ci: add harden-runner to all GitHub Actions workflows (#755) #123

	name: Install Script Tests

	on:
	push:
	paths:
	- 'install-cli.sh'
	- '.github/workflows/install-script-tests.yml'
	- 'bin/test_install_script.sh'
	- 'bin/test_install_script_over_homebrew.sh'
	pull_request:
	paths:
	- 'install-cli.sh'
	- '.github/workflows/install-script-tests.yml'
	- 'bin/test_install_script.sh'
	- 'bin/test_install_script_over_homebrew.sh'
	workflow_dispatch:

	jobs:
	test-script:
	name: Test Bash Script on ${{ matrix.os }}
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest, windows-latest]

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
	with:
	egress-policy: audit

	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Run install script test
	shell: bash
	run: \|
	chmod +x install-cli.sh
	bash bin/test_install_script.sh --token ${{ secrets.GITHUB_TOKEN }}

	mac-homebrew:
	name: Test Homebrew Installation on macOS
	runs-on: macos-latest

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
	with:
	egress-policy: audit

	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Run Homebrew install
	shell: bash
	run: brew install kosli-cli

	- name: Verify Homebrew installation
	shell: bash
	run: command -v kosli

	- name: Run install script test
	shell: bash
	run: \|
	chmod +x install-cli.sh
	bash bin/test_install_script_over_homebrew.sh --token ${{ secrets.GITHUB_TOKEN }}

Provide feedback