From 59db46415cbbec8d709451eda64b67d838c351cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wilfredo=20Sa=CC=81nchez?= <wsanchez@wsanchez.net>
Date: Mon, 5 Feb 2024 14:39:09 -0800
Subject: [PATCH] Add cli.codecov.io Block audit paths

---
 .github/workflows/cicd.yml   | 3 ++-
 .github/workflows/deploy.yml | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index 9f32c2def..4a35e0631 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -333,6 +333,7 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443
+            cli.codecov.io:443
             codecov.io:443
             files.pythonhosted.org:443
             github.com:443
@@ -543,7 +544,7 @@ jobs:
       - name: Harden CI
         uses: step-security/harden-runner@v2.6.1
         with:
-          egress-policy: audit
+          egress-policy: block
 
       - name: Checkout source code
         uses: actions/checkout@v4
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 4654fad3f..7ce2f0b58 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -17,7 +17,7 @@ jobs:
       - name: Harden CI
         uses: step-security/harden-runner@v2.6.1
         with:
-          egress-policy: audit
+          egress-policy: block
 
       - name: Check user
         if: ${{ ! contains('["wsanchez", "mikeburg", "plapsley"]', github.actor) }}
@@ -72,7 +72,7 @@ jobs:
       - name: Harden CI
         uses: step-security/harden-runner@v2.6.1
         with:
-          egress-policy: audit
+          egress-policy: block
 
       - name: Check user
         if: ${{ ! contains('["wsanchez", "mikeburg", "plapsley"]', github.actor) }}