Skip to content

Block outbound calls from ci runners to unallowed endpoints #1175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
spoorcc merged 1 commit into from
Apr 30, 2026
Merged

Block outbound calls from ci runners to unallowed endpoints #1175

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 27 additions & 4 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,26 @@ jobs:
security-events: write

steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
github.com:443
api.github.com:443
release-assets.githubusercontent.com:443
uploads.github.com:443
pypi.org:443
files.pythonhosted.org:443
packages.microsoft.com:443
azure.archive.ubuntu.com:80
esm.ubuntu.com:443
index.rubygems.org:443
rubygems.org:443
Comment thread
coderabbitai[bot] marked this conversation as resolved.
community.chocolatey.org:443
community.chocolatey.org:80
packages.chocolatey.org:443
api.nuget.org:443

Comment thread
coderabbitai[bot] marked this conversation as resolved.
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
Expand Down Expand Up @@ -207,10 +223,17 @@ jobs:
runs-on: ubuntu-latest

steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
github.com:443
api.github.com:443
release-assets.githubusercontent.com:443
pypi.org:443
files.pythonhosted.org:443


- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
Expand Down
8 changes: 6 additions & 2 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,14 @@ jobs:
runs-on: ubuntu-latest

steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
github.com:443
api.github.com:443
release-assets.githubusercontent.com:443

Comment thread
coderabbitai[bot] marked this conversation as resolved.
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/dependency-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,13 @@ jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
Comment thread
coderabbitai[bot] marked this conversation as resolved.
api.github.com:443
github.com:443

- name: 'Checkout Repository'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
Expand Down
31 changes: 29 additions & 2 deletions .github/workflows/devcontainer.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,37 @@ jobs:
runs-on: ubuntu-latest

steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
Comment thread
coderabbitai[bot] marked this conversation as resolved.
_http._tcp.deb.debian.org:443
*.data.mcr.microsoft.com:443
api.github.com:443
auth.docker.io:443
containers.dev:443
deb.debian.org:443
deb.debian.org:80
debian.map.fastlydns.net:443
debian.map.fastlydns.net:80
dl.google.com:443
files.pythonhosted.org:443
github.com:443
go.dev:443
index.rubygems.org:443
mcr.microsoft.com:443
nodejs.org:443
www.plantuml.com:443
plantuml.com:443
plantuml.com:80
production.cloudflare.docker.com:443
proxy.golang.org:443
pypi.org:443
registry-1.docker.io:443
registry.npmjs.org:443
rubygems.org:443
storage.googleapis.com:443

- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
Expand Down
43 changes: 37 additions & 6 deletions .github/workflows/docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,17 @@ jobs:
name: Documentation
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
Comment thread
coderabbitai[bot] marked this conversation as resolved.
github.com:443
pypi.org:443
files.pythonhosted.org:443
plantuml.com:80
plantuml.com:443
www.plantuml.com:80

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
Expand All @@ -41,10 +48,18 @@ jobs:
name: Landing page
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
github.com:443
github.com:22
pypi.org:443
files.pythonhosted.org:443
plantuml.com:80
plantuml.com:443
www.plantuml.com:80
Comment thread
coderabbitai[bot] marked this conversation as resolved.

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

Expand Down Expand Up @@ -75,10 +90,26 @@ jobs:
permissions:
contents: write
steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
_http._tcp.azure.archive.ubuntu.com:443
_https._tcp.archive.ubuntu.com:443
_https._tcp.security.ubuntu.com:443
archive.ubuntu.com:443
azure.archive.ubuntu.com:443
azure.archive.ubuntu.com:80
files.pythonhosted.org:443
github.com:443
api.github.com:443
uploads.github.com:443
plantuml.com:443
plantuml.com:80
pypi.org:443
security.ubuntu.com:443
www.plantuml.com:80
Comment thread
coderabbitai[bot] marked this conversation as resolved.

