diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7ac8893cf4d..21fb1fee95a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 1179d62a89b..4ffcab3f3be 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -59,7 +59,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -107,7 +107,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -155,7 +155,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -203,7 +203,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -251,7 +251,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -299,7 +299,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -347,7 +347,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 6fed6d380dc..d5e1a404d01 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 8d5c5e41a59..06872f65f61 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -37,7 +37,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c8834bdb2b8..4bb9671b178 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -77,7 +77,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -125,7 +125,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -208,7 +208,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -256,7 +256,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -304,7 +304,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -352,7 +352,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -400,7 +400,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -448,7 +448,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -496,7 +496,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -544,7 +544,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -592,7 +592,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -640,7 +640,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -688,7 +688,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -735,7 +735,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -765,7 +765,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -808,7 +808,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -854,7 +854,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -889,7 +889,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 24c314c8095..8c864cd6124 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -35,7 +35,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 7dcde49cb79..f8e006107de 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index d3730877a05..27474ae31da 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs