From 457c64021c70483ccb8bc022647269b53fa02b6b Mon Sep 17 00:00:00 2001 From: "Louise K. Schmidtgen" Date: Wed, 27 Nov 2024 15:51:32 +0200 Subject: [PATCH] remove harden runner from CI (#847) --- .github/workflows/auto-merge-successful-prs.yaml | 4 ---- .github/workflows/cla.yaml | 4 ---- .github/workflows/cron-jobs.yaml | 8 -------- .github/workflows/go.yaml | 8 -------- .github/workflows/integration-informing.yaml | 4 ---- .github/workflows/integration.yaml | 8 -------- .github/workflows/python.yaml | 4 ---- .github/workflows/sbom.yaml | 4 ---- .github/workflows/scorecard.yaml | 4 ---- .github/workflows/update-branches.yaml | 4 ---- .github/workflows/update-components.yaml | 4 ---- 11 files changed, 56 deletions(-) diff --git a/.github/workflows/auto-merge-successful-prs.yaml b/.github/workflows/auto-merge-successful-prs.yaml index e7f4fc096..c4581ee95 100644 --- a/.github/workflows/auto-merge-successful-prs.yaml +++ b/.github/workflows/auto-merge-successful-prs.yaml @@ -13,10 +13,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Checking out repo uses: actions/checkout@v4 - uses: actions/setup-python@v5 diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml index a3c4515de..cce7fa7d3 100644 --- a/.github/workflows/cla.yaml +++ b/.github/workflows/cla.yaml @@ -15,9 +15,5 @@ jobs: pull-requests: write # for canonical/has-signed-canonical-cla to create & update comments runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Check if CLA signed uses: canonical/has-signed-canonical-cla@v1 diff --git a/.github/workflows/cron-jobs.yaml b/.github/workflows/cron-jobs.yaml index 59a1227a1..076ded4e2 100644 --- a/.github/workflows/cron-jobs.yaml +++ b/.github/workflows/cron-jobs.yaml @@ -19,10 +19,6 @@ jobs: - { branch: main } steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Checking out repo uses: actions/checkout@v4 with: @@ -86,10 +82,6 @@ jobs: - { branch: release-1.31, channel: 1.31-classic/edge } steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Checking out repo uses: actions/checkout@v4 with: diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml index 56be690a9..279c80341 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/go.yaml @@ -28,10 +28,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Check out code uses: actions/checkout@v4 @@ -90,10 +86,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Check out code uses: actions/checkout@v4 diff --git a/.github/workflows/integration-informing.yaml b/.github/workflows/integration-informing.yaml index 9ade424d0..31bd32a96 100644 --- a/.github/workflows/integration-informing.yaml +++ b/.github/workflows/integration-informing.yaml @@ -24,10 +24,6 @@ jobs: patch: ["moonray"] fail-fast: false steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Checking out repo uses: actions/checkout@v4 - name: Install lxd diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index e4a4b2b16..794dd920a 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -24,10 +24,6 @@ jobs: runs-on: ubuntu-20.04 steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Checking out repo uses: actions/checkout@v4 - name: Install lxd @@ -132,10 +128,6 @@ jobs: runs-on: ubuntu-20.04 needs: build steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: diff --git a/.github/workflows/python.yaml b/.github/workflows/python.yaml index 0c51d8ecf..c8cb71c85 100644 --- a/.github/workflows/python.yaml +++ b/.github/workflows/python.yaml @@ -24,10 +24,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Check out code uses: actions/checkout@v4 - name: Setup Python diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml index 2faa27a28..cbf8808f8 100644 --- a/.github/workflows/sbom.yaml +++ b/.github/workflows/sbom.yaml @@ -24,10 +24,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Checking out repo uses: actions/checkout@v4 - name: Setup Python diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index ffb8afe17..1a5759d94 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -17,10 +17,6 @@ jobs: id-token: write steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: "Checkout code" uses: actions/checkout@v4.1.1 with: diff --git a/.github/workflows/update-branches.yaml b/.github/workflows/update-branches.yaml index b6ed8f38e..432e4c8f3 100644 --- a/.github/workflows/update-branches.yaml +++ b/.github/workflows/update-branches.yaml @@ -21,10 +21,6 @@ jobs: outputs: branch: ${{ steps.determine.outputs.branch }} steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Determine branch id: determine env: diff --git a/.github/workflows/update-components.yaml b/.github/workflows/update-components.yaml index 23aa952a4..ccadac501 100644 --- a/.github/workflows/update-components.yaml +++ b/.github/workflows/update-components.yaml @@ -25,10 +25,6 @@ jobs: - release-1.30 steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - name: Checking out repo uses: actions/checkout@v4 with: