From 1c17540edf128f78dac9c6b7734f542c9f0042b4 Mon Sep 17 00:00:00 2001
From: Stephan Schroevers <stephan.schroevers@teampicnic.com>
Date: Mon, 5 Aug 2024 08:34:03 +0200
Subject: [PATCH] Use wildcards

---
 .github/workflows/codeql.yml                | 3 +--
 .github/workflows/openssf-scorecard.yml     | 4 +---
 .github/workflows/run-integration-tests.yml | 6 ++----
 .github/workflows/sonarcloud.yml            | 3 +--
 4 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index e29160fdcd3..9764776ee97 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -28,11 +28,10 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             api.adoptium.net:443
-            api.github.com:443
+            *.github.com:443
             github.com:443
             objects.githubusercontent.com:443
             repo.maven.apache.org:443
-            uploads.github.com:443
       - name: Check out code and set up JDK and Maven
         uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0
         with:
diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml
index 083a6ea7cfc..ca35f293909 100644
--- a/.github/workflows/openssf-scorecard.yml
+++ b/.github/workflows/openssf-scorecard.yml
@@ -30,11 +30,9 @@ jobs:
             api.osv.dev:443
             api.scorecard.dev:443
             api.securityscorecards.dev:443
-            fulcio.sigstore.dev:443
             github.com:443
             oss-fuzz-build-logs.storage.googleapis.com:443
-            rekor.sigstore.dev:443
-            tuf-repo-cdn.sigstore.dev:443
+            *.sigstore.dev:443
             www.bestpractices.dev:443
       - name: Check out code
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
diff --git a/.github/workflows/run-integration-tests.yml b/.github/workflows/run-integration-tests.yml
index fb98b3d0e46..7840e95c49d 100644
--- a/.github/workflows/run-integration-tests.yml
+++ b/.github/workflows/run-integration-tests.yml
@@ -27,11 +27,9 @@ jobs:
             api.adoptium.net:443
             checkstyle.org:443
             github.com:443
-            objects.githubusercontent.com:443
-            oss.sonatype.org:443
-            raw.githubusercontent.com:443
+            *.githubusercontent.com:443
             repo.maven.apache.org:443
-            repository.sonatype.org:443
+            *.sonatype.org:443
       - name: Check out code and set up JDK and Maven
         uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0
         with:
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index f29da8e4119..47ae8109735 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -27,13 +27,12 @@ jobs:
             analysis-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
             api.adoptium.net:443
             api.nuget.org:443
-            api.sonarcloud.io:443
             ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
             github.com:443
             objects.githubusercontent.com:443
             repo.maven.apache.org:443
             sc-cleancode-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
-            scanner.sonarcloud.io:443
+            *.sonarcloud.io:443
             sonarcloud.io:443
       - name: Check out code and set up JDK and Maven
         uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0