From cc0b02c418396f25cb904058eb5d2e287e8a63d3 Mon Sep 17 00:00:00 2001
From: Eric Cornelissen <ericornelissen@gmail.com>
Date: Wed, 13 Nov 2024 20:55:55 +0100
Subject: [PATCH] Configure harden-runner for ODGen job

---
 .github/workflows/checks.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 12d18191..30c84563 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -268,7 +268,10 @@ jobs:
       - name: Harden runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
       - name: Checkout repository
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with: