From 86e6923a7c2882340e0d174ff0aec2e97b4f01cb Mon Sep 17 00:00:00 2001
From: James Lindsay <78500760+0HyperCube@users.noreply.github.com>
Date: Sun, 6 Apr 2025 08:33:12 +0100
Subject: [PATCH] Make CI audit security advisories daily instead of in each PR
 (#2425)

* Only run cargo deny on the main branch

* Run cargo-deny once per day instead of per-commit

* Still check licenses in the build-ci
---
 .github/workflows/build-dev-and-ci.yml | 11 -----------
 .github/workflows/cargo-deny.yml       | 25 +++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 11 deletions(-)
 create mode 100644 .github/workflows/cargo-deny.yml

diff --git a/.github/workflows/build-dev-and-ci.yml b/.github/workflows/build-dev-and-ci.yml
index f147745a..f63ebe5e 100644
--- a/.github/workflows/build-dev-and-ci.yml
+++ b/.github/workflows/build-dev-and-ci.yml
@@ -108,17 +108,6 @@ jobs:
       - name: 📥 Clone and checkout repository
         uses: actions/checkout@v3
 
-      - name: 🔒 Check crate security advisories for root workspace
-        uses: EmbarkStudios/cargo-deny-action@v2
-        with:
-          command: check advisories
-
-      - name: 🔒 Check crate security advisories for /libraries/rawkit
-        uses: EmbarkStudios/cargo-deny-action@v2
-        with:
-          command: check advisories
-          manifest-path: libraries/rawkit/Cargo.toml
-
       - name: 📜 Check crate license compatibility for root workspace
         uses: EmbarkStudios/cargo-deny-action@v2
         with:
diff --git a/.github/workflows/cargo-deny.yml b/.github/workflows/cargo-deny.yml
new file mode 100644
index 00000000..47712103
--- /dev/null
+++ b/.github/workflows/cargo-deny.yml
@@ -0,0 +1,25 @@
+name: "Audit Security Advisories"
+
+on:
+  # Run once each day
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  cargo-deny:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 📥 Clone and checkout repository
+        uses: actions/checkout@v3
+
+      - name: 🔒 Check crate security advisories for root workspace
+        uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check advisories
+
+      - name: 🔒 Check crate security advisories for /libraries/rawkit
+        uses: EmbarkStudios/cargo-deny-action@v2
+        with:
+          command: check advisories
+          manifest-path: libraries/rawkit/Cargo.toml