From 1f715fe03db90c0c16a35619b95ff89ceafc5008 Mon Sep 17 00:00:00 2001
From: Ashish Kurmi <akurmi@stepsecurity.io>
Date: Sun, 14 May 2023 10:51:59 -0700
Subject: [PATCH] using ai-codewise int for dogfooding

---
 .github/workflows/code-review.yml | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml
index 4f3b3717..c40f9f80 100644
--- a/.github/workflows/code-review.yml
+++ b/.github/workflows/code-review.yml
@@ -1,27 +1,23 @@
 name: Code Review
 on:
   pull_request:
-    branches:
-      - main
-      - int
 permissions:
   contents: read
-
 jobs:
   code-review:
-    name: Code Review
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      pull-requests: write
-      id-token: write
+      pull-requests: read
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            int.api.stepsecurity.io:443
 
       - name: Code Review
-        uses: docker://ghcr.io/step-security/code-reviewer/int:latest
-        env:
-          PAT: ${{ secrets.GITHUB_TOKEN }}
+        uses: step-security/ai-codewise@int