcr.microsoft.com:443 deb.debian.org:443 deb.debian.org:80 dl.yarnpkg.com:443 eastus.data.mcr.microsoft.com:443 files.pythonhosted.org:443 ghcr.io:443 git.rootprojects.org:443 github.com:443 mcr.microsoft.com:443 nodejs.org:443 objects.githubusercontent.com:443 pkg-containers.githubusercontent.com:443 production.cloudflare.docker.com:443 pypi.org:443 registry-1.docker.io:443 registry.npmjs.org:443 webi.sh:443 westcentralus.data.mcr.microsoft.com:443 westus.data.mcr.microsoft.com:443 - name: Checkout uses: actions/checkout@v3 - name: Build and run dev container task uses: devcontainers/ci@v0.3 with: runCmd: | poe lint poe test