From 4ac340f98f0e4b4efec7d15aa3192ee0425f1bc1 Mon Sep 17 00:00:00 2001 From: pputman-clabs Date: Mon, 16 Dec 2024 21:12:18 -0600 Subject: [PATCH] fixing tmate to remove url since its random in firewall anyways --- .github/workflows/docker-build.yaml | 30 ++--------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index a767a7a..50407fa 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -77,39 +77,13 @@ jobs: uses: step-security/harden-runner@v2 with: # We can disable sudo but tmate requires it, so if debug is on enable sudo - # policy: docker - disable-sudo: ${{ !inputs.debug }} - egress-policy: block - allowed-endpoints: > - ssh.tmate.io:22 - api.github.com:443 - motd.ubuntu.com:443 - auth.docker.io:443 - azure.archive.ubuntu.com:80 - dl.google.com:443 - esm.ubuntu.com:443 - fulcio.sigstore.dev:443 - github.com:443 - iamcredentials.googleapis.com:443 - mirror.gcr.io:443 - objects.githubusercontent.com:443 - packages.microsoft.com:443 - production.cloudflare.docker.com:443 - proxy.golang.org:443 - raw.githubusercontent.com:443 - registry-1.docker.io:443 - rekor.sigstore.dev:443 - sts.googleapis.com:443 - tuf-repo-cdn.sigstore.dev:443 - us-west1-docker.pkg.dev:443 + policy: docker - - name: Setup tmate session + - name: Setup tmate session uses: mxschmitt/action-tmate@e5c7151931ca95bad1c6f4190c730ecf8c7dde48 if: inputs.debug_enabled == true with: detached: true - tmate-server-host: ssh.tmate.io - tmate-server-port: 22 limit-access-to-actor: true - name: 'Checkout'