GHA: Use step-security/harden-runner

dalcinl · dalcinl · commit b002d92527ea · 2025-04-15T15:14:02.000+03:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -159,6 +159,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
+    - uses: step-security/harden-runner@v2
+      with:
+        egress-policy: audit
+
     - name: Checkout
       uses: actions/checkout@v4
 
@@ -197,6 +201,10 @@ jobs:
     container: ${{ matrix.image }}
     steps:
 
+    - uses: step-security/harden-runner@v2
+      with:
+        egress-policy: audit
+
     - name: Checkout
       uses: actions/checkout@v4
 
@@ -228,6 +236,10 @@ jobs:
     runs-on: macos-latest
     steps:
 
+    - uses: step-security/harden-runner@v2
+      with:
+        egress-policy: audit
+
     - name: Checkout
       uses: actions/checkout@v4
 
@@ -270,6 +282,10 @@ jobs:
     runs-on: windows-latest
     steps:
 
+    - uses: step-security/harden-runner@v2
+      with:
+        egress-policy: audit
+
     - name: Checkout
       uses: actions/checkout@v4
 
