Update workflows

varunsh-coder · varunsh-coder · commit 8bfd74820b4e · 2021-11-26T08:42:54.000-08:00
Bump harden-runner commit
Add allowed domains
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -37,7 +37,7 @@ jobs:
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
-    - uses: step-security/harden-runner@7206db2ec98c5538323a6d70e51f965d55c11c87
+    - uses: step-security/harden-runner@917f7d59f22e82a5ddcaef409923426fd7aa6327
     - name: Checkout repository
       uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5
 
diff --git a/.github/workflows/int.yml b/.github/workflows/int.yml
@@ -13,7 +13,7 @@ jobs:
       contents: read
     runs-on: ubuntu-latest
     steps:
-    - uses: step-security/harden-runner@7206db2ec98c5538323a6d70e51f965d55c11c87
+    - uses: step-security/harden-runner@917f7d59f22e82a5ddcaef409923426fd7aa6327
       with:
        allowed-endpoints: 
         api.github.com:443
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,7 +13,17 @@ jobs:
       contents: write
     runs-on: ubuntu-latest
     steps:
-    - uses: step-security/harden-runner@7206db2ec98c5538323a6d70e51f965d55c11c87      
+    - uses: step-security/harden-runner@917f7d59f22e82a5ddcaef409923426fd7aa6327
+      with:
+        allowed-endpoints: 
+          agent.api.stepsecurity.io:443
+          api.github.com:443
+          github.com:443
+          goreleaser.com:443
+          objects.githubusercontent.com:443
+          proxy.golang.org:443
+          storage.googleapis.com:443
+          uploads.github.com:443
     - name: Checkout
       uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5
     - name: Set up Go 
diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml
@@ -18,7 +18,7 @@ jobs:
       security-events: write
 
     steps:
-      - uses: step-security/harden-runner@7206db2ec98c5538323a6d70e51f965d55c11c87
+      - uses: step-security/harden-runner@917f7d59f22e82a5ddcaef409923426fd7aa6327
       - name: "Checkout code"
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -10,7 +10,7 @@ jobs:
       contents: read
     runs-on: ubuntu-latest
     steps:
-    - uses: step-security/harden-runner@7206db2ec98c5538323a6d70e51f965d55c11c87
+    - uses: step-security/harden-runner@917f7d59f22e82a5ddcaef409923426fd7aa6327
       with:
         allowed-endpoints: 
           beta.api.stepsecurity.io:443
