The Year in Review 2024

December 31, 2024

It's been another busy year - I wrote a handful of blog posts on some long-researched automation topics, continued development of many old projects, started over a dozen new projects including my first Cloudflare Worker, and shipped over 450 software releases. This post reviews it all.

Blog posts #

This was year two of the return of this blog. As with year one, I had lofty goals for how much writing I would do that did not quite work out. This year I did, however, meet my primary goal - getting several big posts out on alternative automation and analysis techniques, which had significant background research and testing, including:

GitLab CI Pipeline for Go Projects
GitLab Code Quality Duplication Analysis With PMD CPD
Notifications for New Eleventy Posts in GitLab (Part 1, Part 2)
A Better GitLab Code Quality - Part 1 - Goodbye CodeClimate (Part 2 really is coming)

Software projects #

Most of the 2024 involved development work on a variety of project, including my own open source projects, contributions to other open source projects, and starting a new fork of pa11y and pa11y-ci.

The uncertain future of Pa11y and Pa11y CI #

I was anticipating the release of pa11y@7.0.0 and pa11y-ci@4.0.0 in 2024. A lot of work had gone into various updates, primarily focused on updating from deprecated to supported dependencies, and those updates were ready to release. This year started with a resurgence of maintainers' support for the pa11y projects, including the release of pa11y@7.0.0 and pa11y@8.0.0. Unfortunately, after that things fizzled out again, and there was never an official pa11y-ci@4.0.0. That's not a criticism of the pa11y team - priorities can always change on any open source project, and it's only because of the work of the core team that the project is so useful that others want to contribute and want it to live on.

My focus, however, is pa11y-ci, so the lack of an official pa11y-ci@4.0.0 release with a supported version of puppeteer finally crossed my pain threshold. So, in September I forked pa11y into @aarongoldenthal/pa11y and pa11y-ci into @aarongoldenthal/pa11y-ci. These forks have been focused on security patches as a short-term fix until the future of pa11y and pa11y-ci was better understood. This led to 14 releases of @aarongoldenthal/pa11y, now up to v8.4.4, and 13 releases @aarongoldenthal/pa11y-ci, starting with a new major release and now up to v4.3.4. In addition, the gitlab-pa11y-ci container image was updated to use these forks.

Even with these forks, it has become clear that the backlog of unresolved vulnerabilities, bug fixes, and usability enhancements is not only ever-increasing, but they also require more significant changes that really deserve a dedicated fork, maybe with a new name and new branding, but definitely with sufficient resources and community support. That saga needs to be resolved on way or another in 2025.

My open source software projects #

I continued to maintain a long list of open source projects. In 2024 I started 11 new projects, and between those projects and my other existing projects I shipped 426 releases (72 major, 118 minor, 229 patch, 7 zero), and that's excluding the 27 releases from the pa11y/pa11y-ci forks noted previously. Even though many of those were security patches or dependency updates, there was also extensive new development, and some new projects. Given those 453 releases were in my free time should reinforce to people that continuous delivery practices and extensive automation are a worthwhile investment and really do improve productivity and the ability to confidently release software.

Full list of 2024 new projects

Project	Description
Container Images / Cloc	An Alpine-based container image to run cloc to count lines of code.
Container Images / Image Tools	A collection of tools and scripts for working with container images.
Container Images / Puppeteer	Docker Puppeteer is a container image with the recommended configuration for using Puppeteer to drive a headless Chrome browser.
Container Images / Vale	A container image to run Vale to lint prose, with pre-installed rule packages and a custom GitLab Code Quality report.
Tests / Container Test	A container project to test CI jobs.
Tests / Go Test	A Go project to test CI jobs.
Tests / Node CJS Test	A Node.js CJS project to test CI jobs.
Tests / Node ESM Test	A Node.js ESM project to test CI jobs.
GitLab Webhook Renovate Proxy	A Cloudflare Worker to intercept GitLab webhooks and only forward events that should trigger execution of a Renovate pipeline.
Renovate Config	A collection of reusable Renovate config presets.
Vale Rules for GitLab CI Utils	A Vale package with custom rules and vocabulary for GitLab CI Utils projects.

Full list of 2024 software releases

Project	Releases
Container Images / Cloc	8 (1.3.0, 1.2.2, 1.2.1, 1.2.0, 1.1.2, 1.1.1, 1.1.0, 1.0.0)
Container Images / Go Test	19 (2.5.6, 2.5.5, 2.5.4, 2.5.3, 2.5.2, 2.5.1, 2.5.0, 2.4.3, 2.4.2, 2.4.1, 2.4.0, 2.3.2, 2.3.1, 2.3.0, 2.2.1, 2.2.0, 2.1.1, 2.1.0, 2.0.1)
Container Images / Image Tools	6 (1.2.1, 1.2.0, 1.1.1, 1.1.0, 1.0.1, 1.0.0)
Container Images / Puppeteer	6 (14.0.0, 13.2.0, 13.1.2, 13.1.1, 13.1.0, 13.0.0)
Container Images / Syft	7 (1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.1)
Container Images / Vale	49 (3.3.1, 3.3.0, 3.2.1, 3.2.0, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 2.3.3, 2.3.2, 2.3.1, 2.3.0, 2.2.1, 2.2.0, 2.1.1, 2.1.0, 2.0.1, 2.0.0, 1.13.1, 1.13.0, 1.12.0, 1.11.1, 1.11.0, 1.10.0, 1.9.1, 1.9.0, 1.8.0, 1.7.0, 1.6.0, 1.5.1, 1.5.0, 1.4.2, 1.4.1, 1.4.0, 1.3.3, 1.3.2, 1.3.1, 1.3.0, 1.2.0, 1.1.0, 1.0.7, 1.0.6, 1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0, 0.5.0)
Node / StyleLint Config Standard	5 (19.0.0, 18.0.1, 18.0.0, 17.0.1, 17.0.0)
References / GitLab Group Project Summary	5 (1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0)
Tests / Container Test	5 (1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0)
Tests / Go Test	2 (1.0.1, 1.0.0)
Tests / Node CJS Test	4 (2.0.0, 1.1.0, 1.0.1, 1.0.0)
Tests / Node ESM Test	1 (1.0.0)
Bin Tester	1 (6.0.0)
CI Logger	1 (7.0.0)
Config Files	12 (11.1.0, 11.0.0, 10.6.0, 10.5.0, 10.4.0, 10.3.0, 10.2.0, 10.1.1, 10.1.0, 10.0.2, 10.0.1, 10.0.0)
Docker Dependency Check	20 (4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.0.9, 3.0.8, 3.0.7, 3.0.6, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 2.2.1, 2.2.0, 2.1.0, 2.0.7, 2.0.6, 2.0.5)
Docker PowerShell Scripts	4 (5.3.0, 5.2.0, 5.1.0, 5.0.0)
Docker Puppeteer	4 (13.0.0, 12.0.0, 11.1.0, 11.0.1)
Docker Sokrates	6 (3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 2.1.2)
Docker curl jq	8 (3.1.0, 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 2.1.0)
ESLint Config Standard	14 (33.0.2, 33.0.1, 33.0.0, 32.0.0, 31.1.0, 31.0.1, 31.0.0, 30.0.0, 29.0.0, 28.0.0, 27.0.1, 27.0.0, 26.0.1, 26.0.0)
GitLab CI Env	4 (10.1.0, 10.0.0, 9.3.0, 9.2.0)
GitLab CI Templates	36 (37.3.1, 37.3.0, 37.2.0, 37.1.0, 37.0.0, 36.0.1, 36.0.0, 35.1.0, 35.0.0, 34.0.0, 33.8.0, 33.7.0, 33.6.0, 33.5.0, 33.4.0, 33.3.0, 33.2.0, 33.1.0, 33.0.0, 32.0.0, 31.1.0, 31.0.0, 30.0.0, 29.6.0, 29.5.0, 29.4.0, 29.3.0, 29.2.0, 29.1.0, 29.0.0, 28.1.0, 28.0.0, 27.0.1, 27.0.0, 26.1.1, 26.1.0)
GitLab Webhook Renovate Proxy	3 (0.6.0, 0.5.0, 0.0.1)
GitLab PMD CPD	18 (2.5.0, 2.4.1, 2.4.0, 2.3.6, 2.3.5, 2.3.4, 2.3.3, 2.3.2, 2.3.1, 2.3.0, 2.2.1, 2.2.0, 2.1.2, 2.1.1, 2.1.0, 2.0.3, 2.0.2, 2.0.1)
GitLab Pa11y CI	22 (11.2.4, 11.2.3, 11.2.2, 11.2.1, 11.2.0, 11.1.0, 11.0.0, 10.1.0, 10.0.5, 10.0.4, 10.0.3, 10.0.2, 10.0.1, 10.0.0, 9.0.5, 9.0.4, 9.0.3, 9.0.2, 9.0.1, 9.0.0, 8.0.1, 8.0.0)
GitLab Pipeline Timeline	3 (0.4.0, 0.3.1, 0.3.0)
GitLab Releaser	6 (8.0.4, 8.0.3, 8.0.2, 8.0.1, 8.0.0, 7.0.2)
GitLab Semgrep Plus	48 (9.1.3, 9.1.2, 9.1.1, 9.1.0, 9.0.3, 9.0.2, 9.0.1, 9.0.0, 8.6.4, 8.6.3, 8.6.2, 8.6.1, 8.6.0, 8.5.7, 8.5.6, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.0, 8.3.1, 8.3.0, 8.2.3, 8.2.2, 8.2.1, 8.2.0, 8.1.3, 8.1.2, 8.1.1, 8.1.0, 8.0.1, 8.0.0, 7.0.1, 7.0.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.0, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.0, 5.0.0)
Lighthouse	34 (7.2.2, 7.2.1, 7.2.0, 7.1.1, 7.1.0, 7.0.0, 6.4.0, 6.3.2, 6.3.1, 6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.2, 6.0.1, 6.0.0, 5.3.0, 5.2.0, 5.1.0, 5.0.1, 5.0.0, 4.9.0, 4.8.2, 4.8.1, 4.8.0, 4.7.0, 4.6.2, 4.6.1, 4.6.0, 4.5.0, 4.4.0)
Pa11y CI CLI Summary Reporter	2 (4.0.1, 4.0.0)
Pa11y CI HTML Reporter	1 (7.0.0)
Pa11y CI Reporter Runner	8 (5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.1.3, 4.1.2, 4.1.1, 4.1.0)
Pa11y HTML Reporter Plus	3 (4.0.1, 4.0.0, 3.0.0)
Pagean	39 (13.1.0, 13.0.3, 13.0.2, 13.0.1, 13.0.0, 12.3.0, 12.2.1, 12.2.0, 12.1.3, 12.1.2, 12.1.1, 12.1.0, 12.0.3, 12.0.2, 12.0.1, 12.0.0, 11.2.1, 11.2.0, 11.1.5, 11.1.4, 11.1.3, 11.1.2, 11.1.1, 11.1.0, 11.0.4, 11.0.3, 11.0.2, 11.0.1, 11.0.0, 10.2.0, 10.1.5, 10.1.4, 10.1.3, 10.1.2, 10.1.1, 10.1.0, 10.0.2, 10.0.1, 10.0.0)
Releaselog	3 (6.0.1, 6.0.0, 5.0.1)
Renovate Config	3 (1.1.0, 1.0.1, 1.0.0)
Vale Rules for GitLab CI Utils	6 (1.0.5, 1.0.4, 1.0.3, 1.0.2, 1.0.1, 1.0.0)

