From c826e6ae0b0bcbe8aa7acbd88de2d03f50832a4f Mon Sep 17 00:00:00 2001 From: Volodymyr Kolesnykov Date: Sat, 2 Aug 2025 23:48:24 +0300 Subject: [PATCH] ci: remove Harden Runner step --- .github/workflows/ci-vcpkg.yml | 5 ---- .github/workflows/ci.yml | 28 --------------------- .github/workflows/codeql.yml | 13 ---------- .github/workflows/ctest.yml | 21 ---------------- .github/workflows/lint.yml | 10 -------- .github/workflows/update-vcpkg-baseline.yml | 5 ---- 6 files changed, 82 deletions(-) diff --git a/.github/workflows/ci-vcpkg.yml b/.github/workflows/ci-vcpkg.yml index 16e9cdb..1203552 100644 --- a/.github/workflows/ci-vcpkg.yml +++ b/.github/workflows/ci-vcpkg.yml @@ -30,11 +30,6 @@ jobs: VCPKG_DEFAULT_TRIPLET: ${{ matrix.triplet }} VCPKG_DEFAULT_HOST_TRIPLET: ${{ matrix.triplet }} steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 20f72db..3af9edf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,14 +19,6 @@ jobs: outputs: presets: ${{ steps.set-matrix.outputs.presets }} steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - github.com:443 - - name: Check out the source code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -45,19 +37,6 @@ jobs: permissions: contents: read steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - allowed-endpoints: > - api.github.com:443 - azure.archive.ubuntu.com:80 - esm.ubuntu.com:443 - github.com:443 - motd.ubuntu.com:443 - objects.githubusercontent.com:443 - packages.microsoft.com:443 - - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: @@ -79,13 +58,6 @@ jobs: permissions: contents: read steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: block - allowed-endpoints: > - github.com:443 - - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 13e1326..fc2459a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,19 +25,6 @@ jobs: language: - c-cpp steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: block - allowed-endpoints: > - api.github.com:443 - azure.archive.ubuntu.com:80 - esm.ubuntu.com:443 - github.com:443 - motd.ubuntu.com:443 - objects.githubusercontent.com:443 - packages.microsoft.com:443 - - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/ctest.yml b/.github/workflows/ctest.yml index 34d5257..8fad403 100644 --- a/.github/workflows/ctest.yml +++ b/.github/workflows/ctest.yml @@ -19,14 +19,6 @@ jobs: outputs: scripts: ${{ steps.set-matrix.outputs.scripts }} steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - github.com:443 - - name: Check out the source code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -45,19 +37,6 @@ jobs: permissions: contents: read steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: block - allowed-endpoints: > - api.github.com:443 - azure.archive.ubuntu.com:80 - esm.ubuntu.com:443 - github.com:443 - motd.ubuntu.com:443 - objects.githubusercontent.com:443 - packages.microsoft.com:443 - - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9c04a1d..edf3961 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,16 +23,6 @@ jobs: permissions: contents: read steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - disable-sudo: true - egress-policy: block - allowed-endpoints: > - ghcr.io:443 - github.com:443 - pkg-containers.githubusercontent.com:443 - - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/update-vcpkg-baseline.yml b/.github/workflows/update-vcpkg-baseline.yml index 6966855..78a5610 100644 --- a/.github/workflows/update-vcpkg-baseline.yml +++ b/.github/workflows/update-vcpkg-baseline.yml @@ -16,11 +16,6 @@ jobs: contents: write pull-requests: write steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: