Compliance checks need to run daily. However, signing actions currently requires access to GPG private keys that only investigators have. Thus, compliance checks need to be launched daily by an investigator. MIG needs a way to launch recurring actions without requiring human interventions, and without compromising the security model. Recurring actions need to be derived from master actions that are signed by an investigator. Designed a secure and practical way to do so is the purpose of this bug.
:alm wrote a mig-runner client that automates the scheduling of recurring actions. We'll use that moving forward. https://github.com/mozilla/mig/pull/86