Add step security tool.

raphw · Aug 22, 2022 · 2ffce72 · 2ffce72
1 parent 7a79bf3
commit 2ffce72
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -15,6 +15,9 @@ jobs:
     runs-on: ubuntu-20.04
     continue-on-error: true
     steps:
+      - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
+        with:
+          egress-policy: audit
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3 # v3.4.1
         with:
@@ -33,6 +36,9 @@ jobs:
         java: [ 8, 11, 17, 18 ]
     runs-on: ${{ matrix.os }}
     steps:
+      - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
+        with:
+          egress-policy: audit
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3 # v3.4.1
         with:
@@ -51,6 +57,9 @@ jobs:
         java: [ 8, 11 ]
     runs-on: ${{ matrix.os }}
     steps:
+      - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
+        with:
+          egress-policy: audit
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3 # v3.4.1
         with:
@@ -68,6 +77,9 @@ jobs:
         java: [ 9, 10, 12, 13, 14, 15, 16 ]
     runs-on: ubuntu-20.04
     steps:
+      - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
+        with:
+          egress-policy: audit
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3 # v3.4.1
         with:
@@ -86,6 +98,9 @@ jobs:
         java: [ 8 ]
     runs-on: ${{ matrix.os }}
     steps:
+      - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
+        with:
+          egress-policy: audit
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3 # v3.4.1
         with:
@@ -103,6 +118,9 @@ jobs:
         java: [ 6, 7 ]
     runs-on: ubuntu-20.04
     steps:
+      - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
+        with:
+          egress-policy: audit
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/cache@0865c47f36e68161719c5b124609996bb5c40129 # v3.0.5
         with:
@@ -122,6 +140,9 @@ jobs:
     needs: [ hotspot-ea, hotspot-supported, j9-supported, hotspot-unsupported, hotspot-32, hotspot-legacy ]
     if: github.event_name == 'push'
     steps:
+      - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
+        with:
+          egress-policy: audit
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3 # v3.4.1
         with:
@@ -139,6 +160,9 @@ jobs:
     permissions:
       contents: write
     steps:
+      - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
+        with:
+          egress-policy: audit
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3 # v3.4.1
         with: