Use harden runner for dispatch workflow

wabarc · Nov 30, 2022 · 4660ac2 · 4660ac2
1 parent a2536fd
commit 4660ac2
Showing 1 changed file with 15 additions and 7 deletions.
diff --git a/.github/workflows/dispatch.yml b/.github/workflows/dispatch.yml
@@ -16,11 +16,19 @@ jobs:
     name: Repository Dispatch
     runs-on: ubuntu-latest
     steps:
-    - name: Dispatch repository in wabarc/aur
-      uses: peter-evans/repository-dispatch@11ba7d3f32dc7cc919d1c43f1fec1c05260c26b5 # v2.0.0
-      with:
-        repository: wabarc/homebrew-wayback
-        event-type: publish
-        token: ${{ secrets.PAT_WORKFLOW }}
-        client-payload: '{"from": "${{ github.repository }}", "channel": "stable"}'
+      - name: Harden Runner
+        uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34 # v1.5.0
+        with:
+          egress-policy: block
+          disable-telemetry: true
+          allowed-endpoints: >
+            github.com:443
+            api.github.com:443
 
+      - name: Dispatch repository in wabarc/aur
+        uses: peter-evans/repository-dispatch@f2696244ec00ed5c659a5cc77f7138ad0302dffb # v2.1.0
+        with:
+          repository: wabarc/homebrew-wayback
+          event-type: publish
+          token: ${{ secrets.PAT_WORKFLOW }}
+          client-payload: '{"from": "${{ github.repository }}", "channel": "stable"}'