Restrict servers that are allowed during release step.

raphw · raphw · commit 21a0b2591ddc · 2022-09-12T19:09:56.000+02:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -158,7 +158,21 @@ jobs:
     steps:
       - uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95 # V1.4.5
         with:
-          egress-policy: audit
+          egress-policy: block
+          disable-telemetry: true
+          allowed-endpoints: >
+            github.com:443
+            raw.githubusercontent.com:443
+            repo.maven.apache.org:443
+            javadoc.io:443
+            docs.oracle.com:443
+            docs.gradle.org:443
+            plugins.gradle.org:443
+            services.gradle.org:443
+            downloads.gradle-dn.com:443
+            jcenter.bintray.com:443
+            repository.sonatype.org:443
+            s01.oss.sonatype.org:443
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
       - uses: actions/setup-java@2c7a4878f5d120bd643426d54ae1209b29cc01a3 # v3.4.1
         with:
