From 567931b2b7f9237d0b7d39b7c79a10c6de9ede0a Mon Sep 17 00:00:00 2001
From: Jeremy Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
Date: Mon, 16 Dec 2024 12:00:35 -0500
Subject: [PATCH] Remove use of web proxy in workflows

The use of a proxy causes the calls to the AWS API that run on
localhost to fail.  This is because the AWS CLI and boto3 both verify
all certificates by default, and this is impossible with a proxy
between them and AWS.
---
 .github/workflows/build.yml      | 10 ++++++----
 .github/workflows/prerelease.yml | 10 ++++++----
 .github/workflows/release.yml    | 10 ++++++----
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a06b91f..639340b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -245,10 +245,12 @@ jobs:
           # - arm64
           - x86_64
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          # Uses the organization variable unless overridden
-          config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
+      # If we use this proxy then the calls to the AWS API on
+      # localhost fail.
+      # - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      #   with:
+      #     # Uses the organization variable unless overridden
+      #     config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
       - id: harden-runner
         name: Harden the runner
         uses: step-security/harden-runner@v2
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
index c52862e..382fd0f 100644
--- a/.github/workflows/prerelease.yml
+++ b/.github/workflows/prerelease.yml
@@ -52,10 +52,12 @@ jobs:
           # - arm64
           - x86_64
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          # Uses the organization variable unless overridden
-          config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
+      # If we use this proxy then the calls to the AWS API on
+      # localhost fail.
+      # - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      #   with:
+      #     # Uses the organization variable unless overridden
+      #     config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
       - id: harden-runner
         name: Harden the runner
         uses: step-security/harden-runner@v2
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 00e30a6..68676aa 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -59,10 +59,12 @@ jobs:
           # - arm64
           - x86_64
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-        with:
-          # Uses the organization variable unless overridden
-          config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
+      # If we use this proxy then the calls to the AWS API on
+      # localhost fail.
+      # - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      #   with:
+      #     # Uses the organization variable unless overridden
+      #     config: ${{ vars.ACTIONS_PERMISSIONS_CONFIG }}
       - id: harden-runner
         name: Harden the runner
         uses: step-security/harden-runner@v2