Tools4everBV · rschouten97 · Dec 23, 2025 · Dec 23, 2025 · Dec 24, 2025 · Dec 24, 2025
diff --git a/.github/workflows/createRelease.yaml b/.github/workflows/createRelease.yaml
@@ -0,0 +1,82 @@
+##############################
+# Workflow: Create Release
+# Version:  0.0.2
+##############################
+
+name: Create Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version number (e.g., v1.0.0). Leave blank to use the latest version from CHANGELOG.md.'
+        required: false
+  pull_request:
+    types:
+      - closed
+
+permissions:
+  contents: write
+
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Determine Version
+      id: determine_version
+      run: |
+        if [ -n "${{ github.event.inputs.version }}" ]; then
+          VERSION="${{ github.event.inputs.version }}"
+        else
+          if [ -f CHANGELOG.md ]; then
+            VERSION=$(grep -oP '^## \[\K[^]]+' CHANGELOG.md | head -n 1)
+            if [ -z "$VERSION" ]; then
+              echo "No versions found in CHANGELOG.md."
+              exit 1
+            fi
+          else
+            echo "CHANGELOG.md not found. Cannot determine version."
+            exit 1
+          fi
+        fi
+        [[ "$VERSION" != v* ]] && VERSION="v$VERSION"
+        echo "VERSION=$VERSION" >> $GITHUB_ENV
+        echo "VERSION_NO_V=${VERSION#v}" >> $GITHUB_ENV
+
+    - name: Extract Release Notes from CHANGELOG.md
+      id: extract_notes
+      if: ${{ github.event.inputs.version == '' }}
+      run: |
+        if [ -f CHANGELOG.md ]; then
+          awk '/## \['"${VERSION_NO_V}"'\]/{flag=1; next} /## \[/{flag=0} flag' CHANGELOG.md > release_notes.txt
+          if [ ! -s release_notes.txt ]; then
+            echo "No release notes found for version ${VERSION_NO_V} in CHANGELOG.md."
+            exit 1
+          fi
+        else
+          echo "CHANGELOG.md not found in the repository."
+          exit 1
+        fi
+        echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV
+        cat release_notes.txt >> $GITHUB_ENV
+        echo "EOF" >> $GITHUB_ENV
+
+    - name: Default Release Notes
+      if: ${{ github.event.inputs.version != '' }}
+      run: |
+        echo "RELEASE_NOTES=Release notes not provided for version ${VERSION}." >> $GITHUB_ENV
+
+    - name: Debug Release Notes
+      run: |
+        echo "Extracted Release Notes:"
+        echo "${RELEASE_NOTES}"
+
+    - name: Create GitHub Release
+      run: |
+        gh release create "${VERSION}" --title "${VERSION}" --notes-file release_notes.txt
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/verifyChangelog.yaml b/.github/workflows/verifyChangelog.yaml
@@ -0,0 +1,35 @@
+####################################
+# Workflow: Verify CHANGELOG Updated
+# Version:  0.0.1
+####################################
+
+name: Verify CHANGELOG Updated
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  check-changelog:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Ensure CHANGELOG.md is updated
+      run: |
+        # Fetch the base branch to compare against
+        git fetch origin ${{ github.base_ref }} --depth=1
+
+        # Compare changes between the current branch and the base branch
+        CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }})
+
+        # Check if CHANGELOG.md is included in the list of changed files
+        if echo "$CHANGED_FILES" | grep -q 'CHANGELOG.md'; then
+          echo "CHANGELOG.md is updated."
+        else
+          echo "ERROR: Please update the CHANGELOG.md file with your changes." && exit 1
+        fi
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,90 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/), and this project adheres to [Semantic Versioning](https://semver.org/).
+
+## [2.0.0] - 2026-01-07
+
+This is a major release of HelloID-Conn-Prov-Target-Blacklist-SQL with significant enhancements to match the CSV blacklist connector functionality and Tools4ever V2 connector standards, plus major improvements to code maintainability, configurability, and operational transparency.
+
+### Added
+
+- Retention period support with configurable duration for deleted values and automatic expiration logic
+- `retentionPeriod` configuration parameter to specify how many days deleted values remain blocked before reuse
+- Cross-check validation via `crossCheckOn` configuration to validate uniqueness across different attribute types (e.g., checking if an email exists as a proxy address)
+- `keepInSyncWith` functionality to replace legacy `syncIterations` approach, providing automatic cascading of non-unique status across related fields
+- `$allowSelfUsage` configuration in `checkOnExternalSystemsAd.ps1` to control whether persons can reuse their own values (replaces `$excludeSelf`)
+- `$fieldsToCheck` object-based configuration in `checkOnExternalSystemsAd.ps1` to replace simple `$attributeNames` array
+- Skip optimization to automatically skip redundant database queries once a field is marked non-unique
+- Action types `OtherEmployeeId` and `MultipleFound` for enhanced error handling with detailed error messages
+- Database columns `whenCreated` and `whenUpdated` with datetime2(7) precision for timestamp tracking
+- PowerShell-based timestamp generation using `Get-Date -Format "yyyy-MM-ddTHH:mm:ss.fff"` for consistent datetime2(7) precision
+- Detailed audit logging in Update and Delete actions showing exactly which fields are modified and their new values
+- `#region Configuration` block in `checkOnExternalSystemsAd.ps1` for better code organization
+- README section "Configuring checkOnExternalSystemsAd.ps1" with detailed configuration examples
+- README warnings for retention period synchronization and initial configuration requirements
+- README use cases section explaining practical applications of the blacklist connector
+- README supported features table documenting available capabilities
+
+### Changed
+
+- Create script restructured to match CSV connector format with improved action calculation logic
+- Update script aligned with Create script logic including retention period validation
+- Delete script rewritten to process per-attribute instead of bulk updates
+- `whenDeleted` column type changed from `date` to `datetime2(7)` for precision and consistency
+- checkOnExternalSystemsAd.ps1 field checking logic enhanced with retention period awareness and cross-attribute validation
+- fieldMapping.json updated to match CSV structure (employeeId only for Create, attributes for Create/Update/Delete) with Complex mapping mode using conditional logic
+- Credential initialization in checkOnExternalSystemsAd.ps1's Invoke-SQLQuery function now properly creates SqlCredential object
+- Configuration comments expanded with detailed explanations of field checking logic, cross-checking, and field synchronization
+- README lifecycle action descriptions enhanced with detailed scenario coverage including retention period behavior
+- README additional scripts descriptions improved with retention period logic details
+- Logging changed from Write-Information intentions to result-based logging with adjusted log levels (unique=Information, non-unique=Warning)
+- Audit logs moved inside non-dryRun blocks to prevent audit entries during preview mode
+- SQL UPDATE queries simplified to only modify `whenDeleted` and `whenUpdated` fields
+- Account reference moved to absolute top of create script for consistency
+- Update and Delete actions refactored to build SET clauses dynamically from object properties
+- Logging in checkOnExternalSystemsAd.ps1 improved to distinguish between self-usage scenarios and retention period validations
+
+### Deprecated
+
+- Legacy syncIterations and syncIterationsAttributeNames approach replaced by keepInSyncWith configuration
+
+### Removed
+
+- `whenDeleted` field from fieldMapping.json (now managed internally by scripts)
+- Unnecessary Write-Information statements for action intentions
+
+## [1.1.0] - 2024-12-12
+
+### Added
+
+- PowerShell V2 connector support with improved structure
+- Enhanced field mapping configuration
+- Improved error handling and logging
+
+### Changed
+
+- Migrated from legacy PowerShell V1 to PowerShell V2 connector format
+- Updated connector structure to follow V2 standards
+- Improved code organization and maintainability
+
+## [1.0.0] - 2024-05-17
+
+### Added
+
+- Initial release of HelloID-Conn-Prov-Target-Blacklist-SQL
+- Basic create, update, and delete lifecycle actions
+- SQL database integration for blacklist management
+- Support for tracking employeeId, attributeName, and attributeValue
+- Configuration for connection string and table settings
+- Field mapping for SamAccountName, UserPrincipalName, and employeeId
+- Basic uniqueness checking script for Active Directory integration
+- Example script for generating unique data
+- SQL table creation script
+
+### Changed
+
+- N/A (initial release)
+
+### Fixed
+
+- N/A (initial release)