Merge pull request #14 from ba-st/issue_12

Update Pharo VM
ba-st · Apr 18, 2024 · 97f8f2e · 97f8f2e
2 parents d8c26e3 + 68ed601
commit 97f8f2e
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 11 deletions.
diff --git a/.github/workflows/scheduled-security-scan.yml b/.github/workflows/scheduled-security-scan.yml
@@ -0,0 +1,32 @@
+name: Scheduled vulnerabiltiy scanning
+
+on:
+  schedule:
+    - cron: '35 6 * * 2'
+  workflow_dispatch:
+
+jobs:
+  vulnerability-scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+    name: Scheduled scan for vulnerabilities
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'ghcr.io/ba-st/pharo-vm:latest'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+          limit-severities-for-sarif: true
+          ignore-unfixed: true
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -1,5 +1,4 @@
 name: Trivy vulnerability scan
-
 on:
   push:
     branches:
@@ -8,13 +7,7 @@ on:
     # The branches below must be a subset of the branches above
     branches:
     - release-candidate
-  schedule:
-    - cron: '35 6 * * 2'
   workflow_dispatch:
-
-permissions:
-  contents: read
-
 jobs:
   vulnerability-scan:
     permissions:

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022-2023 Buenos Aires Smalltalk
+Copyright (c) 2022-2024 Buenos Aires Smalltalk
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/docs/README.md b/docs/README.md
@@ -1,7 +1,7 @@
 # Docker image for Pharo VM Documentation
 
-Docker image for running a headless [Pharo VM](https://github.com/pharo-project/opensmalltalk-vm)
-on top of Debian 11.
+Docker image for running a headless [Pharo VM](https://github.com/pharo-project/pharo-vm)
+on top of Debian 12 slim.
 
 ---
 

diff --git a/source/Dockerfile b/source/Dockerfile
@@ -2,7 +2,7 @@
 FROM alpine:3.12 as download-vm
 RUN apk add unzip
 WORKDIR /tmp/pharo-vm
-ADD https://files.pharo.org/vm/pharo-spur64-headless/Linux-x86_64/PharoVM-10.0.8-b323c5f-Linux-x86_64-bin.zip ./PharoVM.zip
+ADD https://files.pharo.org/vm/pharo-spur64-headless/Linux-x86_64/PharoVM-10.1.0-a290a40-Linux-x86_64-bin.zip ./PharoVM.zip
 RUN set -eu; \
   unzip PharoVM.zip; \
   rm PharoVM.zip; \