Workflows: Change egress-policy to block (#5485)

author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2022-11-27 09:12:31 +0100
committer: GitHub <noreply@github.com> 2022-11-27 09:12:31 +0100
commit: 56ba1d2271ff21d1104943162704c662c7c9004f (patch)
tree: d135f63fbe2a5d262f5eff50fbf637ce637a9159 /.github/workflows/build.yml
parent: Workflows: Change egress-policy to block (diff)
download: firejail-56ba1d2271ff21d1104943162704c662c7c9004f.tar.gz
firejail-56ba1d2271ff21d1104943162704c662c7c9004f.tar.zst
firejail-56ba1d2271ff21d1104943162704c662c7c9004f.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3119f59b9..3e556b78d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -44,8 +44,16 @@ jobs:
    - name: Harden Runner
      uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
      with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          azure.archive.ubuntu.com:80
+          debian.org:80
+          github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+          www.debian.org:443
+          www.debian.org:80
+          yahoo.com:1025
    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
    - name: update package information
      run: sudo apt-get update
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2022-11-27 09:12:31 +0100
committer	GitHub <noreply@github.com>	2022-11-27 09:12:31 +0100
commit	56ba1d2271ff21d1104943162704c662c7c9004f (patch)
tree	d135f63fbe2a5d262f5eff50fbf637ce637a9159 /.github/workflows/build.yml
parent	Workflows: Change egress-policy to block (diff)
download	firejail-56ba1d2271ff21d1104943162704c662c7c9004f.tar.gz firejail-56ba1d2271ff21d1104943162704c662c7c9004f.tar.zst firejail-56ba1d2271ff21d1104943162704c662c7c9004f.zip

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3119f59b9..3e556b78d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml
@@ -44,8 +44,16 @@ jobs:
44	- name: Harden Runner	44	- name: Harden Runner
45	uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5	45	uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
46	with:	46	with:
47	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs	47	egress-policy: block
48		48	allowed-endpoints: >
		49	azure.archive.ubuntu.com:80
		50	debian.org:80
		51	github.com:443
		52	packages.microsoft.com:443
		53	ppa.launchpadcontent.net:443
		54	www.debian.org:443
		55	www.debian.org:80
		56	yahoo.com:1025
49	- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8	57	- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
50	- name: update package information	58	- name: update package information
51	run: sudo apt-get update	59	run: sudo apt-get update