From b6cbf2f82b2ca9ee3c1a0da49e6e72cbc92b93b4 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Tue, 4 Feb 2025 00:55:43 -0800
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#176)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/go.yml       | 5 +++++
 .github/workflows/release.yaml | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index be345af..1be22f3 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -9,6 +9,11 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      with:
+        egress-policy: audit
+
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
       with:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 1a2c22c..1722f28 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -17,6 +17,11 @@ jobs:
         goos: [freebsd, linux, windows]
         goarch: [amd64, arm64]
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      with:
+        egress-policy: audit
+
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     
     - name: Set APP_VERSION env