Skip to content

ci(security): run security scan daily on this public repo#517

Merged
sbaerlocher merged 1 commit into
mainfrom
refactor/align-workflow-naming
Jun 26, 2026
Merged

ci(security): run security scan daily on this public repo#517
sbaerlocher merged 1 commit into
mainfrom
refactor/align-workflow-naming

Conversation

@sbaerlocher

@sbaerlocher sbaerlocher commented Jun 26, 2026

Copy link
Copy Markdown
Member

Summary

Renames weekly-security.ymlnightly-security.yml ("Nightly Security Scan") and switches the schedule to a daily cron 0 2 * * *. Adds the standard concurrency block. Updates the merge.yml reusable reference.

Why

Per the arillso/sbaerlocher repo standard (visibility-based cadence rule): public repos get free GitHub Actions minutes, so the security scan runs daily; private repos run it weekly to save paid minutes. docker.ansible is public → daily.

Test plan

  • CI green

Comment thread .github/workflows/nightly-security.yml Outdated
claude[bot]
claude Bot previously approved these changes Jun 26, 2026

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean, well-scoped CI refactor. Verified:

  • git mv rename of weekly-security.ymlnightly-security.yml with scan logic unchanged
  • merge.yml reusable reference updated to the new filename; no dangling references to the old name remain anywhere in the repo
  • workflow_call interface (inputs.upload-sarif) preserved, so the merge.yml security gate still resolves
  • concurrency block is valid and correctly uses cancel-in-progress: false (right choice for a security scan you don't want interrupted)

One non-blocking nit (inline): the workflow is now named Nightly Security Scan but the cron 0 2 * * 1 runs weekly on Mondays, not nightly. The PR description pre-justifies this as matching the arillso standard, so it's optional — but the 'nightly' name + weekly schedule is a real source of confusion worth tightening (either change the cron or keep the comment explicit about the weekly cadence).

No blocking issues found.

@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Ansible Container Tests Summary — ✅ SUCCESS

Item Status
Lint
Build
Structure Tests
Security Tests
Performance Tests
Integration Tests
Unit Tests
Upgrade Tests

Statistical Summary

  • Total items: 8
  • Passed: 8 ✅
  • Failed: 0 ❌

Environment Information

  • Run Date: Fri Jun 26 22:32:22 UTC 2026
  • GitHub Run ID: 28268742189
  • Ansible Version: 2.21.1

@sbaerlocher sbaerlocher force-pushed the refactor/align-workflow-naming branch from d82c119 to 076c663 Compare June 26, 2026 22:09
@sbaerlocher sbaerlocher changed the title refactor(ci): align security workflow naming with arillso standard ci(security): add concurrency block to weekly security scan Jun 26, 2026

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The follow-up commit only adds a concurrency block to weekly-security.yml (looks good). The previously flagged issue in nightly-security.yml — the workflow is named Nightly Security Scan but the cron is 0 2 * * 1 (weekly on Mondays) — was not addressed.

@sbaerlocher sbaerlocher changed the title ci(security): add concurrency block to weekly security scan ci(security): run security scan daily on this public repo Jun 26, 2026
@sbaerlocher sbaerlocher force-pushed the refactor/align-workflow-naming branch from 076c663 to cacf094 Compare June 26, 2026 22:16

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All raised issues have been addressed. The cron is now truly nightly (0 2 * * *) matching the Nightly Security Scan name, the file has been renamed to nightly-security.yml, merge.yml updated accordingly, and a concurrency group added to prevent overlapping runs. No new issues in the delta.

Public repos get free GitHub Actions minutes, so the security scan
runs daily. Rename weekly-security.yml -> nightly-security.yml, set
name 'Nightly Security Scan', cron '0 2 * * *', and add the standard
concurrency block. Update the merge.yml reusable reference.

Signed-off-by: Simon Bärlocher <s.baerlocher@sbaerlocher.ch>
@sbaerlocher sbaerlocher force-pushed the refactor/align-workflow-naming branch from cacf094 to 3b22019 Compare June 26, 2026 22:26

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All raised issues have been addressed.

@sbaerlocher sbaerlocher merged commit 9f94134 into main Jun 26, 2026
17 checks passed
@sbaerlocher sbaerlocher deleted the refactor/align-workflow-naming branch June 26, 2026 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant