From ef8e334df025f0178350b0f7326f42554626d0da Mon Sep 17 00:00:00 2001
From: Winni Neessen <winfried.neessen@cleverbridge.com>
Date: Sun, 17 Mar 2024 20:16:27 +0100
Subject: [PATCH 1/2] Add read permissions to GitHub workflows

The reuse and docker-publish workflow scripts in GitHub Actions have been updated. Now these scripts have permission to read contents. This will ensure secure access and controlled operations on repositories.
---
 .github/workflows/docker-publish.yml | 3 +++
 .github/workflows/reuse.yml          | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 5816721..d0b406b 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -19,6 +19,9 @@ on:
   pull_request:
     branches: [ main ]
 
+permissions:
+  contents: read
+
 env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml
index 0c3715b..6b2742a 100644
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -3,6 +3,8 @@
 # SPDX-License-Identifier: CC0-1.0
 
 name: REUSE Compliance Check
+permissions:
+  contents: read
 
 on: [push, pull_request]
 

From b289d440dacfffbf46037dccc5c171fc04d788d9 Mon Sep 17 00:00:00 2001
From: Winni Neessen <winfried.neessen@cleverbridge.com>
Date: Sun, 17 Mar 2024 20:23:29 +0100
Subject: [PATCH 2/2] Update Go build command in GitHub workflow

The GitHub workflow script has been updated to use a different command for building the Go application. This will ensure that the application is built with necessary parameters for correct operation and proper linking of static libraries.
---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 93d5540..315746c 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -83,7 +83,7 @@ jobs:
 
     - run: |
         echo "Build Application using Go"
-        /usr/bin/env GOTOOLCHAIN=go1.22.1+auto go build -ldflags '-s -w' -o apg github.com/wneessen/apg-go/cmd/apg
+        /usr/bin/env GOTOOLCHAIN=go1.22.1+auto go build -a -installsuffix cgo -ldflags '-w -s -extldflags "-static"' -o apg github.com/wneessen/apg-go/cmd/apg
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3