fixing tmate to remove url since its random in firewall anyways

celo-org · Dec 17, 2024 · 4ac340f · 4ac340f
1 parent 413558a
commit 4ac340f
Showing 1 changed file with 2 additions and 28 deletions.
diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
@@ -77,39 +77,13 @@ jobs:
         uses: step-security/harden-runner@v2
         with:
           # We can disable sudo but tmate requires it, so if debug is on enable sudo
-        #  policy: docker
-          disable-sudo: ${{ !inputs.debug }}
-          egress-policy: block
-          allowed-endpoints: >
-            ssh.tmate.io:22
-            api.github.com:443
-            motd.ubuntu.com:443
-            auth.docker.io:443
-            azure.archive.ubuntu.com:80
-            dl.google.com:443
-            esm.ubuntu.com:443
-            fulcio.sigstore.dev:443
-            github.com:443
-            iamcredentials.googleapis.com:443
-            mirror.gcr.io:443
-            objects.githubusercontent.com:443
-            packages.microsoft.com:443
-            production.cloudflare.docker.com:443
-            proxy.golang.org:443
-            raw.githubusercontent.com:443
-            registry-1.docker.io:443
-            rekor.sigstore.dev:443
-            sts.googleapis.com:443
-            tuf-repo-cdn.sigstore.dev:443
-            us-west1-docker.pkg.dev:443
+          policy: docker
 
-      - name: Setup tmate session
+     - name: Setup tmate session
         uses: mxschmitt/action-tmate@e5c7151931ca95bad1c6f4190c730ecf8c7dde48
         if: inputs.debug_enabled == true 
         with:
           detached: true
-          tmate-server-host: ssh.tmate.io
-          tmate-server-port: 22
           limit-access-to-actor: true
 
       - name: 'Checkout'