Merge pull request #192 from onebeyond/allowed-endpoints

fix: get back egress-policy block for harden runner

Author: inigomarquinez

.github/workflows/code-climate-test-coverage.yml

@@ -11,19 +11,17 @@ jobs:
   code-climate:
     runs-on: ubuntu-latest
     steps:
-      - name: 🔐 Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
-          # disable-sudo: true
-          # egress-policy: block
-          # allowed-endpoints: >
-          #   github.com:443
-          #   registry.npmjs.org:443
-          #   api.github.com:443
-          #   nodejs.org:443
-          #   codeclimate.com:443
-          #   d3iz1jjs17r6kg.cloudfront.net:443
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.codeclimate.com:443
+            codeclimate.com:443
+            d3iz1jjs17r6kg.cloudfront.net:443
+            github.com:443
+            registry.npmjs.org:443
 
       - name: ⚙️ Git Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

.github/workflows/openssf-scorecard.yml

@@ -28,19 +28,21 @@ jobs:
       # actions: read
 
     steps:
-      - name: 🔐 Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
-          # disable-sudo: true
-          # egress-policy: block
-          # allowed-endpoints: >
-          #   github.com:443
-          #   registry.npmjs.org:443
-          #   api.github.com:443
-          #   nodejs.org:443
-          #   www.bestpractices.dev:443
-          #   oss-fuzz-build-logs.storage.googleapis.com:443
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            api.osv.dev:443
+            api.securityscorecards.dev:443
+            fulcio.sigstore.dev:443
+            github.com:443
+            oss-fuzz-build-logs.storage.googleapis.com:443
+            rekor.sigstore.dev:443
+            tuf-repo-cdn.sigstore.dev:443
+            www.bestpractices.dev:443
 
       - name: ⚙️ Git Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

README.md

@@ -5,7 +5,7 @@
 <p align="center">
   <a href="https://www.npmjs.com/package/@guidesmiths/react-form-builder" target="_blank"><img src="https://img.shields.io/npm/v/@guidesmiths/react-form-builder.svg?style=flat-square" alt="NPM version" /></a>
   <a href="https://www.npmjs.com/package/@guidesmiths/react-form-builder" target="_blank"><img src="https://img.shields.io/npm/dm/@guidesmiths/react-form-builder.svg?style=flat-square" alt="NPM downloads" /></a>
-  <a href="https://github.com/onebeyond/react-form-builder/actions/workflows/publish-plugin.yml" target="_blank"><img src="https://github.com/onebeyond/react-form-builder/actions/workflows/publish-plugin.yml/badge.svg" alt="Publish" /></a>
+  <a href="https://github.com/onebeyond/react-form-builder/actions/workflows/cd.yml" target="_blank"><img src="https://github.com/onebeyond/react-form-builder/actions/workflows/cd.yml/badge.svg" alt="Publish" /></a>
   <a href="https://codeclimate.com/github/onebeyond/react-form-builder/maintainability"><img src="https://api.codeclimate.com/v1/badges/7be0c6651a4fd019f777/maintainability" /></a>
   <a href="https://codeclimate.com/github/onebeyond/react-form-builder/test_coverage"><img src="https://api.codeclimate.com/v1/badges/7be0c6651a4fd019f777/test_coverage" /></a>
   <a href="https://socket.dev/npm/package/@guidesmiths/react-form-builder" target="_blank"><img src="https://socket.dev/api/badge/npm/package/@guidesmiths/react-form-builder" alt="socket.dev" /></a>