Release v2.5.1 (#332)

varunsh-coder · web-flow · commit 8ca2b8b2ece1 · 2023-08-09T09:09:14.000-07:00
diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml
@@ -24,6 +24,7 @@ jobs:
     steps:
     - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v1
       with:
+        egress-policy: audit
         allowed-endpoints:
           api.github.com:443
           github.com:443
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -27,6 +27,7 @@ jobs:
     steps:
     - uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
       with:
+        egress-policy: audit
         allowed-endpoints:
           api.github.com:443
           github.com:443
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
         uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           disable-sudo: true
-          egress-policy: block
+          egress-policy: audit
           allowed-endpoints: >
             api.github.com:443
             codecov.io:443
diff --git a/dist/pre/index.js b/dist/pre/index.js
diff --git a/dist/pre/index.js.map b/dist/pre/index.js.map
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "step-security-harden-runner",
-  "version": "2.4.1",
+  "version": "2.5.1",
   "description": "Security agent for GitHub-hosted runner: block egress traffic & detect code overwrite to prevent breaches",
   "main": "index.js",
   "scripts": {
diff --git a/src/checksum.ts b/src/checksum.ts
@@ -10,7 +10,7 @@ export function verifyChecksum(downloadPath: string) {
     .digest("hex"); // checksum of downloaded file
 
   const expectedChecksum: string =
-    "79cc2df62f6eba9ab4ceadbbdfca4d20ef5b14e1439a98eaa559142b8dd61aac"; // checksum for v0.13.4
+    "ceb925c78e5c79af4f344f08f59bbdcf3376d20d15930a315f9b24b6c4d0328a"; // checksum for v0.13.5
 
   if (checksum !== expectedChecksum) {
     core.setFailed(
diff --git a/src/setup.ts b/src/setup.ts
@@ -168,7 +168,7 @@ import { isArcRunner, sendAllowedEndpoints } from "./arc-runner";
     let auth = `token ${token}`;
 
     const downloadPath: string = await tc.downloadTool(
-      "https://github.com/step-security/agent/releases/download/v0.13.4/agent_0.13.4_linux_amd64.tar.gz",
+      "https://github.com/step-security/agent/releases/download/v0.13.5/agent_0.13.5_linux_amd64.tar.gz",
       undefined,
       auth
     );

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "step-security-harden-runner",`
`3`		`- "version": "2.4.1",`
	`3`	`+ "version": "2.5.1",`
`4`	`4`	`"description": "Security agent for GitHub-hosted runner: block egress traffic & detect code overwrite to prevent breaches",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`