ci: remove dangerous registry wildcards to prevent data exfiltration via tenant subdomains

snowdream · snowdream · commit ace249d755c4 · 2026-06-15T12:15:41.000+08:00
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -204,12 +204,7 @@ jobs:
             registry-1.docker.io:443
             auth.docker.io:443
             docker.io:443
-            *.gcr.io:443
-            *.pkg.dev:443
-            *.quay.io:443
             quay.io:443
-            *.dkr.ecr.*.amazonaws.com:443
-            *.azurecr.io:443
             docker-images-prod.s3.us-west-2.amazonaws.com:443
             docker-images-prod.s3.us-east-1.amazonaws.com:443
             osv-vulnerabilities.storage.googleapis.com:443