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/python-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,16 @@ jobs:
runs-on: ubuntu-latest

steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
Comment thread
coderabbitai[bot] marked this conversation as resolved.
github.com:443
api.github.com:443
release-assets.githubusercontent.com:443
pypi.org:443
files.pythonhosted.org:443
Comment on lines +23 to +32
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/python-publish.yml

Repository: dfetch-org/dfetch

Length of output: 4899

🏁 Script executed:

web_search
actions/upload-artifact endpoint requirements v7 what endpoints needed

Repository: dfetch-org/dfetch

Length of output: 182

🌐 Web query:

actions/upload-artifact v7 GitHub Actions endpoints required storage backend

💡 Result:

The actions/upload-artifact@v7 action, powered by the @actions/artifact package (v5+), does not directly use the standard public REST API endpoints listed in GitHub Docs (e.g., POST /repos/{owner}/{repo}/actions/artifacts). Instead, it interacts with GitHub's internal ArtifactService via gRPC/Twirp protocols, specifically methods like CreateArtifact, FinalizeArtifact, ListArtifacts, and GetSignedArtifactURL. These generate signed URLs for uploading/downloading artifact data to Azure Blob Storage, GitHub's required storage backend for artifacts. Key evidence: - upload-artifact source code imports and calls @actions/artifact's uploadArtifact function. - @actions/artifact v4+ (used by v7) uses protobuf-defined ArtifactService with internal endpoints (e.g., "github.actions.results.api.v1.ArtifactService/CreateArtifact"), not public REST. - Dependencies include @azure/storage-blob (^12+), confirming Azure Blob as the backend; recent updates fixed Node.js 24 compatibility in storage-blob. - Public REST endpoints (e.g., GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}) are for metadata management, not core upload/download. - Artifacts are stored with configurable retention (default repo/org settings, max 90 days), counted against GitHub's storage quota (calculated every 6-12 hours). For self-hosting or custom backends, v7 is not supported on GHES (use v3); no official support for alternative storage.

Citations:

🌐 Web query:

harden-runner step-security wildcard domain pattern support allowed-endpoints

💡 Result:

Yes, StepSecurity's Harden-Runner supports wildcard domain patterns in the allowed-endpoints configuration for egress policy blocking. This feature allows allowing egress traffic to all subdomains of a domain with a single rule using the * prefix, such as *.data.mcr.microsoft.com:443. This support was added in response to user feedback for handling dynamic endpoints like container registries (e.g., region-specific mcr.microsoft.com subdomains). It works in block mode (egress-policy: block). Example from official StepSecurity blog: steps: - name: Harden Runner uses: step-security/harden-runner@v2 with: egress-policy: block allowed-endpoints: > mcr.microsoft.com:443 *.data.mcr.microsoft.com:443 - run: docker pull mcr.microsoft.com/azure-cli Wildcard patterns can also be used in suppression rules for anomalous endpoint alerts and likely in Policy Store allowed endpoints. The format is domain:port with * for subdomains (e.g., *.example.com:443). It matches subdomains but not the root domain unless explicitly allowed.

Citations:

🌐 Web query:

results-receiver.actions.githubusercontent.com GitHub Actions artifacts endpoint

💡 Result:

results-receiver.actions.githubusercontent.com is an internal GitHub Actions endpoint used by self-hosted runners to report progress, upload logs, step summaries, and job results during workflow execution. It is part of the "Results" service in the GitHub Actions runner infrastructure. It is not the public endpoint for workflow artifacts (which are managed via REST API at api.github.com/repos/{owner}/{repo}/actions/artifacts). Instead, it handles real-time runner-to-GitHub communication for job execution data, including step updates, logs, and summaries. Key usage from official sources: - Required network access for self-hosted runners: https://results-receiver.actions.githubusercontent.com/.../ for reporting progress and uploading logs (actions/runner docs). - Listed in GitHub Docs for GitHub-hosted runners firewall rules, alongside *.blob.core.windows.net for artifacts, logs, etc. - GitHub Changelog (2023): Required for job summaries and logs; self-hosted runners must allow access to this host. - Runner PRs confirm it receives step updates, powers logs, uploads step summaries. Health check: curl https://results-receiver.actions.githubusercontent.com/health For public artifact management, use the documented REST API endpoints, not this runner-specific service.

