💡 Summary
We should leverage the newer ubuntu-slim runner image that is container-based as opposed to VM-based once it is supported by step-security/harden-runner.
Motivation and context
Per step-security/harden-runner#627, the ubuntu-slim runner image is not currently supported by step-security/harden-runner. Even if we use harden_runner: "false" in the cisagov/action-job-preamble composite action that runs it, the pre- and post-stage still run and result in failure (see this run for example). Once ubuntu-slim is supported we should begin using it in any workflow jobs that are suitable to gain the benefits of the runner image as talked about in the GitHub blog post.
💡 Summary
We should leverage the newer
ubuntu-slimrunner image that is container-based as opposed to VM-based once it is supported by step-security/harden-runner.Motivation and context
Per step-security/harden-runner#627, the
ubuntu-slimrunner image is not currently supported by step-security/harden-runner. Even if we useharden_runner: "false"in the cisagov/action-job-preamble composite action that runs it, the pre- and post-stage still run and result in failure (see this run for example). Onceubuntu-slimis supported we should begin using it in any workflow jobs that are suitable to gain the benefits of the runner image as talked about in the GitHub blog post.