From 8cba74caf11834351e8532288008e206b187c85f Mon Sep 17 00:00:00 2001
From: Amar Yasser <amaryasser.dev@gmail.com>
Date: Thu, 22 Jan 2026 04:42:13 +0200
Subject: [PATCH 1/7] Add CodeQL workflow for vulnerability scanning

---
 .github/workflows/codeql.yml | 46 ++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..9632f6d
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,46 @@
+name: codeql
+
+on:
+  push: 
+    branches: 
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: '0 0 * * 0'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  analyze:
+    name: Analyze Go
+    runs-on: ubuntu-latest
+    permissions:
+      contents:  read
+      security-events: write
+    steps:
+      - name: checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 
+
+      - name: setup go
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+        with:
+          go-version-file: "go.mod"
+
+      - name: initialize codeql
+        uses: github/codeql-action/init@v3
+        with:
+          languages: go
+
+      - name:  autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: perform codeql analysis
+        uses: github/codeql-action/analyze@v3
+        with: 
+          category:  "/language:go"
\ No newline at end of file

From 5636c37c24aa26ffd71bf54bc45709e477f59645 Mon Sep 17 00:00:00 2001
From: Amar Yasser <amaryasser.dev@gmail.com>
Date: Thu, 22 Jan 2026 07:05:37 +0200
Subject: [PATCH 2/7] Apply requested review changes to CodeQL workflow

---
 .github/workflows/codeql.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 9632f6d..8e317da 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -18,29 +18,29 @@ permissions: {}
 
 jobs:
   analyze:
-    name: Analyze Go
+    name: analyze
     runs-on: ubuntu-latest
     permissions:
       contents:  read
       security-events: write
     steps:
       - name: checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 
 
       - name: setup go
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
         with:
           go-version-file: "go.mod"
 
       - name: initialize codeql
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@7434149006143a4d75b82a2f411ef15b03ccc2d7 #v4.31.10
         with:
           languages: go
 
-      - name:  autobuild
-        uses: github/codeql-action/autobuild@v3
+      - name: autobuild
+        uses: github/codeql-action/autobuild@7434149006143a4d75b82a2f411ef15b03ccc2d7 #v4.31.10
 
       - name: perform codeql analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@74c8748a6f2dada2c01b25ae170d7858ac90f4af #v4.31.10
         with: 
           category:  "/language:go"
\ No newline at end of file

From 011241bf8a00d113130495afea3ca5a368de84f9 Mon Sep 17 00:00:00 2001
From: Amar Yasser <amaryasser.dev@gmail.com>
Date: Thu, 22 Jan 2026 07:20:47 +0200
Subject: [PATCH 3/7] Address final review comments

---
 .github/workflows/codeql.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 8e317da..337f640 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -25,7 +25,9 @@ jobs:
       security-events: write
     steps:
       - name: checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 2
 
       - name: setup go
         uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0

From ca0b2b38bec40327dff92e7c45e046e7f4b7db7f Mon Sep 17 00:00:00 2001
From: Amar Yasser <amaryasser.dev@gmail.com>
Date: Thu, 22 Jan 2026 07:22:47 +0200
Subject: [PATCH 4/7] Added new line

---
 .github/workflows/codeql.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 337f640..2919a20 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,4 +45,5 @@ jobs:
       - name: perform codeql analysis
         uses: github/codeql-action/analyze@74c8748a6f2dada2c01b25ae170d7858ac90f4af #v4.31.10
         with: 
-          category:  "/language:go"
\ No newline at end of file
+          category:  "/language:go"
+          
\ No newline at end of file

From da54f545e110a4e80c6ebbab0a4ea16f4b5e1043 Mon Sep 17 00:00:00 2001
From: thelovekesh <ops.lovekesh@gmail.com>
Date: Thu, 22 Jan 2026 10:58:47 +0530
Subject: [PATCH 5/7] Fix analyze action sha

---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2919a20..bd7a649 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -43,7 +43,7 @@ jobs:
         uses: github/codeql-action/autobuild@7434149006143a4d75b82a2f411ef15b03ccc2d7 #v4.31.10
 
       - name: perform codeql analysis
-        uses: github/codeql-action/analyze@74c8748a6f2dada2c01b25ae170d7858ac90f4af #v4.31.10
+        uses: github/codeql-action/analyze@7434149006143a4d75b82a2f411ef15b03ccc2d7 #v4.31.10
         with: 
           category:  "/language:go"
           
\ No newline at end of file

From 35f68c27b2c6ace0a5f3908d9a709a34b1e1539b Mon Sep 17 00:00:00 2001
From: thelovekesh <ops.lovekesh@gmail.com>
Date: Thu, 22 Jan 2026 11:02:30 +0530
Subject: [PATCH 6/7] Remove spaces from empty line at EOF

---
 .github/workflows/codeql.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index bd7a649..44c5df8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,5 +45,4 @@ jobs:
       - name: perform codeql analysis
         uses: github/codeql-action/analyze@7434149006143a4d75b82a2f411ef15b03ccc2d7 #v4.31.10
         with: 
-          category:  "/language:go"
-          
\ No newline at end of file
+          category:  "/language:go"
\ No newline at end of file

From bb93bdfe9aa6fbc4aa2604321aafae6223e2161a Mon Sep 17 00:00:00 2001
From: thelovekesh <ops.lovekesh@gmail.com>
Date: Thu, 22 Jan 2026 11:03:13 +0530
Subject: [PATCH 7/7] Add empty line at EOF

---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 44c5df8..2434116 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,4 +45,4 @@ jobs:
       - name: perform codeql analysis
         uses: github/codeql-action/analyze@7434149006143a4d75b82a2f411ef15b03ccc2d7 #v4.31.10
         with: 
-          category:  "/language:go"
\ No newline at end of file
+          category:  "/language:go"