Skip to content

Commit

Permalink
ci: Update per Q3 audit findings (#776)
Browse files Browse the repository at this point in the history 
Signed-off-by: Mihail Mihov <mihail.mihov@limechain.tech>
  • Loading branch information
@mishomihov00
mishomihov00 authored Nov 6, 2024
1 parent d213ea6 commit 488644f
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
# NOTE: Must be placed last to ensure enforcement over all other rules

# Protection Rules for Github Configuration Files and Actions Workflows
/.github/ @hashgraph/release-engineering-managers @hashgraph/hedera-smart-contracts-managers
/.github/ @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/release-engineering-managers @hashgraph/hedera-smart-contracts-managers

# Top level NPM configuration files
/package.json @hashgraph/release-engineering-managers @hashgraph/hedera-smart-contracts-managers
Expand Down
15 changes: 15 additions & 0 deletions .github/workflows/flow-publish-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@ jobs:
version: ${{ steps.tag.outputs.version }}
prerelease: ${{ steps.tag.outputs.prerelease }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit

- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
Expand Down Expand Up @@ -100,6 +105,11 @@ jobs:
run:
working-directory: "./packages/${{ github.event.inputs.snap-package-dir }}/packages/snap"
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit

- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
Expand Down Expand Up @@ -130,6 +140,11 @@ jobs:
- run-safety-checks
if: ${{ github.actor == 'NanaEC' || github.actor == 'nathanklick' || github.actor == 'kpachhai' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit

- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
Expand Down

0 comments on commit 488644f

Please sign in to comment.