populated tests

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,4 @@
+---
+title: Someone just pushed
+---
+Someone just pushed, oh no! Here's who did it: {{ payload.sender.login }}.

.github/workflows/basic.yml

@@ -0,0 +1,58 @@
+name: Basic Tests
+
+on:
+  workflow_dispatch:
+
+# permissions:
+#   contents: read
+
+jobs:
+  overwrite:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@v3
+
+      - name: echo overwrite
+        run: echo "## Overwritten" >> README.md
+
+      - name: mv overwrite
+        run: echo "# Replaced" >> README2.md; mv README2.md README.md
+
+  egress-test:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: block
+          disable-sudo: true
+          allowed-endpoints: |
+            www.google.com:443
+
+      - uses: actions/checkout@v3
+
+      - run: curl https://www.google.com
+      - run: curl https://microsoft.com
+
+  disabled-telemetry:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: block
+          disable-sudo: true
+          disable-telemetry: true
+          allowed-endpoints: |
+            www.google.com:443
+
+      - uses: actions/checkout@v3
+
+      - run: curl https://www.google.com
+      - run: curl https://microsoft.com
+      - run: curl https://youtube.com
+      - run: curl https://bing.com

.github/workflows/tls-basic-tests.yml

@@ -0,0 +1,34 @@
+name: TLS Basic Tests
+
+on:
+  workflow_dispatch:
+
+# permissions:
+#   contents: read
+
+jobs:
+  dynamic-node:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@v3
+      - run: which node
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "16"
+
+      - run: which node
+
+      - run: node req.js
+
+  owner-mismatch:
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+      - run: curl -XPOST https://api.github.com/repos/malicious-owner/malicious-repo

.github/workflows/tls-github-api-calls.yml

@@ -0,0 +1,88 @@
+name: TLS Github API Calls
+
+on:
+  workflow_dispatch:
+
+# permissions:
+#   contents: read
+
+jobs:
+  issue-create:
+    permissions:
+      contents: write
+      issues: write
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - run: free -m
+
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@v3
+      - uses: JasonEtco/create-an-issue@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: free -m
+
+  create-pr:
+    permissions:
+      contents: write
+      pull-requests: write
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - run: free -m
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+      - run: "echo '// changes' >> main.js"
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - run: free -m
+
+  comment-on-pr:
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    if: always()
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+
+      - name: Comment PR
+        uses: thollander/actions-comment-pull-request@v2
+        with:
+          message: |
+            Hello world ! :wave:
+          pr_number: 1
+
+  dispatch-workflow:
+    permissions:
+      contents: write
+      actions: write
+    if: always()
+    runs-on: ARMLinuxRunner
+    steps:
+      - run: free -m
+      - uses: h0x0er/harden-runner@arm-support
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+      - name: Invoke workflow without inputs
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: enumeration.yml
+      - run: free -m

README.md

@@ -0,0 +1 @@
+# Integration tests for arm runners

req.js

@@ -0,0 +1,37 @@
+const https = require('https');
+
+async function httpsGet(hostname, path, headers) {
+  return new Promise(async (resolve, reject) => {
+
+    const options = {
+      hostname: hostname,
+      path: path,
+      port: 443,
+      method: 'GET',
+      headers: headers
+    };
+
+    let body = [];
+
+    const req = https.request(options, res => {
+      res.on('data', chunk => body.push(chunk));
+      res.on('end', () => {
+        const data = Buffer.concat(body).toString();
+        resolve(data);
+      });
+    });
+    req.on('error', e => {
+      reject(e);
+    });
+    req.end();
+
+  });
+
+}
+
+result = httpsGet("api.github.com", "/", "");
+result.then(function (data) {
+    console.log(data)
+},function (err) {
+   consoel.log('https request failed',err)
+})