Skip to content

Commit 0d0d424

Browse files
dash14dash14
committed
Add example workflow links and reorder README sections
1 parent fa300e6 commit 0d0d424

File tree

1 file changed

+24
-20
lines changed

1 file changed

+24
-20
lines changed

README.md

Lines changed: 24 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,8 @@ jobs:
126126
fail_on_blocked: false # Don't fail, just show the report
127127
```
128128

129+
See the [complete example workflow](.github/workflows/example-audit.yml).
130+
129131
#### Step 2: Check the report
130132

131133
The report action outputs a Job Summary showing every domain your build contacted:
@@ -174,6 +176,8 @@ jobs:
174176
# Build fails if any unexpected connections were blocked
175177
```
176178

179+
See the [complete example workflow](.github/workflows/example-restrict.yml).
180+
177181
Your builds are now protected. Any unexpected connections will be blocked and reported.
178182

179183
## Usage with GitHub Actions
@@ -191,26 +195,6 @@ Starts the buildcage builder container.
191195
allowed_https_domains: registry.npmjs.org,github.com
192196
```
193197

194-
#### Operation Modes
195-
196-
##### Audit Mode (`proxy_mode: audit`)
197-
198-
**When to use:** First-time setup, adding new dependencies, or investigating issues.
199-
200-
**What it does:**
201-
- Allows all HTTP/HTTPS connections
202-
- Logs every domain accessed during the build
203-
- Does NOT block anything
204-
205-
##### Restrict Mode (`proxy_mode: restrict`)
206-
207-
**When to use:** Production builds, CI/CD pipelines, security-critical environments.
208-
209-
**What it does:**
210-
- Allows connections only to domains in `allowed_http_domains` / `allowed_https_domains`
211-
- Blocks all other connections
212-
- Logs allowed and blocked attempts
213-
214198
#### Parameters
215199

216200
| Parameter | Required | Default | Description |
@@ -238,6 +222,26 @@ Pass this port to [`docker/setup-buildx-action`](https://github.com/docker/setup
238222
endpoint: tcp://localhost:${{ steps.buildcage.outputs.port }}
239223
```
240224

225+
#### Operation Modes
226+
227+
##### Audit Mode (`proxy_mode: audit`)
228+
229+
**When to use:** First-time setup, adding new dependencies, or investigating issues.
230+
231+
**What it does:**
232+
- Allows all HTTP/HTTPS connections
233+
- Logs every domain accessed during the build
234+
- Does NOT block anything
235+
236+
##### Restrict Mode (`proxy_mode: restrict`)
237+
238+
**When to use:** Production builds, CI/CD pipelines, security-critical environments.
239+
240+
**What it does:**
241+
- Allows connections only to domains in `allowed_http_domains` / `allowed_https_domains`
242+
- Blocks all other connections
243+
- Logs allowed and blocked attempts
244+
241245
#### Tips
242246

243247
- Start with audit mode to discover required domains, then switch to restrict mode.

0 commit comments

Comments
 (0)