diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7019b20c894..7ebd85e8c91 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 59e5befcebf..5c67eb9c654 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -59,7 +59,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -107,7 +107,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -155,7 +155,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -203,7 +203,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -251,7 +251,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -299,7 +299,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -347,7 +347,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index 954275009e9..0e5dac18dce 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -27,7 +27,7 @@ jobs: environment: gitlab steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index de8b6e5a7b7..4a4c00e0fdf 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 6cadebe3972..6c53fa40929 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -37,7 +37,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4380a046e14..e21b7ee5f13 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -77,7 +77,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -125,7 +125,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -208,7 +208,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -256,7 +256,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -304,7 +304,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -352,7 +352,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -400,7 +400,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -448,7 +448,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -496,7 +496,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -544,7 +544,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -592,7 +592,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -640,7 +640,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -688,7 +688,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -735,7 +735,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -765,7 +765,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -808,7 +808,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -854,7 +854,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -889,7 +889,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 4150dfd2a9b..393dd6d3b4d 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -32,7 +32,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index e5e804708a4..f34032e239e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index b64405929b1..2e72e88200f 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs