Merge branch 'step-security:main' into issue1376

Author: h0x0er

.github/workflows/kbanalysis.yml

@@ -31,7 +31,7 @@ jobs:
           repository: step-security/secure-workflows
 
       - name: KBAnalysis
-        uses: step-security/secure-workflows/kbanalysis@03a07b65449688ebe9e517e4446b9f323bb194a0
+        uses: step-security/secure-workflows/kbanalysis@c2c236dfe29d884c1a27585dcab07ffab8c9a5a0
         with:
           github-token: ${{secrets.PAT }}
           issue-id: ${{ github.event.issue.number}}

README.md

@@ -193,7 +193,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@v1
+        uses: step-security/harden-runner@v2
         with:
           egress-policy: audit
 

addaction_test.go

@@ -20,11 +20,11 @@ func TestAddAction(t *testing.T) {
 		wantErr     bool
 		wantUpdated bool
 	}{
-		{name: "one job", args: args{inputYaml: "action-issues.yml", action: "step-security/harden-runner@v1"}, want: "action-issues.yml", wantErr: false, wantUpdated: true},
-		{name: "two jobs", args: args{inputYaml: "2jobs.yml", action: "step-security/harden-runner@v1"}, want: "2jobs.yml", wantErr: false, wantUpdated: true},
-		{name: "already present", args: args{inputYaml: "alreadypresent.yml", action: "step-security/harden-runner@v1"}, want: "alreadypresent.yml", wantErr: false, wantUpdated: true},
-		{name: "already present 2", args: args{inputYaml: "alreadypresent_2.yml", action: "step-security/harden-runner@v1"}, want: "alreadypresent_2.yml", wantErr: false, wantUpdated: false},
-		{name: "reusable job", args: args{inputYaml: "reusablejob.yml", action: "step-security/harden-runner@v1"}, want: "reusablejob.yml", wantErr: false, wantUpdated: false},
+		{name: "one job", args: args{inputYaml: "action-issues.yml", action: "step-security/harden-runner@v2"}, want: "action-issues.yml", wantErr: false, wantUpdated: true},
+		{name: "two jobs", args: args{inputYaml: "2jobs.yml", action: "step-security/harden-runner@v2"}, want: "2jobs.yml", wantErr: false, wantUpdated: true},
+		{name: "already present", args: args{inputYaml: "alreadypresent.yml", action: "step-security/harden-runner@v2"}, want: "alreadypresent.yml", wantErr: false, wantUpdated: true},
+		{name: "already present 2", args: args{inputYaml: "alreadypresent_2.yml", action: "step-security/harden-runner@v2"}, want: "alreadypresent_2.yml", wantErr: false, wantUpdated: false},
+		{name: "reusable job", args: args{inputYaml: "reusablejob.yml", action: "step-security/harden-runner@v2"}, want: "reusablejob.yml", wantErr: false, wantUpdated: false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

secureworkflow.go

@@ -5,7 +5,7 @@ import (
 )
 
 const (
-	HardenRunnerActionPathWithTag = "step-security/harden-runner@v1"
+	HardenRunnerActionPathWithTag = "step-security/harden-runner@v2"
 	HardenRunnerActionPath        = "step-security/harden-runner"
 	HardenRunnerActionName        = "Harden Runner"
 )

secureworkflow_test.go

@@ -19,7 +19,7 @@ func TestSecureWorkflow(t *testing.T) {
 	httpmock.RegisterResponder("GET", "https://api.github.com/repos/actions/checkout/commits/v1",
 		httpmock.NewStringResponder(200, `544eadc6bf3d226fd7a7a9f0dc5b5bf7ca0675b9`))
 
-	httpmock.RegisterResponder("GET", "https://api.github.com/repos/step-security/harden-runner/commits/v1",
+	httpmock.RegisterResponder("GET", "https://api.github.com/repos/step-security/harden-runner/commits/v2",
 		httpmock.NewStringResponder(200, `7206db2ec98c5538323a6d70e51f965d55c11c87`))
 
 	httpmock.RegisterResponder("GET", "https://api.github.com/repos/github/super-linter/commits/v3",

testfiles/addaction/input/alreadypresent_2.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

testfiles/addaction/output/2jobs.yml

@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

testfiles/addaction/output/action-issues.yml

@@ -10,7 +10,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@v1
+      uses: step-security/harden-runner@v2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

testfiles/addaction/output/alreadypresent.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

testfiles/addaction/output/alreadypresent_2.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
      - name: Harden Runner
-       uses: step-security/harden-runner@v1
+       uses: step-security/harden-runner@v2
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs