From f7cb00620e1a01063789cddc45c43b5fa14724f3 Mon Sep 17 00:00:00 2001
From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com>
Date: Wed, 18 Oct 2023 16:09:19 +0000
Subject: [PATCH] Add allowed endpoints (#129)

* Add allowed endpoint to golangci workflow

* Add allowed endpoint to golang builder workflow

* Add allowed endpoint to dependency review workflow

* Add allowed endpoint to sonatype nacy workflow

* Add allowed endpoint to trivy workflow
---
 .github/workflows/reusable-builder-go.yml        | 1 +
 .github/workflows/reusable-dependency-review.yml | 2 +-
 .github/workflows/reusable-golangci.yml          | 1 +
 .github/workflows/reusable-nancy.yml             | 3 +--
 .github/workflows/reusable-trivy.yml             | 2 ++
 5 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/reusable-builder-go.yml b/.github/workflows/reusable-builder-go.yml
index 2fe12a2..6444265 100644
--- a/.github/workflows/reusable-builder-go.yml
+++ b/.github/workflows/reusable-builder-go.yml
@@ -82,6 +82,7 @@ jobs:
             proxy.golang.org:443
             sum.golang.org:443
             storage.googleapis.com:443
+            *.actions.githubusercontent.com:443
 
       - name: Check out code base
         if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
diff --git a/.github/workflows/reusable-dependency-review.yml b/.github/workflows/reusable-dependency-review.yml
index ea5f46b..d845290 100644
--- a/.github/workflows/reusable-dependency-review.yml
+++ b/.github/workflows/reusable-dependency-review.yml
@@ -41,6 +41,7 @@ jobs:
             github.com:443
             api.github.com:443
             actions-results-receiver-production.githubapp.com:443
+            *.actions.githubusercontent.com:443
 
       - name: Check out code base
         if: github.event_name == 'push' || github.event_name == 'schedule'
@@ -76,4 +77,3 @@ jobs:
           deny-licenses: ${{ inputs.deny-licenses }}
           base-ref: ${{ github.event.repository.default_branch }}
           head-ref: ${{ github.sha }}
-
diff --git a/.github/workflows/reusable-golangci.yml b/.github/workflows/reusable-golangci.yml
index aa3a699..75f519e 100644
--- a/.github/workflows/reusable-golangci.yml
+++ b/.github/workflows/reusable-golangci.yml
@@ -44,6 +44,7 @@ jobs:
             github.com:443
             api.github.com:443
             objects.githubusercontent.com:443
+            *.actions.githubusercontent.com:443
             raw.githubusercontent.com:443
             storage.googleapis.com:443
             proxy.golang.org:443
diff --git a/.github/workflows/reusable-nancy.yml b/.github/workflows/reusable-nancy.yml
index 5ab0671..8401d12 100644
--- a/.github/workflows/reusable-nancy.yml
+++ b/.github/workflows/reusable-nancy.yml
@@ -25,8 +25,7 @@ jobs:
             github.com:443
             api.github.com:443
             objects.githubusercontent.com:443
-            acghubeus1.actions.githubusercontent.com:443
-            pipelinesghubeus2.actions.githubusercontent.com:443
+            *.actions.githubusercontent.com:443
             dl-cdn.alpinelinux.org:443
             ossindex.sonatype.org:443
             proxy.golang.org:443
diff --git a/.github/workflows/reusable-trivy.yml b/.github/workflows/reusable-trivy.yml
index f9e84bf..b024cf9 100644
--- a/.github/workflows/reusable-trivy.yml
+++ b/.github/workflows/reusable-trivy.yml
@@ -48,6 +48,7 @@ jobs:
             api.github.com:443
             uploads.github.com:443
             pkg-containers.githubusercontent.com:443
+            *.actions.githubusercontent.com:443
 
       - name: Check out code base
         if: github.event_name == 'push'
@@ -105,6 +106,7 @@ jobs:
             api.github.com:443
             uploads.github.com:443
             pkg-containers.githubusercontent.com:443
+            *.actions.githubusercontent.com:443
 
       - name: Check out code base
         if: github.event_name == 'push'