From 142da4a639b7286611a5340da2673ec7fd28da80 Mon Sep 17 00:00:00 2001
From: rjdbcm <rjdbcm@outlook.com>
Date: Thu, 31 Oct 2024 18:37:23 -0500
Subject: [PATCH 1/3] build(deps): ozi-templates~=2.13.8

Signed-off-by: rjdbcm <rjdbcm@outlook.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index ea77874..6b8ae50 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -9,7 +9,7 @@ dependencies = [
     'idna>=2',
     'meson[ninja]>=1.1.0',
     'ozi-spec~=0.11.4',
-    'ozi-templates~=2.13.0',
+    'ozi-templates~=2.13.8',
     'packaging~=24.1',
     'prompt-toolkit',
     'pyparsing~=3.1',

From 32544ad35f7e759e188c8e6a9b1d44c0b7c7cd22 Mon Sep 17 00:00:00 2001
From: rjdbcm <rjdbcm@outlook.com>
Date: Thu, 31 Oct 2024 18:37:54 -0500
Subject: [PATCH 2/3] perf: test that harden-runner blocks render

Signed-off-by: rjdbcm <rjdbcm@outlook.com>
---
 tests/test_ozi_new.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/test_ozi_new.py b/tests/test_ozi_new.py
index 69f08c2..b2e8905 100644
--- a/tests/test_ozi_new.py
+++ b/tests/test_ozi_new.py
@@ -30,6 +30,7 @@
         {
             'verify_email': st.just(False),
             'strict': st.booleans(),
+            'github_harden_runner': st.booleans(),
             'target': st.data(),
             'keywords': st.from_regex(r'^(([a-z_]*[a-z0-9],)*){2,650}$', fullmatch=True),
             'ci_provider': st.just('github'),

From 7912ae89c67d1a0ff76dea4da81241e7e96d7c8e Mon Sep 17 00:00:00 2001
From: "Eden Ross Duff, MSc, DDiv" <rjdbcm@outlook.com>
Date: Thu, 31 Oct 2024 19:11:26 -0500
Subject: [PATCH 3/3] build(endpoints): add sigstore urls to allow list

Signed-off-by: Eden Ross Duff, MSc, DDiv <rjdbcm@outlook.com>
---
 .github/workflows/ozi.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ozi.yml b/.github/workflows/ozi.yml
index 278b7b6..9ef1f8a 100644
--- a/.github/workflows/ozi.yml
+++ b/.github/workflows/ozi.yml
@@ -193,6 +193,9 @@ jobs:
           api.github.com:443
           upload.pypi.org:443
           uploads.github.com:443
+          fulcio.sigstore.dev:443
+          rekor.sigstore.dev:443
+          tuf-repo-cdn.sigstore.dev:443
 
     - uses: OZI-Project/publish@1.4.0
       with: