diff --git a/.github/workflows/aws-auth.yml b/.github/workflows/aws-auth.yml index 5ff09f3bb..17929e7e2 100644 --- a/.github/workflows/aws-auth.yml +++ b/.github/workflows/aws-auth.yml @@ -38,7 +38,7 @@ jobs: aws-secret-access-key: ${{ steps.encrypt-aws-secret-access-key.outputs.out }} aws-session-token: ${{ steps.encrypt-aws-session-token.outputs.out }} steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2bb2ee8b8..31bda506f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -100,7 +100,7 @@ jobs: attestation-artifacts-key: ${{ env.ATTESTATION_ARTIFACTS_KEY }} attestation-artifacts-path: ${{ steps.store-attestations.outputs.path }} steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -234,7 +234,7 @@ jobs: artifacts-path: ${{ env.ARTIFACTS_PATH }} checksums-sha256: ${{ steps.checksums.outputs.sha256 }} steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 719101bf2..595ebb0f3 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -42,7 +42,7 @@ jobs: contents: read security-events: write steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -67,7 +67,7 @@ jobs: permissions: contents: read steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/dependabot-auto-approve.yml b/.github/workflows/dependabot-auto-approve.yml index fc159f0cf..6bd5e5a13 100644 --- a/.github/workflows/dependabot-auto-approve.yml +++ b/.github/workflows/dependabot-auto-approve.yml @@ -14,7 +14,7 @@ jobs: if: ${{ github.actor == 'dependabot[bot]' }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml index 0bcac091e..2717d3ea3 100644 --- a/.github/workflows/deploy-production.yml +++ b/.github/workflows/deploy-production.yml @@ -162,7 +162,7 @@ jobs: RELEASE_TAG: ${{ github.ref_name }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/pr-tidying.yml b/.github/workflows/pr-tidying.yml index b370d6d0e..cb1668932 100644 --- a/.github/workflows/pr-tidying.yml +++ b/.github/workflows/pr-tidying.yml @@ -29,7 +29,7 @@ jobs: env: DEFAULT_ASSIGNEE: ${{ github.actor }} steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -76,7 +76,7 @@ jobs: check-passed: ${{ steps.check.outputs.result == 'passed' }} fixed: ${{ steps.fix.outputs.result == 'fixed' }} steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -148,7 +148,7 @@ jobs: - issue-in-title runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/publish-qa-results.yml b/.github/workflows/publish-qa-results.yml index 962fc468f..6b9735f17 100644 --- a/.github/workflows/publish-qa-results.yml +++ b/.github/workflows/publish-qa-results.yml @@ -46,7 +46,7 @@ jobs: contents: read pull-requests: write steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/publish-terraform-plan.yml b/.github/workflows/publish-terraform-plan.yml index 519f830a0..a3bab9479 100644 --- a/.github/workflows/publish-terraform-plan.yml +++ b/.github/workflows/publish-terraform-plan.yml @@ -43,7 +43,7 @@ jobs: contents: read pull-requests: write steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index aa5a08449..e1cf6352a 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -30,7 +30,7 @@ jobs: name: Prepare for QA runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -72,7 +72,7 @@ jobs: --health-timeout 5s --health-retries 5 steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -119,7 +119,7 @@ jobs: outputs: coverage-markdown-report: ${{ steps.coverage-markdown.outputs.markdownReport }} steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -172,7 +172,7 @@ jobs: --health-timeout 5s --health-retries 5 steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -224,7 +224,7 @@ jobs: needs: - prepare-qa steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit @@ -250,7 +250,7 @@ jobs: name: Lint terraform runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index a8c886920..908c2f920 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -48,7 +48,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index d917b2c06..58b600f8f 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -67,7 +67,7 @@ jobs: group: ${{ inputs.concurrency-group }} cancel-in-progress: false steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index dcb789919..0f5822f62 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -117,7 +117,7 @@ jobs: group: ${{ inputs.concurrency-group }} cancel-in-progress: false steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/validate-deployment.yml b/.github/workflows/validate-deployment.yml index ea76a85f9..6048eddb6 100644 --- a/.github/workflows/validate-deployment.yml +++ b/.github/workflows/validate-deployment.yml @@ -33,7 +33,7 @@ jobs: PROTECTED_REF: ${{ inputs.protected-ref }} DEPLOYMENT_REF: ${{ inputs.deployment-ref }} steps: - - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: audit