fix: set recommended policy for cd gh action

onebeyond · Jan 31, 2024 · 18565dd · 18565dd
1 parent 560772d
commit 18565dd
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -19,14 +19,12 @@ jobs:
  uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
  with:
  disable-sudo: true
- egress-policy: audit
- # egress-policy: block
- # allowed-endpoints: >
- # github.com:443
- # registry.npmjs.org:443
- # api.github.com:443
- # nodejs.org:443
- # fulcio.sigstore.dev:443
+ egress-policy: block
+ allowed-endpoints: >
+ fulcio.sigstore.dev:443
+ github.com:443
+ registry.npmjs.org:443
+ rekor.sigstore.dev:443
 
  - name: ⚙️ Git Checkout
  uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1