ci: update harden-runner configuration (#1671)

raphw · Jul 8, 2024 · 036b0bb · 036b0bb
1 parent 41ce148
commit 036b0bb
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -127,24  127,25 @@ jobs:
     runs-on: ubuntu-20.04
     if: github.event_name == 'push'
     steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # V2.7.0
       - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # V2.8.1
         with:
           egress-policy: block
           disable-telemetry: true
           allowed-endpoints: >
-            artifactcache.actions.githubusercontent.com:443
-            aw97acprodeus1file2.blob.core.windows.net:443
             coveralls.io:443
             dl.google.com:443
             docs.gradle.org:443
             docs.oracle.com:443
-            downloads.gradle-dn.com:443
             github.com:443
             javadoc.io:443
             jcenter.bintray.com:443
             objects.githubusercontent.com:443
             plugins-artifacts.gradle.org:443
             plugins.gradle.org:443
             raw.githubusercontent.com:443
             repo.gradle.org:443
             repo.maven.apache.org:443
             repository.sonatype.org:443
             services.gradle.org:443
       - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
       - uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
@@ -163,7  164,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # V2.7.0
       - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # V2.8.1
         with:
           egress-policy: audit # servers have changed, must be adjusted after next release
       - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3