terraform: add cron job for module scanning

Add a Cloud Scheduler job to do a module scan at 30 minutes past every
hour.

Change-Id: I19458905b821cbb6642099a7a40bdfd8c925b4fc
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/393842
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/terraform/environment/worker.tf b/terraform/environment/worker.tf
index 61fff13..711c860 100644
--- a/terraform/environment/worker.tf
+++ b/terraform/environment/worker.tf
@@ -184,3 +184,29 @@
   }
 }
 
+resource "google_cloud_scheduler_job" "scan_modules" {
+  name             = "vuln-${var.env}-scan-modules"
+  description      = "Scan selected modules for vulns."
+  schedule         = "30 * * * *" # every hour on the half hour
+  time_zone        = local.tz
+  project          = var.project
+  attempt_deadline = format("%ds", 30 * 60)
+
+  http_target {
+    http_method = "POST"
+    uri         = "${google_cloud_run_service.worker.status[0].url}/scan-modules"
+    oidc_token {
+      service_account_email = data.google_compute_default_service_account.default.email
+      audience              = var.oauth_client_id
+    }
+  }
+
+  retry_config {
+    max_backoff_duration = "3600s"
+    max_doublings        = 5
+    max_retry_duration   = "0s"
+    min_backoff_duration = "5s"
+    retry_count          = 0
+  }
+}
+