chore: add more harder-runner

rjaegers · rjaegers · commit 6586c43ad370 · 2025-06-16T07:52:55.000Z
diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
@@ -49,6 +49,9 @@ jobs:
     env:
       REGISTRY: ghcr.io
     steps:
+      - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
       - name: Inspect manifest and extract digest
         id: inspect-manifest
         run: |
diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
@@ -21,6 +21,9 @@ jobs:
       contents: write
       pull-requests: write
     steps:
+      - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
