[StepSecurity] Apply security best practices #29

	name: C/C++ CI

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]

	permissions:
	contents: read


	defaults:
	run:
	shell: bash

	jobs:
	ubuntu-build:
	name: Ubuntu Build
	runs-on: ubuntu-latest

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
	with:
	egress-policy: audit

	- name: Checkout repository
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

	- name: Setup Python with Meson
	uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
	with:
	python-version: '>=3.10.12'
	check-latest: true
	cache: 'pip'
	- run: pip install -r requirements.txt

	- name: Get libmozjs
	run: \|
	sudo apt-get install -y libmozjs-102-dev

	- name: Meson build
	run: \|
	meson build && ninja -C build

Provide feedback