diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2fe869e7809..c6834e8b446 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c51c08139f7..f2506f02eaf 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -59,7 +59,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -107,7 +107,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -155,7 +155,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -203,7 +203,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -251,7 +251,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -299,7 +299,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -347,7 +347,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index d361fc600ce..7f7f000f02b 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 8918b68427a..3afe9888d99 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -38,7 +38,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 915dbca0ef4..138f75c54c9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -77,7 +77,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -125,7 +125,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -208,7 +208,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -256,7 +256,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -304,7 +304,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -352,7 +352,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -400,7 +400,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -448,7 +448,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -496,7 +496,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -544,7 +544,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -592,7 +592,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -640,7 +640,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -688,7 +688,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -735,7 +735,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -765,7 +765,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -808,7 +808,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -854,7 +854,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -889,7 +889,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index e154af107d8..81083c7e047 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -35,7 +35,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index c8f4b038350..cfbdba6ea14 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 22934ff20a8..3c44445ccbf 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v1 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs