Update step-security/harden-runner configuration (#1177)

This resolves recent build failures by ensuring that JDKs can be downloaded.
2026-03-10 08:11:25 +00:00 · 2024-05-19 14:14:20 +02:00
parent 162aa0d458
commit 8a8290587a
6 changed files with 11 additions and 0 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -31,8 +31,10 @@ jobs:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
+            api.adoptium.net:443
            github.com:443
            jitpack.io:443
+            objects.githubusercontent.com:443
            repo.maven.apache.org:443
      # We run the build twice for each supported JDK: once against the
      # original Error Prone release, using only Error Prone checks available
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -27,6 +27,7 @@ jobs:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
+            api.adoptium.net:443
            api.github.com:443
            github.com:443
            objects.githubusercontent.com:443
--- a/.github/workflows/pitest-analyze-pr.yml
+++ b/.github/workflows/pitest-analyze-pr.yml
@@ -17,7 +17,9 @@ jobs:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
+            api.adoptium.net:443
            github.com:443
+            objects.githubusercontent.com:443
            repo.maven.apache.org:443
      - name: Check out code and set up JDK and Maven
        uses: s4u/setup-maven-action@6d44c18d67d9e1549907b8815efa5e4dada1801b # v1.12.0
--- a/.github/workflows/pitest-update-pr.yml
+++ b/.github/workflows/pitest-update-pr.yml
@@ -25,8 +25,10 @@ jobs:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
+            api.adoptium.net:443
            api.github.com:443
            github.com:443
+            objects.githubusercontent.com:443
            repo.maven.apache.org:443
      - name: Check out code and set up JDK and Maven
        uses: s4u/setup-maven-action@6d44c18d67d9e1549907b8815efa5e4dada1801b # v1.12.0
--- a/.github/workflows/run-integration-tests.yml
+++ b/.github/workflows/run-integration-tests.yml
@@ -24,8 +24,10 @@ jobs:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
+            api.adoptium.net:443
            checkstyle.org:443
            github.com:443
+            objects.githubusercontent.com:443
            oss.sonatype.org:443
            raw.githubusercontent.com:443
            repo.maven.apache.org:443
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -24,8 +24,10 @@ jobs:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
+            api.adoptium.net:443
            ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
            github.com:443
+            objects.githubusercontent.com:443
            repo.maven.apache.org:443
            sc-cleancode-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
            scanner.sonarcloud.io:443