Citations:

🌐 Web query:

blob.core.windows.net GitHub Actions artifacts upload endpoint Azure storage

💡 Result:

The standard GitHub Actions upload-artifact action does not directly upload to Azure Blob Storage endpoints like *.blob.core.windows.net. Instead, it uploads files to GitHub's internal artifact service via the runner's connection to the GitHub server (using classes like FileContainerServer in the open-source runner code), which stores artifacts in GitHub's cloud storage (likely S3 or similar). Artifacts are accessible via GitHub REST API endpoints like /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/zip, not direct blob URLs. However, blob.core.windows.net appears in two main contexts related to GitHub Actions and Azure: 1. GitHub Enterprise Server (GHES) configuration: For self-hosted GHES instances, admins can configure Azure Blob Storage as the backend for storing Actions artifacts, logs, and caches. The blob endpoint is https://{storage-account}.blob.core.windows.net, where {storage-account} is your Azure storage account name. Runners upload to this storage via GHES configuration (using OIDC or connection string). See official GHES docs for setup (e.g., provide storage account name and core.windows.net suffix). 2. Custom uploads from workflows: To upload build files/artifacts directly to your own Azure Blob Storage from GitHub Actions workflows (hosted or self-hosted runners), use Azure CLI or third-party actions. The endpoint is https://{storage-account}.blob.core.windows.net/{container}/{blob-path}. Official Microsoft-recommended example using Azure CLI (from learn.microsoft.com, updated 2025): - name: Upload to blob storage uses: azure/CLI@v1 with: inlineScript: | az storage blob upload-batch --account-name {STORAGE_ACCOUNT_NAME} --auth-mode key -d '$web' -s . Replace {STORAGE_ACCOUNT_NAME} with your account (e.g., mystorage.blob.core.windows.net). Other popular actions: - bacongobbler/azure-blob-storage-upload: Uses az storage blob upload-batch. - LanceMcCarthy/Action-AzureBlobUpload: Supports connection string or service principal. - fixpoint/azblob-upload-artifact: Mimics actions/upload-artifact syntax for easy migration. No public "upload endpoint" exists for direct PUT to blobs from runners without authentication (SAS token, key, etc.). Always use authenticated methods. For GHES backend storage, it's internal to the GHES setup, not a user-facing endpoint.

Citations:

🌐 Web query:

upload-artifact GitHub hosted runners required endpoints firewall egress policy

💡 Result:

For GitHub-hosted runners, no special firewall egress configuration is required as they have full outbound internet access. The query likely refers to self-hosted runners, where firewall egress policies must allow specific GitHub endpoints over HTTPS (port 443) for the actions/upload-artifact to function. Required outbound HTTPS endpoints/domains for self-hosted runners on github.com (allow recursively for CNAMEs): Essential operations: - github.com - api.github.com - *.actions.githubusercontent.com Downloading actions: - codeload.github.com Uploading/downloading artifacts, logs, caches (critical for upload-artifact): - results-receiver.actions.githubusercontent.com - *.blob.core.windows.net (Azure Blob Storage used by upload-artifact) Runner updates: - objects.githubusercontent.com - objects-origin.githubusercontent.com - github-releases.githubusercontent.com OIDC tokens: - *.actions.githubusercontent.com (already covered) Packages (if used): - *.pkg.github.com - ghcr.io Additional for workflows (e.g., LFS): - github-cloud.githubusercontent.com To test connectivity from the runner machine: curl -v https://api.github.com/zen curl -v https://codeload.github.com/_ping curl -v https://vstoken.actions.githubusercontent.com/_apis/health curl -v https://pipelines.actions.githubusercontent.com/_apis/health curl -v https://results-receiver.actions.githubusercontent.com/health Use the runner config script: ./config.sh --check --url https://github.com/OWNER/REPO --pat ghp_XXX GitHub does not recommend IP allowlisting due to frequent changes; use domain allowlisting instead. Retrieve current IPs via https://api.github.com/meta but monitor regularly. upload-artifact failures (e.g., ETIMEDOUT) explicitly reference ensuring access to these endpoints.

Citations:

🌐 Web query:

GitHub Actions harden-runner artifact upload failure missing endpoints logs

💡 Result:

The artifact upload failure in GitHub Actions when using step-security/harden-runner is caused by the security agent's egress policy blocking outbound connections to GitHub's artifact storage endpoints. Harden-Runner restricts network traffic to only explicitly allowed endpoints when configured with egress-policy: block. Key points: - Harden-Runner monitors and can block outbound network calls to prevent data exfiltration. - Artifact uploads require access to specific GitHub/Azure endpoints like *.blob.core.windows.net (for blob storage), results-receiver.actions.githubusercontent.com, and pipelines.actions.githubusercontent.com. - If these are missing from the allowed-endpoints list in the Harden-Runner step, uploads fail with errors like "missing endpoints," timeouts, ETIMEDOUT, or "Unable to make request." - Common error patterns match upload-artifact issues on self-hosted runners, but here it's due to the agent's blocking. Solution: 1. Run Harden-Runner in egress-policy: audit mode first to log all outbound calls and generate insights/recommended policy. 2. Review the security insights (linked in job summary) for network events during artifact upload steps. 3. Add the required endpoints to allowed-endpoints in block mode, e.g.: - uses: step-security/harden-runner@v2 with: egress-policy: block allowed-endpoints: > github.com:443 api.github.com:443 *.actions.githubusercontent.com:443 *.blob.core.windows.net:443 results-receiver.actions.githubusercontent.com:443 4. Harden-Runner auto-detects some GitHub endpoints like cache blobs, but artifact endpoints must be explicitly allowed or baselined. 5. Use the Policy Store feature for dynamic management without workflow changes. 6. Verify runner connectivity to GitHub endpoints using the official docs checklist. For self-hosted runners, ensure base network access; for GitHub-hosted, the agent enforces the policy strictly.

Citations:

Add missing artifact storage endpoints to harden-runner allowlist.

The build job uploads artifacts twice (lines 49 and 54), but the current allowed-endpoints list omits the endpoints required by actions/upload-artifact@v7.0.1. Without access to these endpoints, artifact uploads will fail with connection timeouts or ETIMEDOUT errors in block mode.

Proposed fix 
         allowed-endpoints: >+
           github.com:443
           api.github.com:443
           release-assets.githubusercontent.com:443
+          results-receiver.actions.githubusercontent.com:443
+          *.blob.core.windows.net:443
           pypi.org:443
           files.pythonhosted.org:443
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/python-publish.yml around lines 23 - 32, The harden-runner
allowed-endpoints block is missing the artifact storage endpoints required by
actions/upload-artifact@v7.0.1, causing artifact uploads in the build job to
fail; update the allowed-endpoints for the harden-runner step (the block under
uses: step-security/harden-runner@...) to include the upload-artifact endpoints
such as uploads.github.com:443 and storage.googleapis.com:443 (and any other
provider endpoints your artifacts use), so both artifact upload steps in the
build job can reach their storage backends.


- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
Expand Down
7 changes: 6 additions & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,12 @@ jobs:
steps:
- uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
Comment thread
coderabbitai[bot] marked this conversation as resolved.
github.com:443
api.github.com:443
release-assets.githubusercontent.com:443
uploads.github.com:443
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
Expand Down
82 changes: 78 additions & 4 deletions .github/workflows/run.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,19 @@ jobs:
security-events: write

steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
github.com:443
api.github.com:443
release-assets.githubusercontent.com:443
pypi.org:443
files.pythonhosted.org:443
Comment thread
coderabbitai[bot] marked this conversation as resolved.
community.chocolatey.org:443
community.chocolatey.org:80
packages.chocolatey.org:443
Comment on lines +22 to +30
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

SHA="4ef15ca7fd18a18f1000989fcfd968e06d146ce8"

# Verify which domains/endpoints the pinned action expects for downloads/mirrors.
curl -fsSL "https://raw.githubusercontent.com/cygwin/cygwin-install-action/${SHA}/README.md" | rg -n "mirror|cygwin|setup|download|site" -C2
curl -fsSL "https://raw.githubusercontent.com/cygwin/cygwin-install-action/${SHA}/action.yml"

Repository: dfetch-org/dfetch

Length of output: 7316

🏁 Script executed:

cat -n .github/workflows/run.yml | sed -n '15,40p'

Repository: dfetch-org/dfetch

Length of output: 1266

🏁 Script executed:

# Check for any custom site configuration in the cygwin job
rg -A 20 "cygwin-install-action" .github/workflows/run.yml

Repository: dfetch-org/dfetch

Length of output: 801

🏁 Script executed:

# Check what the actual allowed-endpoints block contains in full context
rg -B 5 -A 15 "allowed-endpoints" .github/workflows/run.yml | head -60

Repository: dfetch-org/dfetch

Length of output: 1785

Add mirrors.kernel.org:443 to the allowed-endpoints list for cygwin-install-action.

The cygwin-install-action at line 34 downloads Cygwin packages from https://mirrors.kernel.org/sourceware/cygwin/ by default (since no custom site is configured), but mirrors.kernel.org:443 is not in the allowed-endpoints block. With egress-policy: block, this causes the download phase to fail immediately.

Add to allowed-endpoints 
            mirrors.kernel.org:443
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/run.yml around lines 22 - 30, Add mirrors.kernel.org:443
to the allowed-endpoints list used by the workflow so the cygwin-install-action
can reach https://mirrors.kernel.org/sourceware/cygwin/ when egress-policy is
block; update the allowed-endpoints block (the multi-line value under the
allowed-endpoints key that lists github.com:443, api.github.com:443, etc.) to
include mirrors.kernel.org:443 alongside the existing entries so the
cygwin-install-action can download packages successfully.


Comment thread
coderabbitai[bot] marked this conversation as resolved.
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

Expand Down Expand Up @@ -67,16 +76,81 @@ jobs:
matrix:
platform: [ubuntu-latest, macos-latest, windows-latest]
python-version: ['3.10', '3.11', '3.12', '3.13', '3.14']
include:
- platform: ubuntu-latest
allowed-endpoints: >+
_http._tcp.azure.archive.ubuntu.com:443
_https._tcp.archive.ubuntu.com:443
_https._tcp.dl.google.com:443
_https._tcp.esm.ubuntu.com:443
_https._tcp.motd.ubuntu.com:443
_https._tcp.security.ubuntu.com:443
0.pool.ntp.org:443
api.github.com:443
archive.ubuntu.com:443
azure.archive.ubuntu.com:443
azure.archive.ubuntu.com:80
cfhcable.dl.sourceforge.net:443
cytranet-dal.dl.sourceforge.net:443
dl.google.com:443
downloads.sourceforge.net:443
esm.ubuntu.com:443
files.pythonhosted.org:443
gigenet.dl.sourceforge.net:443
github.com:443
motd.ubuntu.com:443
netactuate.dl.sourceforge.net:443
pilotfiber.dl.sourceforge.net:443
psychz.dl.sourceforge.net:443
pypi.org:443
release-assets.githubusercontent.com:443
security.ubuntu.com:443
sourceforge.net:443
- platform: macos-latest
allowed-endpoints: >+
api.apple-cloudkit.com:443
api.github.com:443
files.pythonhosted.org:443
formulae.brew.sh:443
gdmf.apple.com:443
ghcr.io:443
github.com:443
init.itunes.apple.com:443
mask.icloud.com:443
mesu.apple.com:443
mirrors.ctan.org:443
ocsp.sectigo.com:80
ocsp2.apple.com:443
pkg-containers.githubusercontent.com:443
pypi.org:443
release-assets.githubusercontent.com:443
- platform: windows-latest
allowed-endpoints: >+
_https._tcp.packages.microsoft.com:443
api.github.com:443
community.chocolatey.org:443
community.chocolatey.org:80
dc.services.visualstudio.com:443
fe2cr.update.microsoft.com:443
files.pythonhosted.org:443
github.com:443
mobile.events.data.microsoft.com:443
packages.chocolatey.org:443
packages.microsoft.com:443
pypi.org:443
release-assets.githubusercontent.com:443
ziglang.org:443
runs-on: ${{ matrix.platform }}
permissions:
contents: read
security-events: write

steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: ${{ matrix.allowed-endpoints }}

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

Expand Down
15 changes: 13 additions & 2 deletions .github/workflows/scorecard.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,21 @@ jobs:
id-token: write

steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >+
Comment thread
coderabbitai[bot] marked this conversation as resolved.
github.com:443
api.github.com:443
raw.githubusercontent.com:443
codeload.github.com:443
uploads.github.com:443
api.osv.dev:443
www.bestpractices.dev:443
api.securityscorecards.dev:443
rekor.sigstore.dev:443
fulcio.sigstore.dev:443
Comment on lines +29 to +43
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/scorecard.yml | head -80

Repository: dfetch-org/dfetch

Length of output: 2970

🏁 Script executed:

grep -A 10 "upload-artifact" .github/workflows/scorecard.yml

Repository: dfetch-org/dfetch

Length of output: 438

🌐 Web query:

actions/upload-artifact network endpoints requirements azure blob storage

💡 Result:

