From 5ac2f2cbbd2375464d2d87bda266bcb5e112b393 Mon Sep 17 00:00:00 2001 From: Ryan Parman Date: Tue, 26 Mar 2024 16:00:03 -0600 Subject: [PATCH] test: Update hardening for Markdownlint and Terraform-Docs. --- .github/workflows/documentation.yml | 9 ++++++--- .github/workflows/markdownlint.yml | 6 +++++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 7e56a99..56e2915 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -3,7 +3,7 @@ # by a third-party and are governed by separate terms of service, privacy # policy, and support documentation. -name: Generate Terraform Docs +name: Documentation on: workflow_dispatch: push: @@ -23,14 +23,17 @@ permissions: jobs: docs: runs-on: ubuntu-latest - name: Generate README documentation + name: Generate documentation permissions: contents: write steps: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 - name: Checkout Source uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml index e808475..abfebb6 100644 --- a/.github/workflows/markdownlint.yml +++ b/.github/workflows/markdownlint.yml @@ -30,7 +30,11 @@ jobs: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + registry.npmjs.org:443 - name: Checkout Source uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2