diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 97b5d52bb339..82f18b0d8c78 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -83,7 +83,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-file-monitoring: true egress-policy: block @@ -129,7 +129,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/cleanup-pr-assets.yml b/.github/workflows/cleanup-pr-assets.yml index 299dc0636b0a..88a6eb055408 100644 --- a/.github/workflows/cleanup-pr-assets.yml +++ b/.github/workflows/cleanup-pr-assets.yml @@ -21,7 +21,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-file-monitoring: true disable-sudo: true diff --git a/.github/workflows/lint-css-js-md.yml b/.github/workflows/lint-css-js-md.yml index 5330d0e14c54..532c70928ebb 100644 --- a/.github/workflows/lint-css-js-md.yml +++ b/.github/workflows/lint-css-js-md.yml @@ -61,7 +61,7 @@ jobs: timeout-minutes: 20 steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/lint-i18n.yml b/.github/workflows/lint-i18n.yml index 8cd48eaa00b9..0cb73a3ad0cb 100644 --- a/.github/workflows/lint-i18n.yml +++ b/.github/workflows/lint-i18n.yml @@ -42,7 +42,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 8064445517f3..3ac1cf9648fb 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -41,7 +41,7 @@ jobs: timeout-minutes: 5 steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/lint-plugin-check.yml b/.github/workflows/lint-plugin-check.yml index 7af02df4590f..3deecbb46ef4 100644 --- a/.github/workflows/lint-plugin-check.yml +++ b/.github/workflows/lint-plugin-check.yml @@ -42,7 +42,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index a3fb681c2b5b..f1531a4a0ce8 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -102,7 +102,7 @@ jobs: needs: [dry-run] steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/plugin-release.yml b/.github/workflows/plugin-release.yml index da484f249d19..ab230ef2efa5 100644 --- a/.github/workflows/plugin-release.yml +++ b/.github/workflows/plugin-release.yml @@ -41,7 +41,7 @@ jobs: environment: Production steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -104,7 +104,7 @@ jobs: needs: [checks] steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -245,7 +245,7 @@ jobs: release_name: ${{ steps.release_branch.outputs.release_name }} steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -408,7 +408,7 @@ jobs: needs: [build] steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -444,7 +444,7 @@ jobs: if: ${{ ! startsWith(github.ref, 'refs/heads/release/') && ! contains(github.event.inputs.version, 'rc') }} steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -500,7 +500,7 @@ jobs: SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }} steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index ec3ef4156705..369d81024d4a 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/tests-e2e.yml b/.github/workflows/tests-e2e.yml index 5f008479db25..13640f364eeb 100644 --- a/.github/workflows/tests-e2e.yml +++ b/.github/workflows/tests-e2e.yml @@ -70,7 +70,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -159,7 +159,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/tests-karma-dashboard.yml b/.github/workflows/tests-karma-dashboard.yml index 7f8e42869098..5cc077fe9e89 100644 --- a/.github/workflows/tests-karma-dashboard.yml +++ b/.github/workflows/tests-karma-dashboard.yml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/tests-karma-editor.yml b/.github/workflows/tests-karma-editor.yml index 494b1be22f0a..45520a209b76 100644 --- a/.github/workflows/tests-karma-editor.yml +++ b/.github/workflows/tests-karma-editor.yml @@ -83,7 +83,7 @@ jobs: ] steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/tests-unit-js.yml b/.github/workflows/tests-unit-js.yml index 69f861803994..ff5ea5339c7e 100644 --- a/.github/workflows/tests-unit-js.yml +++ b/.github/workflows/tests-unit-js.yml @@ -51,7 +51,7 @@ jobs: shard: ['1/2', '2/2'] steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/tests-unit-php.yml b/.github/workflows/tests-unit-php.yml index 2b53c49ae4e4..63cc3a67d361 100644 --- a/.github/workflows/tests-unit-php.yml +++ b/.github/workflows/tests-unit-php.yml @@ -80,7 +80,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/update-browserslist.yml b/.github/workflows/update-browserslist.yml index d95e0db28988..349db0bbbce6 100644 --- a/.github/workflows/update-browserslist.yml +++ b/.github/workflows/update-browserslist.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-google-fonts.yml b/.github/workflows/update-google-fonts.yml index 9d59e0b2167f..1e4c5dbd3d20 100644 --- a/.github/workflows/update-google-fonts.yml +++ b/.github/workflows/update-google-fonts.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-product-schema.yml b/.github/workflows/update-product-schema.yml index 83a0df5928fb..02f887e513a4 100644 --- a/.github/workflows/update-product-schema.yml +++ b/.github/workflows/update-product-schema.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-templates.yml b/.github/workflows/update-templates.yml index 89f1e3f6a69f..872224ad49b1 100644 --- a/.github/workflows/update-templates.yml +++ b/.github/workflows/update-templates.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 + uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs