From 12b14b8cd3bea0e3c514db2ce099dbb5a20b1dca Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Mon, 2 Oct 2023 16:04:04 -0700 Subject: [PATCH] self-hosted network filtering --- .../self-hosted-network-filtering-hr.yml | 33 +++++++++++++++++++ .../self-hosted-network-monitoring-hr.yml | 2 +- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/self-hosted-network-filtering-hr.yml diff --git a/.github/workflows/self-hosted-network-filtering-hr.yml b/.github/workflows/self-hosted-network-filtering-hr.yml new file mode 100644 index 00000000..bc780824 --- /dev/null +++ b/.github/workflows/self-hosted-network-filtering-hr.yml @@ -0,0 +1,33 @@ +name: "Self-Hosted (VM): Network Filtering with Harden-Runner" +on: + workflow_dispatch: + push: +jobs: + build: + runs-on: [self-hosted, ec2] + steps: + - name: Harden Runner + uses: step-security/harden-runner@v2 + with: + egress-policy: block + allowed-endpoints: > + *.docker.io:443 + ghcr.io:443 + github.com:443 + registry.npmjs.org:443 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 18 + - name: npm install + run: | + cd ./src/exfiltration-demo + npm install + - name: Publish to Registry + uses: elgohr/Publish-Docker-Github-Action@v5 + with: + name: ${{ github.repository }}/prod:latest + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + workdir: ./src/exfiltration-demo diff --git a/.github/workflows/self-hosted-network-monitoring-hr.yml b/.github/workflows/self-hosted-network-monitoring-hr.yml index 713a8887..5f0ba232 100644 --- a/.github/workflows/self-hosted-network-monitoring-hr.yml +++ b/.github/workflows/self-hosted-network-monitoring-hr.yml @@ -1,7 +1,7 @@ name: "Self-Hosted (VM): Network Monitoring with Harden-Runner" on: workflow_dispatch: - push: + jobs: build: runs-on: [self-hosted, ec2]