From 3f98ed1bb8fb76aea8556dc5663e5c5e724ba503 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 20 Dec 2024 12:54:31 -0500 Subject: [PATCH] Re-enable the GitHubSecurityLab/actions-permissions/monitor action With the merge of GitHubSecurityLab/actions-permissions#34, this proxy no longer interferes with AWS API or boto3 calls. --- .github/workflows/build.yml | 12 ++++-------- .github/workflows/prerelease.yml | 12 ++++-------- .github/workflows/release.yml | 12 ++++-------- 3 files changed, 12 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1ded704..a3093e8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -244,14 +244,10 @@ jobs: # - arm64 - x86_64 steps: - # If we use this proxy then the calls to the AWS API to retrieve - # Assessor Workbench files from an S3 bucket fail. For example, this - # Ansible task fails: - # https://github.com/cisagov/ansible-role-assessor-workbench/blob/26ef0a5e7d282f7656eb9687ddb1667b2e386f1b/tasks/main.yml#L11-L18 - # - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - # with: - # # Uses the organization variable unless overridden - # config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + # Uses the organization variable unless overridden + config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} - id: harden-runner name: Harden the runner uses: step-security/harden-runner@v2 diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index e754da1..57910f3 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -51,14 +51,10 @@ jobs: # - arm64 - x86_64 steps: - # If we use this proxy then the calls to the AWS API to retrieve - # Assessor Workbench files from an S3 bucket fail. For example, this - # Ansible task fails: - # https://github.com/cisagov/ansible-role-assessor-workbench/blob/26ef0a5e7d282f7656eb9687ddb1667b2e386f1b/tasks/main.yml#L11-L18 - # - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - # with: - # # Uses the organization variable unless overridden - # config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + # Uses the organization variable unless overridden + config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} - id: harden-runner name: Harden the runner uses: step-security/harden-runner@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0e246c2..e7ba279 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -58,14 +58,10 @@ jobs: # - arm64 - x86_64 steps: - # If we use this proxy then the calls to the AWS API to retrieve - # Assessor Workbench files from an S3 bucket fail. For example, this - # Ansible task fails: - # https://github.com/cisagov/ansible-role-assessor-workbench/blob/26ef0a5e7d282f7656eb9687ddb1667b2e386f1b/tasks/main.yml#L11-L18 - # - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - # with: - # # Uses the organization variable unless overridden - # config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + with: + # Uses the organization variable unless overridden + config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }} - id: harden-runner name: Harden the runner uses: step-security/harden-runner@v2