Merge pull request #1379 from step-security/update-harden-harden-int

Update harden runner version
step-security · Nov 9, 2022 · cc5afdc · cc5afdc
2 parents 3da1738 + 7bcb807
commit cc5afdc
Show file tree

Hide file tree

Showing 12 changed files with 17 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -190,7 +190,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@v1
+        uses: step-security/harden-runner@v2
         with:
           egress-policy: audit
 

diff --git a/remediation/workflow/hardenrunner/addaction_test.go b/remediation/workflow/hardenrunner/addaction_test.go
@@ -20,11 +20,11 @@ func TestAddAction(t *testing.T) {
 		wantErr     bool
 		wantUpdated bool
 	}{
-		{name: "one job", args: args{inputYaml: "action-issues.yml", action: "step-security/harden-runner@v1"}, want: "action-issues.yml", wantErr: false, wantUpdated: true},
-		{name: "two jobs", args: args{inputYaml: "2jobs.yml", action: "step-security/harden-runner@v1"}, want: "2jobs.yml", wantErr: false, wantUpdated: true},
-		{name: "already present", args: args{inputYaml: "alreadypresent.yml", action: "step-security/harden-runner@v1"}, want: "alreadypresent.yml", wantErr: false, wantUpdated: true},
-		{name: "already present 2", args: args{inputYaml: "alreadypresent_2.yml", action: "step-security/harden-runner@v1"}, want: "alreadypresent_2.yml", wantErr: false, wantUpdated: false},
-		{name: "reusable job", args: args{inputYaml: "reusablejob.yml", action: "step-security/harden-runner@v1"}, want: "reusablejob.yml", wantErr: false, wantUpdated: false},
+		{name: "one job", args: args{inputYaml: "action-issues.yml", action: "step-security/harden-runner@v2"}, want: "action-issues.yml", wantErr: false, wantUpdated: true},
+		{name: "two jobs", args: args{inputYaml: "2jobs.yml", action: "step-security/harden-runner@v2"}, want: "2jobs.yml", wantErr: false, wantUpdated: true},
+		{name: "already present", args: args{inputYaml: "alreadypresent.yml", action: "step-security/harden-runner@v2"}, want: "alreadypresent.yml", wantErr: false, wantUpdated: true},
+		{name: "already present 2", args: args{inputYaml: "alreadypresent_2.yml", action: "step-security/harden-runner@v2"}, want: "alreadypresent_2.yml", wantErr: false, wantUpdated: false},
+		{name: "reusable job", args: args{inputYaml: "reusablejob.yml", action: "step-security/harden-runner@v2"}, want: "reusablejob.yml", wantErr: false, wantUpdated: false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

diff --git a/remediation/workflow/secureworkflow.go b/remediation/workflow/secureworkflow.go
@@ -7,7 +7,7 @@ import (
 	"github.com/step-security/secure-workflows/remediation/workflow/pin"
 )
 
-const HardenRunnerActionPathWithTag = "step-security/harden-runner@v1"
+const HardenRunnerActionPathWithTag = "step-security/harden-runner@v2"
 
 func SecureWorkflow(queryStringParams map[string]string, inputYaml string, svc dynamodbiface.DynamoDBAPI) (*permissions.SecureWorkflowReponse, error) {
 	pinActions, addHardenRunner, addPermissions, addProjectComment := true, true, true, true

diff --git a/remediation/workflow/secureworkflow_test.go b/remediation/workflow/secureworkflow_test.go
@@ -20,7 +20,7 @@ func TestSecureWorkflow(t *testing.T) {
 	httpmock.RegisterResponder("GET", "https://api.github.com/repos/actions/checkout/commits/v1",
 		httpmock.NewStringResponder(200, `544eadc6bf3d226fd7a7a9f0dc5b5bf7ca0675b9`))
 
-	httpmock.RegisterResponder("GET", "https://api.github.com/repos/step-security/harden-runner/commits/v1",
+	httpmock.RegisterResponder("GET", "https://api.github.com/repos/step-security/harden-runner/commits/v2",
 		httpmock.NewStringResponder(200, `7206db2ec98c5538323a6d70e51f965d55c11c87`))
 
 	httpmock.RegisterResponder("GET", "https://api.github.com/repos/github/super-linter/commits/v3",

diff --git a/testfiles/addaction/input/alreadypresent_2.yml b/testfiles/addaction/input/alreadypresent_2.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

diff --git a/testfiles/addaction/output/2jobs.yml b/testfiles/addaction/output/2jobs.yml
@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

diff --git a/testfiles/addaction/output/action-issues.yml b/testfiles/addaction/output/action-issues.yml
@@ -10,7 +10,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@v1
+      uses: step-security/harden-runner@v2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

diff --git a/testfiles/addaction/output/alreadypresent.yml b/testfiles/addaction/output/alreadypresent.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

diff --git a/testfiles/addaction/output/alreadypresent_2.yml b/testfiles/addaction/output/alreadypresent_2.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

diff --git a/testfiles/joblevelpermskb/input/duplicate-perms.yml b/testfiles/joblevelpermskb/input/duplicate-perms.yml
@@ -7,7 +7,7 @@ jobs:
   create-pr:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@v1
+      - uses: step-security/harden-runner@v2
       - uses: actions/checkout@v2
       - name: Create commits
         run: |

diff --git a/testfiles/joblevelpermskb/output/duplicate-perms.yml b/testfiles/joblevelpermskb/output/duplicate-perms.yml
@@ -10,7 +10,7 @@ jobs:
       pull-requests: write  # for peter-evans/create-pull-request to create a PR
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@v1
+      - uses: step-security/harden-runner@v2
       - uses: actions/checkout@v2
       - name: Create commits
         run: |

diff --git a/testfiles/secureworkflow/output/nopin.yml b/testfiles/secureworkflow/output/nopin.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest  
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@v1
+        uses: step-security/harden-runner@v2
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs