diff --git a/.github/workflows/recibo_python_test.yaml b/.github/workflows/recibo_python_test.yaml index d1b52dc..9b2b596 100644 --- a/.github/workflows/recibo_python_test.yaml +++ b/.github/workflows/recibo_python_test.yaml @@ -32,15 +32,20 @@ jobs: runs-on: ubuntu-latest steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + egress-policy: audit + - name: Check out repository code - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Update submodules run: git submodule update --init --recursive shell: bash - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1 + uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e # v1.5.0 with: version: nightly diff --git a/.github/workflows/recibo_test.yaml b/.github/workflows/recibo_test.yaml index d36f647..0efe8d9 100644 --- a/.github/workflows/recibo_test.yaml +++ b/.github/workflows/recibo_test.yaml @@ -31,15 +31,20 @@ jobs: run_recibo_tests: runs-on: ubuntu-latest steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + egress-policy: audit + - name: Check out repository code - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Update submodules run: git submodule update --init --recursive shell: bash - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1 + uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e # v1.5.0 with: version: nightly