The query appears to seek information on using GitHub Actions' actions/upload-artifact with Azure Blob Storage, specifically network endpoints and requirements for uploads. However, actions/upload-artifact uploads to GitHub's artifact storage service, not directly to Azure Blob Storage (sources 9-12,28-30). For Azure Blob Storage uploads from GitHub Actions, use third-party actions like azure-blob-storage-upload or azblob-upload-artifact, or Azure CLI commands (sources 1-5). Azure Blob Storage upload uses REST API endpoints primarily via PUT requests: - Primary endpoint: https://{account}.blob.core.windows.net/{container}/{blob} (HTTPS recommended) (sources 19,20,24). - Key operations: - Put Blob: Creates/updates block, page, or append blobs. Requires x-ms-blob-type header (BlockBlob, PageBlob, AppendBlob), Content-Length, x-ms-version (e.g., 2023-08-04 or later). For block blobs up to ~5 GiB (preview expansion); larger use Put Block + Put Block List (sources 19,21,24,26). - Put Block: https://{account}.blob.core.windows.net/{container}/{blob}?comp=block&blockid={base64id}. Block size <=4 MiB (sources 26). - Put Block List: Commits blocks. Network requirements for Azure Blob Storage (from GitHub Actions runners): - Public access: Outbound HTTPS (port 443) to *.blob.core.windows.net. GitHub-hosted runners have internet access by default. - Private endpoints: Use privatelink.blob.core.windows.net. Requires VNet configuration, DNS resolution to private IP. GitHub runners cannot directly access private endpoints without public IP allowlisting or Azure service endpoints (sources 14,15,17). - Firewall rules: Allow GitHub runner IPs or disable public network access and use authorized networks. IP rules don't block same-region Azure traffic (source 15). - Scalability: Default 20,000 req/s, ingress/egress up to 25-50 Gbps per account (source 16). - Auth: Shared Key, SAS, Microsoft Entra ID (RBAC roles like Storage Blob Data Contributor), connection string in secrets (sources 1-5,19,27). For GitHub Actions artifacts (not Azure): Uses internal GitHub endpoints like /repos/{owner}/{repo}/actions/artifacts/{id}/zip (sources 9,29). Self-hosted runners may need firewall rules for uploads (source 11). Examples: - Third-party action: uses: bacongobbler/azure-blob-storage-upload@main with connection_string secret (source 1). - CLI: az storage blob upload-batch --account-name --auth-mode key -d $web -s . (source 5).

Citations:

🌐 Web query:

actions/upload-artifact v7 network endpoints requirements documentation

💡 Result:

actions/upload-artifact v7 uses the @actions/artifact library (ESM-updated in v7, corresponding to @actions/artifact v6+), which communicates with internal GitHub Actions backend services via Twirp RPC over HTTPS (e.g., /twirp/... endpoints) and uploads content to Azure Blob Storage (e.g., productionresultssa*.blob.core.windows.net). Key network endpoints: - results-receiver.actions.githubusercontent.com:443 (artifact API for create/finalize) - .blob.core.windows.net:443 (Azure Blob Storage for file uploads, e.g., productionresultssa15.blob.core.windows.net) Public REST API endpoints (for listing/downloading/deleting, not uploading): /repos/{owner}/{repo}/actions/artifacts Requirements: - Runs on Node.js 24, requires Actions Runner >=2.327.1 (self-hosted runners). - Supports http_proxy/https_proxy environment variables for proxy usage (added proxy integration tests in v7). - For self-hosted runners behind firewalls: Open outbound HTTPS (443) to actions.githubusercontent.com domains (check https://api.github.com/meta | jq .domains.actions for specifics) and *.blob.core.windows.net. - Not supported on GHES (use v3 for GHES). - New in v7: archive=false for direct single-file upload (no zip), compression-level 0-9. Upload flow: Create artifact container (POST), upload chunks (PUT to blob), finalize (PATCH). Uses runner's special token, not public GITHUB_TOKEN/PAT.

