From 2abf7ad4036550d418e8dd19f5b4d4f9424c3aaf Mon Sep 17 00:00:00 2001
From: egibs <20933572+egibs@users.noreply.github.com>
Date: Fri, 2 Aug 2024 10:16:37 -0500
Subject: [PATCH] Add harden runner Actions to remaining jobs

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
---
 .github/workflows/.build.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/.build.yaml b/.github/workflows/.build.yaml
index accb6098..008648f0 100644
--- a/.github/workflows/.build.yaml
+++ b/.github/workflows/.build.yaml
@@ -30,6 +30,11 @@ jobs:
             runner: "ubuntu-latest"
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       # TODO: Replace this with custom wolfi image
@@ -59,6 +64,11 @@ jobs:
     needs: build
     if: always() && (needs.build.result == 'success' || needs.build.result == 'skipped')
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       # TODO: Replace this with custom wolfi image