harden runner does not work on container images (#1655)

### What kind of change does this PR introduce? * Removes the Harden Runner step in `finish` as it does not work with container images ### Does this PR introduce a breaking change? No. ### Other information: step-security/harden-runner#124
Ouranosinc · Feb 19, 2024 · 545ac67 · 545ac67
2 parents 0c7820e + 1e5de6e
commit 545ac67
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 4 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -276,10 +276,6 @@ jobs:
     runs-on: ubuntu-latest
     container: python:3-slim
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
-        with:
-          egress-policy: audit
       - name: Coveralls Finished
         run: |
           python -m pip install --upgrade coveralls

diff --git a/CHANGES.rst b/CHANGES.rst
@@ -74,6 +74,7 @@ Internal changes
 * `black`, `isort`, and `pyupgrade` code formatters no longer target Python3.8 coding style conventions. (:pull:`1565`).
 * The GitHub Workflows now include builds to run tests against both Windows and MacOS. (:pull:`1648`).
 * `prefetch` is now available as a `tox` environment modifier in order to download the testing data before launching `pytest` (e.g. `py3x-prefetch`). This is . (:pull:`1648`).
+* Removed `step-security/harden-runner` from the `finish` job as it does not work on container images lacking `sudo` access. (:pull:`1655`).
 
 v0.47.0 (2023-12-01)
 --------------------