From d107f791a7b167dee73fb93a00c09f3633a091e4 Mon Sep 17 00:00:00 2001 From: Ashish Kurmi Date: Sun, 14 May 2023 15:36:17 -0700 Subject: [PATCH 1/2] using ai-codewise int for dogfooding --- .github/workflows/code-review.yml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml index 089e3ed7..abb817d3 100644 --- a/.github/workflows/code-review.yml +++ b/.github/workflows/code-review.yml @@ -1,27 +1,23 @@ name: Code Review on: pull_request: - branches: - - main - - int permissions: contents: read - jobs: code-review: - name: Code Review runs-on: ubuntu-latest permissions: contents: read - pull-requests: write - id-token: write + pull-requests: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 with: - egress-policy: audit + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 - name: Code Review - uses: docker://ghcr.io/step-security/code-reviewer/int:latest - env: - PAT: ${{ secrets.GITHUB_TOKEN }} + uses: step-security/ai-codewise@int + From 80c74fba26977e1eb7721e7c85d1168a88d3174e Mon Sep 17 00:00:00 2001 From: Ashish Kurmi Date: Sun, 14 May 2023 16:47:08 -0700 Subject: [PATCH 2/2] adding int backend endpoint --- .github/workflows/code-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml index abb817d3..c40f9f80 100644 --- a/.github/workflows/code-review.yml +++ b/.github/workflows/code-review.yml @@ -17,7 +17,7 @@ jobs: egress-policy: block allowed-endpoints: > api.github.com:443 + int.api.stepsecurity.io:443 - name: Code Review uses: step-security/ai-codewise@int -