Bump step-security/harden-runner from 2.14.0 to 2.14.1 #1127
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build and Test the Cornucopia Website | |
| on: | |
| pull_request: | |
| paths: | |
| - 'cornucopia.owasp.org/**' | |
| - '.github/workflows/build-website.yml' | |
| permissions: | |
| contents: read | |
| jobs: | |
| hardening: | |
| name: Hardening | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Make sure we have some code to test | |
| - name: Harden runner | |
| uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github-cloud.githubusercontent.com:443 | |
| github.com:443 | |
| motd.ubuntu.com:443 | |
| keys.openpgp.org:443 | |
| build-website: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| name: Install pnpm | |
| with: | |
| version: 10.0.0 | |
| run_install: false | |
| - name: Install Node.js | |
| uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 | |
| with: | |
| node-version: 20.18.2 | |
| - name: Build | |
| working-directory: cornucopia.owasp.org | |
| run: | | |
| pnpm install # Install dependencies | |
| npm run build # Build production version | |
| pnpm audit --prod |