From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Dec 2025 09:58:34 +0000 (+0000) Subject: Chore: Bump step-security/harden-runner from 2.13.3 to 2.14.0 X-Git-Tag: 2026.02.20~19^2 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F54%2F15454%2F1;p=it%2Fdep.git Chore: Bump step-security/harden-runner from 2.13.3 to 2.14.0 [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. Change-Id: If9d455a3e6dc87172c882bfa8775a49888dca58e --- [//]: # (dependabot-end) Bumps step-security/harden-runner from 2.13.3 to 2.14.0. ## Release notes Sourced from step-security/harden-runner's releases. v2.14.0 What's Changed Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos. Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it. Full Changelog: https://github.com/step-security/harden-runner/compare/v2.13.3...v2.14.0 ## Commits 20cf305 Merge pull request #622 from step-security/feature/custom-property-skip c51e8ee feat: skip agent install and post step on subsequent runs for GitHub-hosted r e152b90 feat: skip harden-runner based on repository custom property ee1faec feat: replace skip-harden-runner with skip-on-custom-property input 1dc7c17 feat: add skip-harden-runner input to conditionally skip execution See full diff in compare view ![Dependabot compatibility score](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Issue-ID: CIMAN-33 Signed-off-by: dependabot[bot] Signed-off-by: oran.gh2gerrit Change-Id: Id5ad60cbb19b43b5320379e13b352f04af21b871 GitHub-PR: https://github.com/o-ran-sc/it-dep/pull/25 GitHub-Hash: 39e34dc1498e2b7e --- diff --git a/.github/workflows/gerrit-merge-itdep.yaml b/.github/workflows/gerrit-merge-itdep.yaml index e14472ca..a53524e8 100644 --- a/.github/workflows/gerrit-merge-itdep.yaml +++ b/.github/workflows/gerrit-merge-itdep.yaml @@ -92,7 +92,7 @@ jobs: timeout-minutes: 20 steps: # yamllint disable-line rule:line-length - - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/gerrit-verify-itdep.yaml b/.github/workflows/gerrit-verify-itdep.yaml index c851ccd6..e2f29f0b 100644 --- a/.github/workflows/gerrit-verify-itdep.yaml +++ b/.github/workflows/gerrit-verify-itdep.yaml @@ -104,7 +104,7 @@ jobs: timeout-minutes: 15 steps: # yamllint disable-line rule:line-length - - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/github2gerrit.yaml b/.github/workflows/github2gerrit.yaml index 3f79a157..cf40ec23 100644 --- a/.github/workflows/github2gerrit.yaml +++ b/.github/workflows/github2gerrit.yaml @@ -41,7 +41,7 @@ jobs: steps: # Harden the runner used by this workflow # yamllint disable-line rule:line-length - - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 name: 'Harden runner' with: egress-policy: audit