From af985c464a4e50dd4cd73b65c1f1c360694e64ff Mon Sep 17 00:00:00 2001
From: Matthew Robertson <mattrobertson@google.com>
Date: Thu, 12 Dec 2024 21:00:11 +0000
Subject: [PATCH] chore: add missing allowed-endpoints to workflows

---
 .github/workflows/publish.yml   | 1 +
 .github/workflows/scorecard.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 5e721ef0..2f98b812 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -16,6 +16,7 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
+            api.github.com:443
             github.com:443
             registry.npmjs.org:443
             wombat-dressing-room.appspot.com:443
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 7888892c..f46ad9d4 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -39,6 +39,7 @@ jobs:
             sigstore-tuf-root.storage.googleapis.com:443
             *.sigstore.dev:443
             api.securityscorecards.dev:443
+            www.bestpractices.dev:443
 
       - name: 'Checkout code'
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7