File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -37,40 +37,18 @@ permissions:
3737 contents : read
3838
3939jobs :
40- get-matrix :
41- name : Get Node + OS matrix
42- runs-on : ubuntu-latest
40+ lint-and-types :
41+ name : Lint & types
42+ runs-on : ubuntu-slim
4343
4444 if : ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
4545
46- outputs :
47- latest : ${{ steps.set-matrix.outputs.requireds }}
4846 steps :
4947 - name : Harden the runner (Audit all outbound calls)
5048 uses : step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
5149 with :
5250 egress-policy : audit
5351
54- - uses : ljharb/actions/node/matrix@7f214d8efdbdcefc96ad9689663ef387a195deec # main
55- id : set-matrix
56- with :
57- versionsAsRoot : true
58- type : majors
59- preset : " >= 22" # glob is not backported below 22.x
60-
61- lint-and-types :
62- name : Lint & types
63- runs-on : ubuntu-slim
64-
65- if : ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
66-
67- steps :
68- # FIXME https://github.com/step-security/harden-runner/issues/627
69- # - name: Harden the runner (Audit all outbound calls)
70- # uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
71- # with:
72- # egress-policy: audit
73-
7452 - uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
7553 with :
7654 persist-credentials : false
9169 matrix :
9270 os :
9371 - macos-latest
94- - ubuntu-latest
72+ - ubuntu-slim
9573 - windows-latest
9674
9775 steps :
10684 persist-credentials : false
10785 show-progress : false
10886
87+ # ubuntu-slim already include lts node so we don't need to setup node on ubuntu-slim runner
10988 - name : Set up Node.js
89+ if : ${{ matrix.os != 'ubuntu-slim' }}
11090 uses : actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
11191 with :
11292 cache : " npm"
Original file line number Diff line number Diff line change 3232
3333 steps :
3434 - name : Harden Runner
35- uses : step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
35+ uses : step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
3636 with :
37- egress-policy : audit
37+ egress-policy : block
38+ allowed-endpoints : >
39+ api.github.com:443
40+ app.codemod.com:443
41+ github.com:443
42+ registry.npmjs.org:443
43+ release-assets.githubusercontent.com:443
44+ us.i.posthog.com:443
3845
3946 - name : Checkout repository
4047 uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
Original file line number Diff line number Diff line change @@ -27,11 +27,10 @@ jobs:
2727 if : ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
2828
2929 steps :
30- # FIXME https://github.com/step-security/harden-runner/issues/627
31- # - name: Harden the runner (Audit all outbound calls)
32- # uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
33- # with:
34- # egress-policy: audit
30+ - name : Harden the runner (Audit all outbound calls)
31+ uses : step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
32+ with :
33+ egress-policy : audit
3534
3635 - uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
3736 with :
Original file line number Diff line number Diff line change @@ -25,13 +25,12 @@ permissions:
2525 contents : read
2626
2727jobs :
28-
2928 validate-yaml :
3029 name : Validate YAML files
3130
3231 if : ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
3332
34- runs-on : ubuntu-latest
33+ runs-on : ubuntu-slim
3534
3635 steps :
3736 - name : Harden the runner (Audit all outbound calls)
Original file line number Diff line number Diff line change @@ -23,11 +23,10 @@ jobs:
2323 if : ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
2424
2525 steps :
26- # FIXME https://github.com/step-security/harden-runner/issues/627
27- # - name: Harden Runner
28- # uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
29- # with:
30- # egress-policy: audit
26+ - name : Harden Runner
27+ uses : step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
28+ with :
29+ egress-policy : audit
3130
3231 - name : Checkout
3332 uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
Original file line number Diff line number Diff line change @@ -25,19 +25,17 @@ permissions:
2525 contents : read
2626
2727jobs :
28-
2928 run-workflow-script-tests :
3029 name : Test scripts
3130 runs-on : ubuntu-slim
3231
3332 if : ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
3433
3534 steps :
36- # FIXME https://github.com/step-security/harden-runner/issues/627
37- # - name: Harden the runner (Audit all outbound calls)
38- # uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
39- # with:
40- # egress-policy: audit
35+ - name : Harden the runner (Audit all outbound calls)
36+ uses : step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
37+ with :
38+ egress-policy : audit
4139
4240 - uses : actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
4341 with :
Original file line number Diff line number Diff line change 1- 24
1+ lts/*
You can’t perform that action at this time.
0 commit comments