From 56e34ab5a6b70de4351ff9934fc3225451b4277e Mon Sep 17 00:00:00 2001
From: XhmikosR <xhmikosr@gmail.com>
Date: Sun, 13 Nov 2022 07:53:25 +0200
Subject: [PATCH 1/3] Update CodeQL workflow

---
 .github/workflows/codeql-analysis.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index ff08840e3..e3d93cade 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -6,7 +6,6 @@ on:
       - master
       - "!dependabot/**"
   pull_request:
-    # The branches below must be a subset of the branches above
     branches:
       - master
       - "!dependabot/**"
@@ -31,6 +30,12 @@ jobs:
         uses: github/codeql-action/init@v2
         with:
           languages: "python"
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:python"

From 5b8e0707fe5a247ff925b965f40bfa94bdb8365e Mon Sep 17 00:00:00 2001
From: XhmikosR <xhmikosr@gmail.com>
Date: Sun, 13 Nov 2022 08:00:34 +0200
Subject: [PATCH 2/3] CI: remove git credentials after checkout

---
 .github/workflows/ci.yml              | 2 ++
 .github/workflows/codeql-analysis.yml | 4 +++-
 .github/workflows/container.yml       | 8 +++++++-
 .github/workflows/depsreview.yaml     | 5 ++++-
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 010e2133f..6bcb9238f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,6 +29,8 @@ jobs:
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Python
         uses: actions/setup-python@v4
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e3d93cade..b1f87b84a 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -23,8 +23,10 @@ jobs:
       security-events: write
 
     steps:
-      - name: Checkout repository
+      - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 7a68a7385..9857f0a5d 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -19,21 +19,27 @@ jobs:
       contents: read
       packages: write
     steps:
-      - name: Checkout
+      - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+
       - name: Log in to the Container registry
         uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Extract metadata (tags, labels)
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
       - name: Build and push container image
         uses: docker/build-push-action@v3
         with:
diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml
index a25de591b..5a9469932 100644
--- a/.github/workflows/depsreview.yaml
+++ b/.github/workflows/depsreview.yaml
@@ -8,7 +8,10 @@ jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout Repository'
+      - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v2

From f9a8908b247c3342f3e82565ff92187c8b878dba Mon Sep 17 00:00:00 2001
From: XhmikosR <xhmikosr@gmail.com>
Date: Sun, 13 Nov 2022 08:06:30 +0200
Subject: [PATCH 3/3] CI: add Python 3.11

---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6bcb9238f..f2f7f6210 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,6 +21,7 @@ jobs:
           - '3.8'
           - '3.9'
           - '3.10'
+          - '3.11'
         os:
           - ubuntu-latest
           - macos-latest