Skip to content

Commit 60d9788

Browse files
committed
feat: add harden runner in audit mode to critical workflows
- Ref: https://github.com/step-security/harden-runner#getting-started - Demo: https://app.storylane.io/share/679y2zgzljov
1 parent 5f6b403 commit 60d9788

2 files changed

Lines changed: 12 additions & 0 deletions

File tree

.github/workflows/npm_release_cli.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,12 @@ jobs:
1818
runs-on: macos-latest
1919

2020
steps:
21+
22+
- name: Harden the runner (Audit all outbound calls)
23+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
24+
with:
25+
egress-policy: audit
26+
2127
- uses: actions/checkout@v2
2228

2329
- uses: actions/setup-node@v3

.github/workflows/npm_release_doctor.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,12 @@ jobs:
2222
runs-on: ubuntu-latest
2323

2424
steps:
25+
26+
- name: Harden the runner (Audit all outbound calls)
27+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
28+
with:
29+
egress-policy: audit
30+
2531
- uses: actions/checkout@v2
2632

2733
- name: Setup

0 commit comments

Comments
 (0)