From 5f2551a8ec4aa94a52b8b408237abe76dc1b5dad Mon Sep 17 00:00:00 2001
From: Richard Eckart de Castilho <richard.eckart@gmail.com>
Date: Tue, 28 Jan 2025 14:59:09 +0100
Subject: [PATCH] No issue: Add maven central permission, install dot, back to
 block mode

---
 .github/workflows/maven.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index b6d6ff80c9..e29d5ff82a 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -28,8 +28,8 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
-        egress-policy: audit
-        # egress-policy: block
+        # egress-policy: audit
+        egress-policy: block
         disable-sudo: true
         allowed-endpoints: >
           api.github.com:443
@@ -46,6 +46,7 @@ jobs:
           registry-1.docker.io:443
           registry.npmjs.org:443
           repo.maven.apache.org:443
+          repo1.maven.org:443
           westus.data.mcr.microsoft.com:443
           westus2.data.mcr.microsoft.com:443
           www.ims.uni-stuttgart.de:443
@@ -95,6 +96,15 @@ jobs:
         restore-keys: |
           nodejs-cache-${{ runner.os }}-
 
+    - name: Install Graphviz on Linux
+      if: runner.os == 'Linux'
+      run: sudo apt-get update && sudo apt-get install -y graphviz
+
+    - name: Install Graphviz on Windows
+      if: runner.os == 'Windows'
+      run: choco install graphviz -y
+      shell: cmd
+
     - name: Build with Maven
       if: "!(matrix.os == 'ubuntu-latest' && github.event_name != 'pull_request')"
       run: mvn --show-version --batch-mode --no-transfer-progress clean verify