From 860061d31289b77d21a7bb374ea1871c7f0642a9 Mon Sep 17 00:00:00 2001
From: amankong <aman.gupta@konghq.com>
Date: Wed, 2 Jul 2025 16:40:47 +0530
Subject: [PATCH] Harden Runner Integration

---
 .github/workflows/.reusable_build.yml      | 8 ++++++++
 .github/workflows/.reusable_e2e_tests.yml  | 4 ++++
 .github/workflows/.reusable_test_image.yml | 4 ++++
 .github/workflows/backport.yml             | 4 ++++
 4 files changed, 20 insertions(+)

diff --git a/.github/workflows/.reusable_build.yml b/.github/workflows/.reusable_build.yml
index e771dd45..2c60b2b2 100644
--- a/.github/workflows/.reusable_build.yml
+++ b/.github/workflows/.reusable_build.yml
@@ -11,6 +11,10 @@ jobs:
     runs-on: ${{ vars.RUNS_ON }}
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          egress-policy: audit
       - name: Checkout source code
         uses: actions/checkout@v3
 
@@ -38,6 +42,10 @@ jobs:
     runs-on: ${{ vars.RUNS_ON }}
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          egress-policy: audit
       - name: Checkout source code
         uses: actions/checkout@v3
 
diff --git a/.github/workflows/.reusable_e2e_tests.yml b/.github/workflows/.reusable_e2e_tests.yml
index 0f8ae8cf..b3c1d159 100644
--- a/.github/workflows/.reusable_e2e_tests.yml
+++ b/.github/workflows/.reusable_e2e_tests.yml
@@ -47,6 +47,10 @@ jobs:
     runs-on: ${{ vars.RUNS_ON }}
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          egress-policy: audit
       - name: Checkout source code
         uses: actions/checkout@v3
 
diff --git a/.github/workflows/.reusable_test_image.yml b/.github/workflows/.reusable_test_image.yml
index de44fa18..954efed9 100644
--- a/.github/workflows/.reusable_test_image.yml
+++ b/.github/workflows/.reusable_test_image.yml
@@ -23,6 +23,10 @@ jobs:
       image: ${{ steps.build-and-save.outputs.image }}
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          egress-policy: audit
       - name: Checkout source code
         uses: actions/checkout@v3
 
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index 1d423c9a..80f0f8c4 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -20,6 +20,10 @@ jobs:
         )
       )
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          egress-policy: audit
       - uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2.0.4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}