These releases included a handful of significant accomplishments:

This work was started in 2023, but as of this year all of my NPM packages are published with package provenance, a step to help improve the overall security of the NPM package ecosystem. It's an easy one-time setup, so there's no reason not to do it.
I released my first multi-platform container image, built on GitLab with kaniko and manifest-tool, which uses parent-child downstream pipelines to simplify expanding the supported platforms. See the curl-jq project for specifics.
I released a script to add OCI annotations to container images. This uses crane to update existing images in a container registry, matching image LABELs where they exist, determining the base image from the Dockerfile, and works with any build tool. The Docker Official images are built with OCI annotations, and those cascade to derived images, so if you're not updating them your image manifests may have missing or incorrect information, and as more tools use that data it can become an increasing problem. See the image-tools container image project for details.
The GitLab CI Templates project pipeline was updated to trigger multi-project downstream pipelines in the appropriate subset of newly created test projects of common types (Node ESM/CJS, Go, container images). This allows for automated testing of template changes (for at least 90% of the templates), which is a significant improvement over the previous manual testing process.
As part of this year's goal of migrating all of my CLI-based Node projects to ESM, I converted the Pagean project to ESM. It's still intentionally JavaScript, not TypeScript, but I get all the type checking I need with JSDoc comments, which the project uses already, and tsc is perfectly happy checking types with that. And most importantly, there's still no build step.
My favorite project of the year came out of nowhere in the last week of the year - the GitLab Webhook Renovate Proxy. This is a Cloudflare Worker that intercepts GitLab merge request event webhooks, which are extremely noisy, filters out all except those that should cause Renovate to re-analyze a project, and forwards to GitLab to trigger a CI pipeline. This allows projects to use Renovate's standard GitLab runner, but get back some of the responsiveness of the Renovate GitHub app. A blog post with the implementation details and setup instructions will be coming.

Contributions to other open source projects #

I also made contributions to a few other open source projects this year:

I made my first contributions to GitLab, both documentation cleanup as well as fixing documentation and tests for the GitLab release-cli application.
I made my first contribution to the Trivy vulnerability scanner updating their GitLab report template to include the operating system to improve parity with GitLab's container scanning report.

Looking forward to 2025 #

Like so many years, it's going to be a wild ride…