diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5e528866..9529164e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -3,12 +3,19 @@ name: C/C++ CI
 on:
   push:
   pull_request:
+  schedule:
+    - cron: '0 4 * * 5'  # Every Friday at 4am
+
+# Drop permissions to minimum for security
+permissions:
+  contents: read
 
 jobs:
   build:
 
     runs-on: ubuntu-22.04
     strategy:
+      fail-fast: false
       matrix:
         config:
         - {
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 7a6cee0b..a3cc32cb 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -19,6 +19,12 @@ name: Build on non-Ubuntu Linux using Docker
 on:
   push:
   pull_request:
+  schedule:
+    - cron: '0 4 * * 5'  # Every Friday at 4am
+
+# Drop permissions to minimum for security
+permissions:
+  contents: read
 
 jobs:
   build_docker:
@@ -26,7 +32,7 @@ jobs:
       fail-fast: false
       matrix:
         linux_distro:
-        - Alpine Linux 3.15  # with musl
+        - Alpine Linux 3.20  # with musl
         - CentOS 8.2         # with GCC 8.5.0
         - Debian Buster with GCC 9.2  # stock buster has GCC 8.3
         - Ubuntu 22.04       # because super popular
diff --git a/.github/workflows/polkit.yml b/.github/workflows/polkit.yml
index 379381e9..fa42b473 100644
--- a/.github/workflows/polkit.yml
+++ b/.github/workflows/polkit.yml
@@ -19,6 +19,12 @@ name: Check for Polkit policy parse errors
 on:
   push:
   pull_request:
+  schedule:
+    - cron: '0 4 * * 5'  # Every Friday at 4am
+
+# Drop permissions to minimum for security
+permissions:
+  contents: read
 
 jobs:
   polkit_policies:
diff --git a/scripts/docker/build_on_alpine_linux_3_15.Dockerfile b/scripts/docker/build_on_alpine_linux_3_20.Dockerfile
similarity index 98%
rename from scripts/docker/build_on_alpine_linux_3_15.Dockerfile
rename to scripts/docker/build_on_alpine_linux_3_20.Dockerfile
index 5b20958d..84b16e51 100644
--- a/scripts/docker/build_on_alpine_linux_3_15.Dockerfile
+++ b/scripts/docker/build_on_alpine_linux_3_20.Dockerfile
@@ -14,13 +14,14 @@
 ## You should have received a copy of the GNU General Public License
 ## along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-FROM alpine:3.15
+FROM alpine:3.20
 RUN echo '@edge-testing https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
         && \
     apk add --update \
             asciidoc \
             autoconf \
             automake \
+            bash \
             dbus-glib-dev \
             file \
             g++ \
diff --git a/src/Library/public/usbguard/RuleSet.cpp b/src/Library/public/usbguard/RuleSet.cpp
index b4bd953b..a7184013 100644
--- a/src/Library/public/usbguard/RuleSet.cpp
+++ b/src/Library/public/usbguard/RuleSet.cpp
@@ -224,12 +224,13 @@ namespace usbguard
   uint32_t RuleSet::assignID()
   {
     const auto next_id = _id_next + 1;
-    if (next_id >= Rule::LastID) [[unlikely]]
-        {
-            throw std::out_of_range("Rule ID too high");
-        }
+
+    if (next_id >= Rule::LastID) {
+      throw std::out_of_range("Rule ID too high");
+    }
+
     _id_next = next_id;
-    return next_id;
+    return next_id - 1;
   }
 
   void RuleSet::setWritable()