From b87cc288dc256a5d69d096289f509e96ef84f83c Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 14 Aug 2024 11:28:31 +0300 Subject: [PATCH] Merge pull request #1483 from zabbix/dependabot/github_actions/step-security/harden-runner-2.9.1 Bump step-security/harden-runner from 2.8.1 to 2.9.1 --- .github/workflows/dependency-review.yml | 2 +- .github/workflows/dockerhub_description.yml | 2 +- .github/workflows/images_build.yml | 8 ++++---- .github/workflows/images_build_rhel.yml | 2 +- .github/workflows/images_build_windows.yml | 2 +- .github/workflows/rhel_registry_description.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/sonarcloud.yml | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index c597c3d3a..b98c6d730 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/dockerhub_description.yml b/.github/workflows/dockerhub_description.yml index 0c71af2ba..b430cc79c 100644 --- a/.github/workflows/dockerhub_description.yml +++ b/.github/workflows/dockerhub_description.yml @@ -48,7 +48,7 @@ jobs: - web-service steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml index a67b0e9d2..2e5226997 100644 --- a/.github/workflows/images_build.yml +++ b/.github/workflows/images_build.yml @@ -64,7 +64,7 @@ jobs: sha_short: ${{ steps.branch_info.outputs.sha_short }} steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block @@ -175,7 +175,7 @@ jobs: attestations: write steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block @@ -588,7 +588,7 @@ jobs: attestations: write steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block @@ -851,7 +851,7 @@ jobs: attestations: write steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/images_build_rhel.yml b/.github/workflows/images_build_rhel.yml index 97f3ffb33..bb1b04001 100644 --- a/.github/workflows/images_build_rhel.yml +++ b/.github/workflows/images_build_rhel.yml @@ -72,7 +72,7 @@ jobs: secret_prefix: ${{ steps.branch_info.outputs.secret_prefix }} steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/images_build_windows.yml b/.github/workflows/images_build_windows.yml index 5a4b39a01..6476cd0e1 100644 --- a/.github/workflows/images_build_windows.yml +++ b/.github/workflows/images_build_windows.yml @@ -60,7 +60,7 @@ jobs: sha_short: ${{ steps.branch_info.outputs.sha_short }} steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 96b0a2341..e9bc9621d 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -34,7 +34,7 @@ jobs: zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }} steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block @@ -98,7 +98,7 @@ jobs: component: ${{ fromJson(needs.init.outputs.components) }} steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 584fa28da..39e486b87 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 53f4f63f2..781e31096 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -44,7 +44,7 @@ jobs: steps: - name: Block egress traffic - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 with: egress-policy: audit