From 4660ac249ea346e1b679a8b1c65df63d19afd17d Mon Sep 17 00:00:00 2001
From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com>
Date: Wed, 30 Nov 2022 08:17:22 +0000
Subject: [PATCH] Use harden runner for dispatch workflow

---
 .github/workflows/dispatch.yml | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/dispatch.yml b/.github/workflows/dispatch.yml
index efd3ed46b..3e7a6a4e5 100644
--- a/.github/workflows/dispatch.yml
+++ b/.github/workflows/dispatch.yml
@@ -16,11 +16,19 @@ jobs:
     name: Repository Dispatch
     runs-on: ubuntu-latest
     steps:
-    - name: Dispatch repository in wabarc/aur
-      uses: peter-evans/repository-dispatch@11ba7d3f32dc7cc919d1c43f1fec1c05260c26b5 # v2.0.0
-      with:
-        repository: wabarc/homebrew-wayback
-        event-type: publish
-        token: ${{ secrets.PAT_WORKFLOW }}
-        client-payload: '{"from": "${{ github.repository }}", "channel": "stable"}'
+      - name: Harden Runner
+        uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34 # v1.5.0
+        with:
+          egress-policy: block
+          disable-telemetry: true
+          allowed-endpoints: >
+            github.com:443
+            api.github.com:443
 
+      - name: Dispatch repository in wabarc/aur
+        uses: peter-evans/repository-dispatch@f2696244ec00ed5c659a5cc77f7138ad0302dffb # v2.1.0
+        with:
+          repository: wabarc/homebrew-wayback
+          event-type: publish
+          token: ${{ secrets.PAT_WORKFLOW }}
+          client-payload: '{"from": "${{ github.repository }}", "channel": "stable"}'