Update sub_weeklyBuild.yml (#21249)

Run harden-runner first
2025-05-12 18:03:39 +02:00
parent 03f41eb11f
commit 21dd2f50ac
1 changed files with 5 additions and 5 deletions
--- a/.github/workflows/sub_weeklyBuild.yml
+++ b/.github/workflows/sub_weeklyBuild.yml
@@ -68,6 +68,11 @@ jobs:
    runs-on: ${{ matrix.os }}
    environment: weekly-build
    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
      # prevent running out of disk space on Ubuntu runners.
      - name: Maximize build space
        if: runner.os == 'Linux'
@@ -77,11 +82,6 @@ jobs:
          remove-android: 'true'      # (frees ~9 GB)
          remove-cached-tools: 'true' # (frees ~8.3 GB)

-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
      - name: Set Platform Environment Variables
        shell: bash -l {0}
        env: