fix(ci): Add uploads.github.com to CodeQL allowed endpoints

taeold · taeold · commit a72f7f17216a · 2025-07-31T14:08:02.000-07:00
The CodeQL workflow was failing because the `step-security/harden-runner`
was blocking egress traffic to the endpoint used for downloading the
CodeQL bundle.

This change adds `uploads.github.com` to the list of allowed
endpoints to resolve the `ECONNREFUSED` error.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -51,6 +51,8 @@ jobs:
             github.com:443
             pypi.org:443
             objects.githubusercontent.com:443
+            uploads.github.com:443
+            *.actions.githubusercontent.com:443
 
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
