Go Mercedes!
Aaron Goldenthal's avatar Mercedes AMG Petronal Formula 1 Team emblem Aaron Goldenthal

The Year in Review 2023

State of the Blog

A lot has happened in the last year - the resurgence of this blog, I created six new software projects, and I shipped almost 200 software releases. In addition, I learned Go, started publishing NPM packages with provenance, and generative AI and large language models took over the world. This post reviews it all.

Blog posts #

The year brought with it the return of this blog. I had a goal of averaging two blog posts per month. That certainly seemed achievable, but the result didn't quite measure up - a grand total of 10 posts (including this, and the kickoff - not sure those really count), averaging less than one per month. Even though that didn't meet my original goal, I feel good about the results. The posts were either detailing significant new software releases or solutions to significant GitLab, CI/CD, or DevOps problems. And a lot of research was done on a few more big ones coming in 2024, including:

  • An enhanced GitLab Semgrep SAST (static application security testing) job with several hundred additional rules.
  • A comprehensive GitLab CI pipeline for Go projects.
  • An assessment of issues with GitLab's Code Quality template and the alternative I've been using for the last 6 months (it's getting long, it will probably be a 2 or 3 part series).

Software projects #

Most of this year was busy with open source software projects (probably why I didn't meet my original blog post goal). I started the following six new projects this year:

Project Description
GitLab PMD CPD A container image to run PMD's Copy/Paste Detector (CPD) and convert the results to GitLab Code Quality report format. This provides an alternative to GitLab's built-in Code Quality template for identifying duplicate code.
GitLab Semgrep Plus GitLab's semgrep container image augmented with hundreds of additional Node.js/JavaScript/Typescript and Go rules from Semgrep's rule repository.
GitLab UI Plus A Chrome browser extension to augment the GitLab UI for improved UX (very much a work in progress).
Go Test A container image with OS packages and Go tools necessary for performing Go testing and producing testing reports for GitLab.
Lighthouse A container image to run Lighthouse and Lighthouse CI with the latest Chromium release.
Syft An Alpine Linux based container image to run Syft to allow Software Bill of Materials (SBOMs) generation in GitLab CI where a shell is required.

Between those projects and my other existing projects I shipped 199 releases.

Project Releases
Bin Tester 4 (5.0.0, 4.0.1, 4.0.0, 3.0.1)
CI Logger 2 (6.0.0, 5.1.1)
Config Files 8 (9.2.0, 9.1.0, 9.0.1, 9.0.0, 8.0.0, 7.2.0, 7.1.0, 7.0.0)
Docker Dependency Check 19 (2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.16.12, 1.16.11, 1.16.10, 1.16.9, 1.16.8, 1.16.7, 1.16.6, 1.16.5, 1.16.4, 1.16.3, 1.16.2, 1.16.1, 1.16.0, 1.15.9)
Docker Hugo 1 (2.0.0)
Docker PowerShell Scripts 5 (4.5.0, 4.4.0, 4.3.0, 4.2.0, 4.1.0)
Docker Puppeteer 7 (11.0.0, 10.2.0, 10.1.0, 10.0.0, 9.3.0, 9.2.0, 9.1.0)
Docker Sokrates 2 (2.1.1, 2.1.0)
Docker curl jq 1 (2.0.0)
ESLint Config Standard 12 (25.0.0, 24.0.1, 24.0.0, 23.1.1, 23.1.0, 23.0.0, 22.1.0, 22.0.0, 21.0.0, 20.1.0, 20.0.0, 19.0.2)
GitLab CI Env 5 (9.1.0, 9.0.0, 8.1.0, 8.0.0, 7.1.0)
GitLab CI Templates 40 (26.0.0, 25.0.0, 24.2.0, 24.1.0, 24.0.1, 24.0.0, 23.1.0, 23.0.0, 22.2.0, 22.1.0, 22.0.0, 21.0.2, 21.0.1, 21.0.0, 20.2.1, 20.2.0, 20.1.0, 20.0.0, 19.1.1, 19.1.0, 19.0.0, 18.1.0, 18.0.1, 18.0.0, 17.0.1, 17.0.0, 16.3.0, 16.2.0, 16.1.0, 16.0.3, 16.0.2, 16.0.1, 16.0.0, 15.3.1, 15.3.0, 15.2.2, 15.2.1, 15.2.0, 15.1.0, 15.0.0)
GitLab PMD CPD 5 (2.0.0, 1.1.0, 1.0.0, 0.6.0, 0.5.0)
GitLab Pa11y CI 7 (7.4.0, 7.3.1, 7.3.0, 7.2.0, 7.1.1, 7.1.0, 7.0.3)
GitLab Pipeline Timeline 2 (0.2.1, 0.2.0)
GitLab Releaser 6 (7.0.1, 7.0.0, 6.0.0, 5.0.1, 5.0.0, 4.0.4)
GitLab Semgrep Plus 11 (4.0.0, 3.3.0, 3.2.0, 3.1.0, 3.0.0, 2.0.0, 1.1.0, 1.0.3, 1.0.2, 1.0.1, 1.0.0, 0.5.0)
Go Test 4 (2.0.0, 1.0.2, 1.0.1, 1.0.0)
Lighthouse 23 (4.3.0, 4.2.0, 4.1.1, 4.1.0, 4.0.0, 3.2.0, 3.1.0, 3.0.2, 3.0.1, 3.0.0, 2.1.1, 2.1.0, 2.0.6, 2.0.5, 2.0.4, 2.0.3, 2.0.2, 2.0.1, 2.0.0, 1.2.0, 1.1.1, 1.1.0, 1.0.0)
Pa11y CI CLI Summary Reporter 1 (3.0.0)
Pa11y CI HTML Reporter 7 (6.0.2, 6.0.1, 6.0.0, 5.1.1, 5.1.0, 5.0.4, 5.0.3)
Pa11y CI Reporter Runner 4 (4.0.0, 3.0.1, 3.0.0, 2.0.5)
Pa11y HTML Reporter Plus 6 (2.0.1, 2.0.0, 1.1.1, 1.1.0, 1.0.5, 1.0.4)
Pagean 4 (9.0.0, 8.0.4, 8.0.3, 8.0.2)
Releaselog 5 (5.0.0, 4.0.1, 4.0.0, 3.0.4, 3.0.3)
StyleLint Config Standard 5 (16.0.0, 15.0.0, 14.0.0, 13.0.1, 13.0.0)
Syft 2 (1.1.0, 1.0.0)

…and that's not even counting the simple app I put together to pull all of this new project and software releases data from the GitLab API and format it 😉.

A noteworthy aspect is that seven of my NPM packages are now published with package provenance, with the others setup and waiting on their next release. It's super easy to setup (for example see the GitLab instructions), and has significant potential for improving the security of the NPM ecosystem. So, if you're not doing it, why not?

This was also the year of generative AI and large language models. Do I think they'll replace developers and we should all be afraid for our jobs? No. Do I think I was more productive with at least moderate use of GitHub Copilot and ChatGPT (my two tools of choice)? Yes - it's like having an intern to help, with all the good and bad that comes with that.

I'm a Gopher the Go gopher icon #

Last, but certainly not least, on my list of accomplishments this year was learning Go, putting together a viable CI/CD pipeline for Go in GitLab, and releasing a Go application (GitLab PMD CPD v2.0.0). I'm sure I won't abandon Node any time soon, but I do like many things about Go:

  • Go doesn't try to be everything for everyone. It is what it is, it's opinionated, and that's okay.
  • Go has simple syntax, with fewer than 30 keywords.
  • Every language should have defer and the simplicity of concurrency that comes with a goroutine.
  • The Go standard library has extensive capabilities, limiting the need for including other dependencies. Coming from working on mostly Node projects for a while, and the mess that is NPM dependencies, being able to write a functional Go application with no dependencies was a little shocking.

There are also a lot of aspects that are… … … I'll go with "quirky." I'm sure I'll write more about that at some point.

Looking forward to 2024 #

I think the only thing certain at this point is uncertainty, but here are a few things that I am looking forward to:

  • The release of pa11y@7.0.0 and pa11y-ci@4.0.0 should be in early 2024, bringing both tools back to what I'd call a sustained state. I've made numerous contributions to both projects, and have several of my own that are plugins to pa11y/pa11y-ci, so I'm excited to see this milestone.
  • I'm not convinced that the Node ecosystem will ever fully make the move from CommonJS to ESM, as much as some people want that. But, in the interest of moving forward I do plan to migrate all of my CLI-based Node projects to ESM (not libraries). That may also include the move to TypeScript, we'll see…
  • I mentioned it in preceding sections, but 2023 brought a lot of research and some new projects to optimize GitLab CI pipelines, so I am looking forward to finishing those posts and sharing the results.