From 21dd2f50ac09a939fcf9ad68612e21181e4fedee Mon Sep 17 00:00:00 2001
From: saso badovinac <sasobadovinac@users.noreply.github.com>
Date: Mon, 12 May 2025 18:03:39 +0200
Subject: [PATCH] Update sub_weeklyBuild.yml (#21249)

Run harden-runner first
---
 .github/workflows/sub_weeklyBuild.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/sub_weeklyBuild.yml b/.github/workflows/sub_weeklyBuild.yml
index d4c4bf3321..f956e86aa4 100644
--- a/.github/workflows/sub_weeklyBuild.yml
+++ b/.github/workflows/sub_weeklyBuild.yml
@@ -68,6 +68,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     environment: weekly-build
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       # prevent running out of disk space on Ubuntu runners.
       - name: Maximize build space
         if: runner.os == 'Linux'
@@ -77,11 +82,6 @@ jobs:
           remove-android: 'true'      # (frees ~9 GB)
           remove-cached-tools: 'true' # (frees ~8.3 GB)
 
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
       - name: Set Platform Environment Variables
         shell: bash -l {0}
         env: