From 2d106321d5339ef86d25ae2044aefc3f9db8e17b Mon Sep 17 00:00:00 2001
From: Matthew Watkins <mwatkins@linuxfoundation.org>
Date: Wed, 3 Jun 2026 13:25:15 +0100
Subject: [PATCH] Chore: Add attestation endpoints to allow-list

Add the two egress endpoints that 'gh attestation verify' needs so the
zizmor security audit (and any other action verifying GitHub artifact
attestations) works under harden-runner block mode:

  - tuf-repo.github.com:443 - GitHub's TUF trust root
  - tmaproduction.blob.core.windows.net:443 - Azure blob storage that
    backs GitHub's attestation bundles

Without these, block-mode runs fail at 'gh attestation verify' with
'domain not allowed: tuf-repo.github.com' and a connection-refused
error fetching the attestation bundle from Azure blob storage. The
specific blob host is allow-listed rather than a *.blob.core.windows.net
wildcard, to keep the egress surface as narrow as possible.

Also sort the allow-list alphabetically (LC_ALL=C) so future additions
have an obvious, reviewable position.

Add a README.md alongside the allow-list that documents, in a table,
why each non-obvious endpoint is present (starting with the two above).
The table can grow over time and be backfilled for the bulk-generated
entries.

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
---
 .../harden-runner/lfreleng-actions/README.md  | 33 +++++++++++++++++++
 .../lfreleng-actions/allow_list.txt           |  2 +-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 .github/harden-runner/lfreleng-actions/README.md

diff --git a/.github/harden-runner/lfreleng-actions/README.md b/.github/harden-runner/lfreleng-actions/README.md
new file mode 100644
index 0000000..01acdbf
--- /dev/null
+++ b/.github/harden-runner/lfreleng-actions/README.md
@@ -0,0 +1,33 @@
+<!--
+SPDX-License-Identifier: Apache-2.0
+SPDX-FileCopyrightText: 2026 The Linux Foundation
+-->
+
+# lfreleng-actions egress allow-list
+
+`allow_list.txt` is the shared [harden-runner][hr] egress allow-list for
+the `lfreleng-actions` organisation. Workflows load it with
+[harden-runner-block-action][block] and run harden-runner in `block`
+mode, so harden-runner denies any host this file omits.
+
+Each entry is a `host[:port]` token, and a `*.host` wildcard matches
+subdomains. We keep the file sorted alphabetically (`LC_ALL=C`).
+
+## Documented entries
+
+This table records why specific endpoints appear, and does not yet
+cover every entry: tooling generated the initial list in bulk, and we
+will backfill the rest over time, potentially from the tooling that
+produced them.
+
+<!-- markdownlint-disable MD013 -->
+
+| Endpoint                                  | Source / reason                                                                                                                               |
+| ----------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
+| `tuf-repo.github.com:443`                 | GitHub TUF trust root, fetched by `gh attestation verify` when checking the Sigstore provenance of the zizmor binary (zizmor security audit). |
+| `tmaproduction.blob.core.windows.net:443` | Azure blob storage that serves GitHub's artifact attestation bundles, fetched by `gh attestation verify` during the same provenance check.    |
+
+<!-- markdownlint-enable MD013 -->
+
+[hr]: https://github.com/step-security/harden-runner
+[block]: https://github.com/lfreleng-actions/harden-runner-block-action
diff --git a/.github/harden-runner/lfreleng-actions/allow_list.txt b/.github/harden-runner/lfreleng-actions/allow_list.txt
index 2c67757..394391e 100644
--- a/.github/harden-runner/lfreleng-actions/allow_list.txt
+++ b/.github/harden-runner/lfreleng-actions/allow_list.txt
@@ -1 +1 @@
-github.com:443 *.githubapp.com:443 *.githubusercontent.com:443 *.sigstore.dev:443 api.azul.com:443 api.github.com:443 app-updates.agilebits.com:443 astral.sh:443 auth.docker.io:443 azure.archive.ubuntu.com:80 build.automotivelinux.org:443 cache.agilebits.com:443 cdn.azul.com:443 deb.debian.org:80 dl-cdn.alpinelinux.org:443 dl.google.com:443 endoflife.date:443 esm.ubuntu.com:443 files.pythonhosted.org:443 ftp.mozilla.org:443 gerrit.automotivelinux.org:443 gerrit.fd.io:443 gerrit.lfbroadband.org:443 gerrit.linuxfoundation.org:443 gerrit.o-ran-sc.org:29418 gerrit.o-ran-sc.org:443 gerrit.onap.org:443 get.anchore.io:443 get.helm.sh:443 ghcr.io:443 git.opendaylight.org:443 github.com:22 grype.anchore.io:443 jenkins.fd.io:443 jenkins.lfbroadband.org:443 jenkins.o-ran-sc.org:443 jenkins.onap.org:443 jenkins.opendaylight.org:443 jira.linuxfoundation.org:443 jira.o-ran-sc.org:443 jira.onap.org:443 jira.opendaylight.org:443 lf-o-ran-sc.atlassian.net:443 lf-onap.atlassian.net:443 lf-opendaylight.atlassian.net:443 linuxfoundation.1password.com:443 linuxfoundation.org:443 motd.ubuntu.com:443 nexus.onap.org:443 nexus3.o-ran-sc.org:443 o-ran-sc.1password.com:443 packages.microsoft.com:443 prod.app-api.stepsecurity.io:443 production.cloudflare.docker.com:443 proxy.golang.org:443 pypi.org:443 registry-1.docker.io:443 releases.astral.sh:443 repo.maven.apache.org:443 repo1.maven.org:443 slack.com:443 static.rust-lang.org:443 support.linuxfoundation.org:443 test.pypi.org:443 upload.pypi.org:443 uploads.github.com:443 www.google.com:443 www.linuxfoundation.org:443
+*.githubapp.com:443 *.githubusercontent.com:443 *.sigstore.dev:443 api.azul.com:443 api.github.com:443 app-updates.agilebits.com:443 astral.sh:443 auth.docker.io:443 azure.archive.ubuntu.com:80 build.automotivelinux.org:443 cache.agilebits.com:443 cdn.azul.com:443 deb.debian.org:80 dl-cdn.alpinelinux.org:443 dl.google.com:443 endoflife.date:443 esm.ubuntu.com:443 files.pythonhosted.org:443 ftp.mozilla.org:443 gerrit.automotivelinux.org:443 gerrit.fd.io:443 gerrit.lfbroadband.org:443 gerrit.linuxfoundation.org:443 gerrit.o-ran-sc.org:29418 gerrit.o-ran-sc.org:443 gerrit.onap.org:443 get.anchore.io:443 get.helm.sh:443 ghcr.io:443 git.opendaylight.org:443 github.com:22 github.com:443 grype.anchore.io:443 jenkins.fd.io:443 jenkins.lfbroadband.org:443 jenkins.o-ran-sc.org:443 jenkins.onap.org:443 jenkins.opendaylight.org:443 jira.linuxfoundation.org:443 jira.o-ran-sc.org:443 jira.onap.org:443 jira.opendaylight.org:443 lf-o-ran-sc.atlassian.net:443 lf-onap.atlassian.net:443 lf-opendaylight.atlassian.net:443 linuxfoundation.1password.com:443 linuxfoundation.org:443 motd.ubuntu.com:443 nexus.onap.org:443 nexus3.o-ran-sc.org:443 o-ran-sc.1password.com:443 packages.microsoft.com:443 prod.app-api.stepsecurity.io:443 production.cloudflare.docker.com:443 proxy.golang.org:443 pypi.org:443 registry-1.docker.io:443 releases.astral.sh:443 repo.maven.apache.org:443 repo1.maven.org:443 slack.com:443 static.rust-lang.org:443 support.linuxfoundation.org:443 test.pypi.org:443 tmaproduction.blob.core.windows.net:443 tuf-repo.github.com:443 upload.pypi.org:443 uploads.github.com:443 www.google.com:443 www.linuxfoundation.org:443