ci(security): rename to nightly-security.yml and run daily#129
Conversation
There was a problem hiding this comment.
Thanks — the rename + daily cron switch and the AGENTS.md updates are consistent and correct (0 2 * * * = daily 02:00 UTC, name "Nightly" matches the cadence).
One blocking issue: the ## [Unreleased] section of CHANGELOG.md (lines 82–84) still documents the reverse of this change — it records renaming nightly-security.yml → weekly-security.yml with a weekly cron. Since that entry is in the same unreleased cycle this PR reverses, the unreleased changelog now describes a file/cadence that no longer exists. Please update it so the notes match reality (per AGENTS.md, CHANGELOG.md must stay current).
Nit (pre-existing, non-blocking): in the AGENTS.md file tree the # Scheduled daily secret scan comment isn't column-aligned with the neighbouring entries — same single-space gap the old weekly-security.yml line had, so not introduced here.
ansible.container is public, so GitHub Actions minutes are free. Rename weekly-security.yml -> nightly-security.yml, set name 'Nightly Security Scan' and a daily cron 0 2 * * *. Per the repo-standard visibility rule (public=daily, private=weekly). Signed-off-by: Simon Bärlocher <s.baerlocher@sbaerlocher.ch>
The Unreleased entry still described the reverse change (rename to weekly-security.yml). Update it to the final state: nightly-security.yml on a daily cron, per the public-repo visibility rule. Signed-off-by: Simon Bärlocher <s.baerlocher@sbaerlocher.ch>
06bea3d to
8c4878a
Compare
Summary
Renames
weekly-security.yml→nightly-security.yml("Nightly Security Scan") and switches to a daily cron0 2 * * *.Why
Per the arillso/sbaerlocher repo-standard visibility rule: public repos get free GitHub Actions minutes → security scan runs daily; private repos run it weekly to save paid minutes.
ansible.containeris public → daily. (Standard note updated 2026-06-27.)Test plan