From a2c8a5f03ce4ef52c514dd3b60458474844ec4f2 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Mon, 24 Apr 2023 03:27:50 -0300
Subject: ci: allow endpoints used in tests

Relevant lines from build_and_test[1]:

    endpoint called ip address:port 1.1.1.1:1025, domain:
    endpoint called ip address:port 54.185.253.63:43, domain: whois.pir.org.
    ##[error]StepSecurity Harden Runner: DNS resolution for domain dns.quad9.net. was blocked. This domain is not in the list of allowed-endpoints.
    ##[error]StepSecurity Harden Runner: DNS resolution for domain whois.pir.org. was blocked. This domain is not in the list of allowed-endpoints.

The relevant tests were added in the following commits:

* ef4409e7b ("added whois and dig profiles", 2018-08-30)
* 171898233 ("more profile fixes/testing", 2023-01-19)

Relates to #5439 #5485.

[1] https://github.com/netblue30/firejail/actions/runs/4854586882/jobs/8652141329
---
 .github/workflows/build.yml | 3 +++
 1 file changed, 3 insertions(+)

(limited to '.github/workflows')

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b72bdd611..c6bb3b67c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -52,11 +52,14 @@ jobs:
       with:
         egress-policy: block
         allowed-endpoints: >
+          1.1.1.1:1025
           azure.archive.ubuntu.com:80
           debian.org:80
+          dns.quad9.net:53
           github.com:443
           packages.microsoft.com:443
           ppa.launchpadcontent.net:443
+          whois.pir.org:43
           www.debian.org:443
           www.debian.org:80
           yahoo.com:1025
-- 
cgit v1.2.3-54-g00ecf