CI: turn on block mode for Harden-Runner

agarciadom · web-flow · commit 61561511abf1 · 2026-03-25T10:15:37.000Z
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -22,7 +22,16 @@ jobs:
     steps:
     - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594
       with:
-        egress-policy: audit    
+        egress-policy: block
+        disable-telemetry: true
+        allowed-endpoints: >
+          api.github.com:443
+          github.com:443
+          repo.maven.apache.org:443
+          168.63.129.16
+          azure.archive.ubuntu.com
+          download.eclipse.org:443
+          esm.ubuntu.com:443
     - uses: actions/checkout@v4
     - name: Install Webkit + GTK bindings
       run: sudo apt update -yq && sudo apt-get install -yq libwebkit2gtk-4.0-dev
