🔨: set checkpoint egress policy.

.github/workflows/dev-workflow.yml

@@ -30,7 +30,14 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            files.pythonhosted.org:443
+            github.com:443
+            oziproject.dev:443
+            pypi.org:443
+            registry.npmjs.org:443
 
       - uses: OZI-Project/checkpoint@52b74310d31ed92dbc8193d3d2a1027373cf64da
         with:

.github/workflows/dist-workflow.yml

@@ -44,7 +44,14 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            files.pythonhosted.org:443
+            github.com:443
+            oziproject.dev:443
+            pypi.org:443
+            registry.npmjs.org:443
 
       - uses: OZI-Project/checkpoint@52b74310d31ed92dbc8193d3d2a1027373cf64da
         with:

ozi/templates/github_workflows/checkpoint.yml.j2

@@ -26,7 +26,14 @@
       - name: Harden Runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            files.pythonhosted.org:443
+            github.com:443
+            oziproject.dev:443
+            pypi.org:443
+            registry.npmjs.org:443
 
       - uses: OZI-Project/checkpoint@52b74310d31ed92dbc8193d3d2a1027373cf64da
         with: