From ba7b22e54819b8ef55eef9313f9847d74febc89c Mon Sep 17 00:00:00 2001
From: Jacob Alzen <jacob.alzen@gmail.com>
Date: Sun, 31 Oct 2021 15:11:53 +0100
Subject: [PATCH 1/3] Update staticcheck to latest

Not really anything that we directly need at the moment, but it certainly doesn't hurt.
---
 .github/workflows/static_analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
index 7bfc11e54d..01df547b85 100644
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -16,7 +16,7 @@ jobs:
         go install golang.org/x/tools/cmd/goimports@latest
         go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
         go install golang.org/x/lint/golint@latest
-        go install honnef.co/go/tools/cmd/staticcheck@v0.2.0
+        go install honnef.co/go/tools/cmd/staticcheck@v0.2.1
 
     - name: Cleanup repository
       run: rm -rf vendor/

From 9b703bfb36e5ae321c47c6136e825bab43395ef0 Mon Sep 17 00:00:00 2001
From: Jacob Alzen <jacob.alzen@gmail.com>
Date: Sun, 31 Oct 2021 15:17:18 +0100
Subject: [PATCH 2/3] Harden the ci infrastructure for better security

Following some of the advice given in https://github.com/briansmith/untrusted/issues/50.
---
 .github/workflows/mobile_tests.yml    | 4 ++++
 .github/workflows/platform_tests.yml  | 4 ++++
 .github/workflows/static_analysis.yml | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/.github/workflows/mobile_tests.yml b/.github/workflows/mobile_tests.yml
index 017547d8c0..356d826308 100644
--- a/.github/workflows/mobile_tests.yml
+++ b/.github/workflows/mobile_tests.yml
@@ -1,5 +1,7 @@
 name: Mobile Tests
 on: [push, pull_request]
+permissions:
+  contents: read
 
 jobs:
   mobile_tests:
@@ -11,6 +13,8 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
+      with:
+        persist-credentials: false
     - uses: WillAbides/setup-go-faster@v1.6.0
       with:
         go-version: ${{ matrix.go-version }}
diff --git a/.github/workflows/platform_tests.yml b/.github/workflows/platform_tests.yml
index a25fb1cf75..09a004e53e 100644
--- a/.github/workflows/platform_tests.yml
+++ b/.github/workflows/platform_tests.yml
@@ -1,5 +1,7 @@
 name: Platform Tests
 on: [push, pull_request]
+permissions:
+  contents: read
 
 jobs:
   platform_tests:
@@ -12,6 +14,8 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
+      with:
+        persist-credentials: false
     - uses: WillAbides/setup-go-faster@v1.5.0
       id: setup-go-faster
       with:
diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
index 01df547b85..703bd8ae70 100644
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -1,11 +1,15 @@
 name: Static Analysis
 on: [push, pull_request]
+permissions:
+  contents: read
 
 jobs:
   checks:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
+      with:
+        persist-credentials: false
     - uses: WillAbides/setup-go-faster@v1.6.0
       with:
         go-version: '1.17.x'

From de7b91f6911167feb5a9d90bca8f54af519d97d5 Mon Sep 17 00:00:00 2001
From: Jacob Alzen <jacob.alzen@gmail.com>
Date: Sun, 31 Oct 2021 15:58:56 +0100
Subject: [PATCH 3/3] Don't fail fast on static analysis

---
 .github/workflows/static_analysis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml
index 703bd8ae70..2a4313b0ba 100644
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -6,6 +6,9 @@ permissions:
 jobs:
   checks:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
     steps:
     - uses: actions/checkout@v2
       with: