Update Github Worfklows

[pierredup]

Fixes #801

[what-the-diff]

PR Summary

• Egress-policy updated
  The egress-policy was updated from 'audit' to 'block' in several workflow files, improving security by preventing unauthorized data transfer.

[varunsh-coder]

H @pierredup, I am one of the maintainers of harden-runner. I see that you are trying to change the egress-policy to block mode.

For block mode, you also need to specify the allowed-endpoints, which you can see from a previous run of Harden-runner in audit mode.
e.g. for automatic-release.yml, the insights URL with audit mode is https://app.stepsecurity.io/github/SolidInvoice/SolidInvoice/actions/runs/4980521965 and has the recommended egress policy.

The insights URL can be seen in the markdown summary for a workflow run.
https://github.com/SolidInvoice/SolidInvoice/actions/runs/4980521965

[pierredup]

Thanks @varunsh-coder!

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (706ddf2) 50.52% compared to head (c3a6221) 50.52%.

Additional details and impacted files

@@            Coverage Diff            @@
##              2.2.x     #854   +/-   ##
=========================================
  Coverage     50.52%   50.52%           
  Complexity     2208     2208           
=========================================
  Files           438      438           
  Lines          8228     8228           
=========================================
  Hits           4157     4157           
  Misses         4071     4071           

Flag	Coverage Δ
unittests	50.52% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[varunsh-coder]

Thanks @varunsh-coder!

Welcome! We also added support for wildcard domains recently. You can also use a wildcard if you notice multiple allowed-endpoints for the same sub-domains. More details in the docs.