chore: improve workflows security (#5856)

UlisesGascon · web-flow · commit 236be5c6df48 · 2025-09-04T13:20:51.000-07:00
diff --git a/.github/workflows/npm_release_cli.yml b/.github/workflows/npm_release_cli.yml
@@ -10,11 +10,20 @@ on:
 env:
   NPM_TAG: 'next'
 
+permissions:
+  contents: read
+
 jobs:
   release:
     runs-on: macos-latest
 
     steps:
+
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v2
       
       - uses: actions/setup-node@v3
diff --git a/.github/workflows/npm_release_doctor.yml b/.github/workflows/npm_release_doctor.yml
@@ -14,11 +14,20 @@ defaults:
 env:
   NPM_TAG: 'next'
 
+permissions:
+  contents: read
+
 jobs:
   release:
     runs-on: ubuntu-latest
 
     steps:
+
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v2
 
       - name: Setup