Citations:

🌐 Web query:

results-receiver.actions.githubusercontent.com GitHub artifacts upload endpoint

💡 Result:

results-receiver.actions.githubusercontent.com is an internal GitHub endpoint used by GitHub Actions runners and the @actions/artifact library for communicating with the "Results Service". This service handles uploading step updates, step summaries, diagnostic logs, and likely artifacts during workflow execution. It is accessed via the ACTIONS_RESULTS_URL environment variable, which provides the base URL (e.g., https://results-receiver.actions.githubusercontent.com). The library constructs paths like /twirp/... for RPC calls using the runtime token (ACTIONS_RUNTIME_TOKEN) for authentication. It is not a public REST API for direct artifact uploads; public artifact management uses documented endpoints under /repos/{owner}/{repo}/actions/artifacts. These internal endpoints are undocumented, not intended for external use, and restricted to the workflow run context with special runner tokens.

Citations:

🌐 Web query:

step-security harden-runner wildcard endpoints blob.core.windows.net support

💡 Result:

Yes, StepSecurity's Harden-Runner supports wildcard endpoints, including for blob.core.windows.net, since version 2.4.0. This feature allows using patterns like ".data.mcr.microsoft.com:443" or ".blob.core.windows.net:443" in the allowed-endpoints list when egress-policy is set to 'block'. For GitHub Actions cache/artifacts specifically, which use varying *.blob.core.windows.net subdomains, Harden-Runner auto-detects and allows the specific cache endpoint (since v1.5.0), eliminating the need for manual whitelisting or wildcards in most cases. However, wildcards can still be used explicitly if preferred, as users have requested and implemented in some workflows (e.g., Azure/karpenter-provider-azure PR). No security concerns are raised against using the wildcard for GitHub cache endpoints, though broad whitelisting is generally discouraged for non-essential traffic.

Citations:

Missing artifact upload endpoints in harden-runner allowlist will block artifact uploads.

This job uses actions/upload-artifact@v7.0.1 to upload results.sarif, but the harden-runner block mode allowlist is missing the required endpoints. Version 7 of upload-artifact communicates with GitHub's artifact service via results-receiver.actions.githubusercontent.com and uploads files to Azure Blob Storage at *.blob.core.windows.net domains. Without these endpoints, artifact uploads will be blocked.

🐛 Proposed fix 
           allowed-endpoints: >+
             github.com:443
             api.github.com:443
             raw.githubusercontent.com:443
             codeload.github.com:443
             uploads.github.com:443
+            results-receiver.actions.githubusercontent.com:443
+            *.blob.core.windows.net:443
             api.osv.dev:443
             www.bestpractices.dev:443
             api.securityscorecards.dev:443
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/scorecard.yml around lines 29 - 43, The harden-runner
egress allowlist (the step using step-security/harden-runner with egress-policy:
block and allowed-endpoints) is missing endpoints needed by
actions/upload-artifact v7; add
results-receiver.actions.githubusercontent.com:443 and the Azure storage pattern
*.blob.core.windows.net:443 to the allowed-endpoints list so artifact uploads
from upload-artifact@v7.0.1 can reach the results receiver and blob storage.


- name: "Checkout code"
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
Expand Down
35 changes: 33 additions & 2 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,41 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Harden the runner (Audit all outbound calls)
- name: "Harden the runner (Block egress traffic: Only allow calls to allowed endpoints)"
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
egress-policy: block
# dfetch.invalid and giiiiiidhub.com are intentionally invalid test
# domains used to verify network blocking/allowlist behaviour in the
# feature tests; they are never reachable from the runner.
allowed-endpoints: >+
Comment thread
coderabbitai[bot] marked this conversation as resolved.
_http._tcp.azure.archive.ubuntu.com:443
_https._tcp.archive.ubuntu.com:443
_https._tcp.dl.google.com:443
_https._tcp.esm.ubuntu.com:443
_https._tcp.motd.ubuntu.com:443
_https._tcp.packages.microsoft.com:443
_https._tcp.security.ubuntu.com:443
api.codacy.com:443
archive.ubuntu.com:443
artifacts.codacy.com:443
azure.archive.ubuntu.com:443
azure.archive.ubuntu.com:80
coverage.codacy.com:443
dfetch.invalid:443
dl.google.com:443
esm.ubuntu.com:443
files.pythonhosted.org:443
giiiiiidhub.com:443
github.com:22
Comment thread
coderabbitai[bot] marked this conversation as resolved.
github.com:443
motd.ubuntu.com:443
packages.microsoft.com:443
pypi.org:443
release-assets.githubusercontent.com:443
security.ubuntu.com:443
svn.code.sf.net:3690
svn.code.sf.net:443

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

Expand Down
Loading