Merge pull request #29 from step-security-bot/stepsecurity_remediation_1737992331

JPLachance · web-flow · commit 8d6e2bc1128f · 2025-01-30T11:28:20.000-05:00
[StepSecurity] ci: Harden GitHub Actions
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,6 +20,11 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
       - name: Checkout
         uses: actions/checkout@v3
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -20,13 +20,21 @@ on:
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
+permissions:
+  contents: read
+
 jobs:
   # ensure the code builds...
   build:
     name: Build
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
@@ -42,6 +50,11 @@ jobs:
   generate:
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
@@ -71,6 +84,11 @@ jobs:
           - "1.1.*"
           - "1.2.*"
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
