-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable setting allowed-endpoints via insights website #217
Comments
Proposed developer experience
steps:
- uses: step-security/harden-runner@v2
with:
policy: my-policy
|
/cc @Devils-Knight |
@h0x0er please make changes to the fetch policy from API. For the time being, you can mock the API call. |
@h0x0er we need to add retry logic for the code that fetches the policy. We can wait for a second between each retry and try 3 times. We should not get the token again. The token should be generated just once and used for the retry logic. We should log something like |
This has been released. https://www.stepsecurity.io/blog/introducing-harden-runner-policy-store Great work @h0x0er! Closing the issue. |
Currently, the
allowed-endpoints
are set in the workflow file. For workflows where the endpoints might often change, e.g., re-usable workflows, it would be better to enable settingallowed-endpoints
using the insights website.This will remove the need to update the workflow file to set allowed endpoints.
The text was updated successfully, but these errors were encountered: