chore(stepsecurity): apply security best practices #309

	name: Coverage
	on:
	pull_request:
	push:
	branches: [master]

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	run_coverage:
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
	with:
	egress-policy: audit

	- name: Check out repository code
	uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
	with:
	submodules: 'recursive'

	- name: Setup environment
	uses: ./.github/actions/setup

	- name: Run Test Coverage
	run: yarn coverage

Provide feedback