ci(github): 🔧 harden analysis workflow and fix nilaway action to inst…

…all go
joshuar · Sep 27, 2024 · 88f474c · 88f474c
1 parent ee1482b
commit 88f474c
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -33,7 +33,10 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v1
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          github.com:443
     - name: Checkout repository
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       with:
@@ -69,11 +72,19 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v1
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          github.com:443
     - name: Checkout repository
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       with:
         fetch-depth: 0
+    - name: Setup Go
+      id: setup_go
+      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
+      with:
+        go-version-file: 'go.mod'
     - name: Nil panic checks
       uses: qbaware/nilaway-action@8e71d29f098051670655958e754d21ebb7197416 # v0.0.9
       with: