Skip to content

ci(security): rename to nightly-security.yml and run daily#129

Merged
sbaerlocher merged 2 commits into
mainfrom
ci/security-scan-daily
Jun 26, 2026
Merged

ci(security): rename to nightly-security.yml and run daily#129
sbaerlocher merged 2 commits into
mainfrom
ci/security-scan-daily

Conversation

@sbaerlocher

Copy link
Copy Markdown
Member

Summary

Renames weekly-security.ymlnightly-security.yml ("Nightly Security Scan") and switches to a daily cron 0 2 * * *.

Why

Per the arillso/sbaerlocher repo-standard visibility rule: public repos get free GitHub Actions minutes → security scan runs daily; private repos run it weekly to save paid minutes. ansible.container is public → daily. (Standard note updated 2026-06-27.)

Test plan

  • CI green

Comment thread .github/workflows/nightly-security.yml

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks — the rename + daily cron switch and the AGENTS.md updates are consistent and correct (0 2 * * * = daily 02:00 UTC, name "Nightly" matches the cadence).

One blocking issue: the ## [Unreleased] section of CHANGELOG.md (lines 82–84) still documents the reverse of this change — it records renaming nightly-security.ymlweekly-security.yml with a weekly cron. Since that entry is in the same unreleased cycle this PR reverses, the unreleased changelog now describes a file/cadence that no longer exists. Please update it so the notes match reality (per AGENTS.md, CHANGELOG.md must stay current).

Nit (pre-existing, non-blocking): in the AGENTS.md file tree the # Scheduled daily secret scan comment isn't column-aligned with the neighbouring entries — same single-space gap the old weekly-security.yml line had, so not introduced here.

ansible.container is public, so GitHub Actions minutes are free. Rename
weekly-security.yml -> nightly-security.yml, set name 'Nightly Security
Scan' and a daily cron 0 2 * * *. Per the repo-standard visibility rule
(public=daily, private=weekly).

Signed-off-by: Simon Bärlocher <s.baerlocher@sbaerlocher.ch>
The Unreleased entry still described the reverse change (rename to
weekly-security.yml). Update it to the final state: nightly-security.yml
on a daily cron, per the public-repo visibility rule.

Signed-off-by: Simon Bärlocher <s.baerlocher@sbaerlocher.ch>
@sbaerlocher sbaerlocher force-pushed the ci/security-scan-daily branch from 06bea3d to 8c4878a Compare June 26, 2026 23:01

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All raised issues have been addressed. The CHANGELOG entry now accurately reflects the nightly security scan cadence, and the docker_compose_v2 version bump (5.1.4 → 5.2.0) is consistent across defaults and argument_specs.

@sbaerlocher sbaerlocher merged commit b8f907b into main Jun 26, 2026
32 checks passed
@sbaerlocher sbaerlocher deleted the ci/security-scan-daily branch June 26, 2026 23:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant