diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 744436c4c..2fa0363cc 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -27,10 +27,10 @@ jobs: disable-file-monitoring: true egress-policy: block allowed-endpoints: > - api.github.com:443 + *.github.com:443 + *.githubusercontent.com:443 files.pythonhosted.org:443 github.com:443 - objects.githubusercontent.com:443 pypi.org:443 - name: Checkout source code @@ -74,10 +74,10 @@ jobs: disable-file-monitoring: true egress-policy: block allowed-endpoints: > - api.github.com:443 + *.github.com:443 + *.githubusercontent.com:443 files.pythonhosted.org:443 github.com:443 - objects.githubusercontent.com:443 pypi.org:443 - name: Checkout source code @@ -115,10 +115,10 @@ jobs: disable-file-monitoring: true egress-policy: block allowed-endpoints: > - api.github.com:443 + *.github.com:443 + *.githubusercontent.com:443 files.pythonhosted.org:443 github.com:443 - objects.githubusercontent.com:443 pypi.org:443 - name: Checkout source code @@ -189,11 +189,11 @@ jobs: egress-policy: block allowed-endpoints: > *.codecov.io:443 - api.github.com:443 + *.github.com:443 + *.githubusercontent.com:443 codecov.io:443 files.pythonhosted.org:443 github.com:443 - objects.githubusercontent.com:443 pypi.org:443 storage.googleapis.com:443 @@ -308,7 +308,7 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > - api.github.com:443 + *.github.com:443 auth.docker.io:443 dl-cdn.alpinelinux.org:443 files.pythonhosted.org:443 @@ -350,7 +350,7 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > - api.github.com:443 + *.github.com:443 auth.docker.io:443 github.com:443 production.cloudflare.docker.com:443 @@ -421,6 +421,8 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > + *.github.com:443 + *.githubusercontent.com:443 655216687927.dkr.ecr.us-west-2.amazonaws.com:443 api.ecr.us-west-2.amazonaws.com:443 ecs.us-west-2.amazonaws.com:443 @@ -428,9 +430,6 @@ jobs: files.pythonhosted.org:443 github.com:443 pypi.org:443 - raw.githubusercontent.com:443 - api.github.com:443 - objects.githubusercontent.com:443 - name: Checkout source code uses: actions/checkout@v4 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 89158c99a..d9db35426 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -20,14 +20,13 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > + *.github.com:443 + *.githubusercontent.com:443 ecs.us-west-2.amazonaws.com:443 files.pythonhosted.org:443 github.com:443 pypi.org:443 - raw.githubusercontent.com:443 sts.us-west-2.amazonaws.com:443 - api.github.com:443 - objects.githubusercontent.com:443 - name: Check user if: ${{ ! contains('["wsanchez", "mikeburg", "plapsley"]', github.actor) }} @@ -85,11 +84,12 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > + *.github.com:443 + *.githubusercontent.com:443 ecs.us-west-2.amazonaws.com:443 files.pythonhosted.org:443 github.com:443 pypi.org:443 - raw.githubusercontent.com:443 sts.us-west-2.amazonaws.com:443 - name: Check user