testing workflow

celo-org · Dec 17, 2024 · 413558a · 413558a
1 parent 783d800
commit 413558a
Showing 1 changed file with 28 additions and 25 deletions.
diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
@@ -77,37 +77,40 @@ jobs:
         uses: step-security/harden-runner@v2
         with:
           # We can disable sudo but tmate requires it, so if debug is on enable sudo
-          policy: docker
-#          disable-sudo: ${{ !inputs.debug }}
-#          egress-policy: block
-#          allowed-endpoints: >
-#            ssh.tmate.io:22
-#            api.github.com:443
-#            motd.ubuntu.com:443
-#            auth.docker.io:443
-#            azure.archive.ubuntu.com:80
-#            dl.google.com:443
-#            esm.ubuntu.com:443
-#            fulcio.sigstore.dev:443
-#            github.com:443
-#            iamcredentials.googleapis.com:443
-#            mirror.gcr.io:443
-#            objects.githubusercontent.com:443
-#            packages.microsoft.com:443
-#            production.cloudflare.docker.com:443
-#            proxy.golang.org:443
-#            raw.githubusercontent.com:443
-#            registry-1.docker.io:443
-#            rekor.sigstore.dev:443
-#            sts.googleapis.com:443
-#            tuf-repo-cdn.sigstore.dev:443
-#            us-west1-docker.pkg.dev:443
+        #  policy: docker
+          disable-sudo: ${{ !inputs.debug }}
+          egress-policy: block
+          allowed-endpoints: >
+            ssh.tmate.io:22
+            api.github.com:443
+            motd.ubuntu.com:443
+            auth.docker.io:443
+            azure.archive.ubuntu.com:80
+            dl.google.com:443
+            esm.ubuntu.com:443
+            fulcio.sigstore.dev:443
+            github.com:443
+            iamcredentials.googleapis.com:443
+            mirror.gcr.io:443
+            objects.githubusercontent.com:443
+            packages.microsoft.com:443
+            production.cloudflare.docker.com:443
+            proxy.golang.org:443
+            raw.githubusercontent.com:443
+            registry-1.docker.io:443
+            rekor.sigstore.dev:443
+            sts.googleapis.com:443
+            tuf-repo-cdn.sigstore.dev:443
+            us-west1-docker.pkg.dev:443
 
       - name: Setup tmate session
         uses: mxschmitt/action-tmate@e5c7151931ca95bad1c6f4190c730ecf8c7dde48
         if: inputs.debug_enabled == true 
         with:
           detached: true
+          tmate-server-host: ssh.tmate.io
+          tmate-server-port: 22
+          limit-access-to-actor: true
 
       - name: 'Checkout'
         uses: actions/checkout@v4