[actions] add step security runner

2025-09-08 12:07:47 +00:00 · 2021-11-22 07:20:50 -08:00
parent 81fc05684d
commit 6cc90a4b8d
7 changed files with 78 additions and 0 deletions
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -26,9 +26,18 @@ jobs:
            file: nvm-exec # only runs in bash

    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v1
+        with:
+          allowed-endpoints:
+            ghcr.io:443
+            github.com:443
+            pkg-containers.githubusercontent.com:443
      - uses: actions/checkout@v2
      - name: Install shellcheck
        run: brew install shellcheck
+        env:
+          HOMEBREW_NO_ANALYTICS: 1
      - run: "shellcheck --version"
      - name: Run shellcheck on ${{ matrix.file }}
        run: shellcheck -s ${{ matrix.shell }} ${{ matrix.file }}
@@ -39,4 +48,8 @@ jobs:
      needs: [shellcheck_matrix]
      runs-on: ubuntu-latest
      steps:
+        - name: Harden Runner
+          uses: step-security/harden-runner@v1
+          with:
+            egress-policy: block
        - run: 'echo tests completed'