From ca90892f1e73d891ceb50af0ca7d70ba1baa3c84 Mon Sep 17 00:00:00 2001
From: Gabriel Omar Cotelli <g.cotelli@gmail.com>
Date: Thu, 25 Apr 2024 13:49:10 -0300
Subject: [PATCH] Add scanning of newest branch to scheduled action

---
 .github/workflows/scheduled-security-scan.yml | 13 ++++++++-----
 source/Dockerfile                             | 10 +++++-----
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/scheduled-security-scan.yml b/.github/workflows/scheduled-security-scan.yml
index 1778173..ea9572f 100644
--- a/.github/workflows/scheduled-security-scan.yml
+++ b/.github/workflows/scheduled-security-scan.yml
@@ -10,16 +10,19 @@ jobs:
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-    name: Scheduled scan for vulnerabilities
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - latest
+          - v10.1.0
+    name: Scheduled scan for vulnerabilities ${{ matrix.version }}
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'ghcr.io/ba-st/pharo-vm:latest'
+          image-ref: 'ghcr.io/ba-st/pharo-vm:${{ matrix.version }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
diff --git a/source/Dockerfile b/source/Dockerfile
index 5dec8e8..0dcb9b2 100644
--- a/source/Dockerfile
+++ b/source/Dockerfile
@@ -13,16 +13,16 @@ FROM debian:12-slim as vm
 LABEL maintainer="Buenos Aires Smalltalk <github@fast.org.ar>"
 WORKDIR /opt/pharo
 RUN set -eu; \
-  apt-get update; \
-  apt-get upgrade -y; \
-  apt-get install --assume-yes --no-install-recommends \
+  apt update; \
+  apt upgrade --assume-yes; \
+  apt install --assume-yes --no-install-recommends \
     ca-certificates \
     libcurl3-gnutls \
     ; \
-  apt-get clean; \
+  apt clean; \
   useradd --uid 7431 --gid 100 --home-dir /opt/pharo --no-create-home --no-user-group pharo; \
   rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*; \
-  printf '#!/usr/bin/env bash\nexec /opt/pharo/vm/pharo --headless "$@"' > /opt/pharo/pharo-vm; \
+  printf '#!/usr/bin/env bash\nexec /opt/pharo/vm/pharo --headless "$@"\n' > /opt/pharo/pharo-vm; \
   ln -s /opt/pharo/pharo-vm /usr/local/bin/pharo-vm; \
   chmod a+x /usr/local/bin/pharo-vm; \
   chown 7431:100 /opt/pharo -R; \