Make CI audit security advisories daily instead of in each PR (#2425)

0HyperCube · web-flow · commit 86e6923a7c28 · 2025-04-06T07:33:12.000Z
* Only run cargo deny on the main branch

* Run cargo-deny once per day instead of per-commit

* Still check licenses in the build-ci
diff --git a/.github/workflows/build-dev-and-ci.yml b/.github/workflows/build-dev-and-ci.yml
@@ -108,17 +108,6 @@ jobs:
       - name: 📥 Clone and checkout repository
         uses: actions/checkout@v3
 
-      - name: 🔒 Check crate security advisories for root workspace
-        uses: EmbarkStudios/cargo-deny-action@v2
-        with:
-          command: check advisories
-
-      - name: 🔒 Check crate security advisories for /libraries/rawkit
-        uses: EmbarkStudios/cargo-deny-action@v2
-        with:
-          command: check advisories
-          manifest-path: libraries/rawkit/Cargo.toml
-
       - name: 📜 Check crate license compatibility for root workspace
         uses: EmbarkStudios/cargo-deny-action@v2
         with:
diff --git a/.github/workflows/cargo-deny.yml b/.github/workflows/cargo-deny.yml
@@ -0,0 +1,25 @@
+name: "Audit Security Advisories"
+
+on:
+  # Run once each day
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  cargo-deny:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 📥 Clone and checkout repository
+        uses: actions/checkout@v3
+
+      - name: 🔒 Check crate security advisories for root workspace
+        uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check advisories
+
+      - name: 🔒 Check crate security advisories for /libraries/rawkit
+        uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check advisories
+          manifest-path: libraries/rawkit/Cargo.toml
