diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b20e60f41e9..61507422557 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 011d0fda07c..5ecf456e0c8 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -59,7 +59,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -107,7 +107,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -155,7 +155,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -203,7 +203,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -251,7 +251,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -299,7 +299,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -347,7 +347,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 5ace990ddbf..658c00640a1 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 1eeca00f1cb..026988b59ad 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -37,7 +37,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e7d4b04eff0..52a0039c286 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -77,7 +77,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -125,7 +125,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -208,7 +208,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -256,7 +256,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -304,7 +304,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -352,7 +352,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -400,7 +400,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -448,7 +448,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -496,7 +496,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -544,7 +544,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -592,7 +592,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -640,7 +640,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -688,7 +688,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -735,7 +735,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -765,7 +765,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -808,7 +808,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -854,7 +854,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -889,7 +889,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index fde531d2459..de6fceae376 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -35,7 +35,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 323e86772a4..34b5c9faf13 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index d736e63f1f6..d3730877a05 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v1 + uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs