From c3c5716c265603527cab3dc6ef8631e630156567 Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov <alexey.pustovalov@zabbix.com>
Date: Wed, 7 Feb 2024 23:45:06 +0900
Subject: [PATCH] Prepare egress policy

---
 .github/workflows/images_build.yml         | 16 ++++++++++++++++
 .github/workflows/images_build_windows.yml | 16 ++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml
index 4fc942d28..0d74fe044 100644
--- a/.github/workflows/images_build.yml
+++ b/.github/workflows/images_build.yml
@@ -37,6 +37,10 @@ jobs:
       components: ${{ steps.components.outputs.list }}
       is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
     steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
@@ -106,6 +110,10 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
@@ -184,6 +192,10 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
         uses: actions/checkout@v4
 
@@ -275,6 +287,10 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v4
 
       - name: Set up QEMU
diff --git a/.github/workflows/images_build_windows.yml b/.github/workflows/images_build_windows.yml
index b6f837ad4..322f93d3d 100644
--- a/.github/workflows/images_build_windows.yml
+++ b/.github/workflows/images_build_windows.yml
@@ -36,6 +36,10 @@ jobs:
       components: ${{ steps.components.outputs.list }}
       is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
     steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
@@ -98,6 +102,10 @@ jobs:
 
     runs-on: ${{ matrix.os }}
     steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
@@ -195,6 +203,10 @@ jobs:
 
     runs-on: ${{ matrix.os }}
     steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
         uses: actions/checkout@v4
 
@@ -303,6 +315,10 @@ jobs:
 
     runs-on: ${{ matrix.os }}
     steps:
+      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v4
 
       - name: Login to DockerHub