chore: remove harden-runner

harden-runner would be useful in our actual build or release workflows, but has no benefits actually in lint and scorecard.
garden-io · May 10, 2023 · 472e908 · 472e908
1 parent 331f27d
commit 472e908
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 24 deletions.
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -17,13 +17,6 @@ jobs:
   actionlint:
     runs-on: ubuntu-latest
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # 2.4.0
-        with:
-          egress-policy: block
-          allowed-endpoints: >
-            github.com:443
-            objects.githubusercontent.com:443
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # 3.0.2
       - name: Download actionlint
         run: |

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -24,23 +24,6 @@ jobs:
       actions: read
 
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
-        with:
-          egress-policy: block
-          allowed-endpoints: >
-            api.github.com:443
-            api.osv.dev:443
-            bestpractices.coreinfrastructure.org:443
-            codeload.github.com:443
-            github.com:443
-            pipelines.actions.githubusercontent.com:443
-            auth.docker.io:443
-            index.docker.io:443
-            fulcio.sigstore.dev:443
-            sigstore-tuf-root.storage.googleapis.com:443
-            *.blob.core.windows.net:443
-
       - name: "Checkout code"
         uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.0.0
         with: