diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ba553761077..69c09b25951 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 49709ebc965..f97186a6ccf 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -40,7 +40,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -82,7 +82,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -124,7 +124,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -166,7 +166,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -208,7 +208,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -250,7 +250,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -292,7 +292,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index d6b0b9bca48..d3fa5ff6adc 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index ba6b1da9703..dad76c20438 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -38,7 +38,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 92f7b0721d1..321f73c435e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -75,7 +75,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -121,7 +121,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -165,7 +165,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -210,7 +210,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -255,7 +255,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -300,7 +300,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -345,7 +345,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -390,7 +390,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -435,7 +435,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -480,7 +480,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -525,7 +525,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -570,7 +570,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -615,7 +615,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -660,7 +660,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -704,7 +704,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -743,7 +743,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -784,7 +784,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -827,7 +827,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -871,7 +871,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/ok-to-test.yml b/.github/workflows/ok-to-test.yml index c1d593ebf40..40adf0c2cdb 100644 --- a/.github/workflows/ok-to-test.yml +++ b/.github/workflows/ok-to-test.yml @@ -27,7 +27,7 @@ jobs: if: ${{ github.event.issue.pull_request }} steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 161dc7888e6..731e4e4678e 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -35,7 +35,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 6a1340fbc81..dadcafaa7c7 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8567bf93401..ca399e9dd21 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 29712849f56..f29ce2ab871 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1 + uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs