Remove use of web proxy in workflows

The use of a proxy causes the calls to the AWS API that run on localhost to fail. This is because the AWS CLI and boto3 both verify all certificates by default, and this is impossible with a proxy between them and AWS.
cisagov · Dec 16, 2024 · 567931b · 567931b
1 parent b1a0886
commit 567931b
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 12 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -245,10 +245,12 @@ jobs:
           # - arm64
           - x86_64
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          # Uses the organization variable unless overridden
-          config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
+      # If we use this proxy then the calls to the AWS API on
+      # localhost fail.
+      # - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      #   with:
+      #     # Uses the organization variable unless overridden
+      #     config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
       - id: harden-runner
         name: Harden the runner
         uses: step-security/harden-runner@v2

diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
@@ -52,10 +52,12 @@ jobs:
           # - arm64
           - x86_64
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          # Uses the organization variable unless overridden
-          config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
+      # If we use this proxy then the calls to the AWS API on
+      # localhost fail.
+      # - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      #   with:
+      #     # Uses the organization variable unless overridden
+      #     config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
       - id: harden-runner
         name: Harden the runner
         uses: step-security/harden-runner@v2

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -59,10 +59,12 @@ jobs:
           # - arm64
           - x86_64
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          # Uses the organization variable unless overridden
-          config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
+      # If we use this proxy then the calls to the AWS API on
+      # localhost fail.
+      # - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      #   with:
+      #     # Uses the organization variable unless overridden
+      #     config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
       - id: harden-runner
         name: Harden the runner
         uses: step-security/harden-runner@v2