[gha] Add missing Docker build endpoint

[imnasnainaec]

Fixing (e.g.):

• https://github.com/sillsdev/TheCombine/actions/runs/26117168547/job/76809337441#step:5:47
• https://github.com/sillsdev/TheCombine/actions/runs/26119903294/job/76818811484#step:5:47

This change is 

Summary by CodeRabbit

• Chores
  • Updated build pipeline configuration to enhance security and reliability.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds the CloudFront endpoint production.cloudfront.docker.com:443 to the Harden Runner egress allowlist for the docker_build job in the frontend CI workflow, enabling Docker image pulls during the build process.

Changes

Docker build security policy

Layer / File(s)	Summary
Harden Runner egress policy update .github/workflows/frontend.yml	The allowed-endpoints list in the Harden Runner configuration for the docker_build job is expanded to allow outbound connections to production.cloudfront.docker.com:443 for Docker image pulls.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A CloudFront door, we now unlock,
Docker pulls faster, tick by tock,
One endpoint added, security's tight,
The build pipeline shines so bright!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title accurately describes the main change: adding a missing Docker build endpoint to the GitHub Actions workflow configuration.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch gha-frontend-build-endpoint

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/frontend.yml:
- Line 144: Remove the invalid allowlist entry
"production.cloudfront.docker.com:443" from the egress host list in the
workflow; it's a typo/misconfiguration—ensure the correct entry
"production.cloudflare.docker.com" remains and do not add the CloudFront variant
anywhere in the list.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 95c0ab32-bb95-40a9-9fb6-d07ac9dcb315

📥 Commits

Reviewing files that changed from the base of the PR and between faf925c and 829995d.

📒 Files selected for processing (1)

• .github/workflows/frontend.yml

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.93%. Comparing base (faf925c) to head (9107f05).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #4285   +/-   ##
=======================================
  Coverage   75.93%   75.93%           
=======================================
  Files         303      303           
  Lines       11352    11352           
  Branches     1404     1404           
=======================================
  Hits         8620     8620           
  Misses       2330     2330           
  Partials      402      402           

Flag	Coverage Δ
backend	87.21% <ø> (ø)
frontend	66.79% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jasonleenaylor]

@jasonleenaylor reviewed 2 files and all commit messages, and made 1 comment.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on imnasnainaec).