No issue: Add maven central permission, install dot, back to block mode

inception-project · Jan 28, 2025 · 5f2551a · 5f2551a
1 parent 7561aa6
commit 5f2551a
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -28,8 +28,8 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
-        egress-policy: audit
-        # egress-policy: block
+        # egress-policy: audit
+        egress-policy: block
         disable-sudo: true
         allowed-endpoints: >
           api.github.com:443
@@ -46,6 +46,7 @@ jobs:
           registry-1.docker.io:443
           registry.npmjs.org:443
           repo.maven.apache.org:443
+          repo1.maven.org:443
           westus.data.mcr.microsoft.com:443
           westus2.data.mcr.microsoft.com:443
           www.ims.uni-stuttgart.de:443
@@ -95,6 +96,15 @@ jobs:
         restore-keys: |
           nodejs-cache-${{ runner.os }}-
 
+    - name: Install Graphviz on Linux
+      if: runner.os == 'Linux'
+      run: sudo apt-get update && sudo apt-get install -y graphviz
+
+    - name: Install Graphviz on Windows
+      if: runner.os == 'Windows'
+      run: choco install graphviz -y
+      shell: cmd
+
     - name: Build with Maven
       if: "!(matrix.os == 'ubuntu-latest' && github.event_name != 'pull_request')"
       run: mvn --show-version --batch-mode --no-transfer-progress clean verify