Add scanning of newest branch to scheduled action

ba-st · Apr 25, 2024 · ca90892 · ca90892
1 parent 97f8f2e
commit ca90892
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/.github/workflows/scheduled-security-scan.yml b/.github/workflows/scheduled-security-scan.yml
@@ -10,16 +10,19 @@ jobs:
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-    name: Scheduled scan for vulnerabilities
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - latest
+          - v10.1.0
+    name: Scheduled scan for vulnerabilities ${{ matrix.version }}
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'ghcr.io/ba-st/pharo-vm:latest'
+          image-ref: 'ghcr.io/ba-st/pharo-vm:${{ matrix.version }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'

diff --git a/source/Dockerfile b/source/Dockerfile
@@ -13,16 +13,16 @@ FROM debian:12-slim as vm
 LABEL maintainer="Buenos Aires Smalltalk <github@fast.org.ar>"
 WORKDIR /opt/pharo
 RUN set -eu; \
-  apt-get update; \
-  apt-get upgrade -y; \
-  apt-get install --assume-yes --no-install-recommends \
+  apt update; \
+  apt upgrade --assume-yes; \
+  apt install --assume-yes --no-install-recommends \
     ca-certificates \
     libcurl3-gnutls \
     ; \
-  apt-get clean; \
+  apt clean; \
   useradd --uid 7431 --gid 100 --home-dir /opt/pharo --no-create-home --no-user-group pharo; \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*; \
-  printf '#!/usr/bin/env bash\nexec /opt/pharo/vm/pharo --headless "$@"' > /opt/pharo/pharo-vm; \
+  printf '#!/usr/bin/env bash\nexec /opt/pharo/vm/pharo --headless "$@"\n' > /opt/pharo/pharo-vm; \
   ln -s /opt/pharo/pharo-vm /usr/local/bin/pharo-vm; \
   chmod a+x /usr/local/bin/pharo-vm; \
   chown 7431:100 /opt/pharo -R; \