diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml index e3f428b4f..db0b22dd0 100644 --- a/.github/workflows/e2e-tests.yaml +++ b/.github/workflows/e2e-tests.yaml @@ -27,6 +27,9 @@ defaults: run: shell: bash +permissions: + contents: read + env: GRADLE_EXEC: ./gradlew @@ -35,7 +38,7 @@ jobs: runs-on: block-node-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts.yaml index 331577b52..4c1907f29 100644 --- a/.github/workflows/helm-charts.yaml +++ b/.github/workflows/helm-charts.yaml @@ -17,13 +17,16 @@ name: Lint and Test Charts on: pull_request +permissions: + contents: read + jobs: lint-install-test: name: Lint and Install Charts runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml index af3d7e960..63d3cfe13 100644 --- a/.github/workflows/pr-checks.yaml +++ b/.github/workflows/pr-checks.yaml @@ -30,13 +30,16 @@ defaults: env: GRADLE_EXEC: ./gradlew +permissions: + contents: read + jobs: compile: name: "Gradle Checks" runs-on: block-node-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/pr-formatting.yaml b/.github/workflows/pr-formatting.yaml index 961720d0b..e647eb4c4 100644 --- a/.github/workflows/pr-formatting.yaml +++ b/.github/workflows/pr-formatting.yaml @@ -44,6 +44,11 @@ jobs: name: PR Formatting Checks runs-on: block-node-linux-medium steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - name: Check PR Title id: title-check uses: step-security/conventional-pr-title-action@0eae74515f5a79f8773fa04142dd746df76666ac # v1.0.0 diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml index eee1f5469..8d954bf6f 100644 --- a/.github/workflows/release-automation.yaml +++ b/.github/workflows/release-automation.yaml @@ -44,7 +44,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/release-push-image.yaml b/.github/workflows/release-push-image.yaml index 72291f983..ece8ef8ee 100644 --- a/.github/workflows/release-push-image.yaml +++ b/.github/workflows/release-push-image.yaml @@ -48,7 +48,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/smoke-test.yaml b/.github/workflows/smoke-test.yaml index bcf58b790..fe9f585fe 100644 --- a/.github/workflows/smoke-test.yaml +++ b/.github/workflows/smoke-test.yaml @@ -30,13 +30,16 @@ defaults: env: GRADLE_EXEC: ./gradlew +permissions: + contents: read + jobs: smoke-test: name: "Smoke Tests" runs-on: block-node-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit