Update harden-runner for release scheduler (#3680)

Update version to latest Change policy from audit to block per harden-runner recommendation Signed-off-by: Dave Thaler <[email protected]>
microsoft · Jul 12, 2024 · c8cc1a4 · c8cc1a4
1 parent ee17c08
commit c8cc1a4
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/.github/workflows/release-scheduler.yml b/.github/workflows/release-scheduler.yml
@@ -21,7 +21,10 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
 
       - name: Create release task
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea