.github/workflows: hardened runner for work and scorecard as well.

- Add `step-security/harden-runner` to provide network egress filtering and runtime security. See https://github.com/step-security/harden-runner Signed-off-by: Vincent Demeester <[email protected]>
tektoncd · Apr 5, 2024 · d46d66b · d46d66b
1 parent 7003e6e
commit d46d66b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -28,6 +28,10 @@ jobs:
       id-token: write
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
       - name: "Checkout code"
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:

diff --git a/.github/workflows/woke.yml b/.github/workflows/woke.yml
@@ -10,6 +10,10 @@ jobs:
     name: 'woke'
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
       - name: 'Checkout'
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2