From b1e05584e4fc9acc29d2f13eac18eccbc310ae66 Mon Sep 17 00:00:00 2001
From: Sean Abraham <seanabraham@gmail.com>
Date: Thu, 14 Nov 2024 07:50:36 -0500
Subject: [PATCH] permit any calls to codecov.io

there are new calls in the codecov step to
ingest.codecov.io
https://app.stepsecurity.io/github/burningmantech/ranger-ims-server/actions/runs/11836661205?jobid=32982019292&tab=network-events

https://github.com/codecov/codecov-action/issues/1547#issuecomment-2476267485
---
 .github/workflows/cicd.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index b968c9acc..744436c4c 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -188,16 +188,14 @@ jobs:
           disable-file-monitoring: true
           egress-policy: block
           allowed-endpoints: >
-            api.codecov.io:443
+            *.codecov.io:443
             api.github.com:443
-            cli.codecov.io:443
             codecov.io:443
             files.pythonhosted.org:443
             github.com:443
             objects.githubusercontent.com:443
             pypi.org:443
             storage.googleapis.com:443
-            uploader.codecov.io:443
 
       - name: Checkout source code
         uses: actions/checkout@v4