Build

Bump step-security/harden-runner from 2.10.2 to 2.10.3 (#1176) #3042

	name: Build

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	permissions:
	contents: read

	jobs:
	build:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [macos-latest, ubuntu-latest, windows-latest]
	permissions:
	actions: read
	contents: read
	deployments: read
	packages: none
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
	with:
	disable-sudo: true
	disable-telemetry: true
	egress-policy: block
	allowed-endpoints: >
	devdiv.pkgs.visualstudio.com:443
	github.com:443
	marketplace.visualstudio.com:443
	objects.githubusercontent.com:443
	registry.npmjs.org:443
	update.code.visualstudio.com:443
	vscode.download.prss.microsoft.com:443

	- name: Checkout Branch
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- name: Setup Node.js
	uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
	with:
	node-version: 20
	- name: Build Extension
	run: \|
	npm run install:all
	- name: Smoke test (Linux)
	run: xvfb-run -a npm run test
	if: runner.os == 'Linux'
	- name: Smoke test (Mac, Windows)
	run: npm run test
	if: runner.os != 'Linux'
	- name: Package Extension
	if: matrix.os == 'ubuntu-latest'
	run: \|
	npm run package
	mkdir vsix
	mv *.vsix vsix
	- name: Archive Extension
	if: matrix.os == 'ubuntu-latest'
	uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
	with:
	name: vsix
	path: vsix

Provide feedback