Bugfix/gitlab policy

.github/workflows/build.yml

@@ -1,28 +1,98 @@
 name: build
 
 on:
+  # allow to manual run the action
+  workflow_dispatch: {}
+  pull_request: {}
+  merge_group: {}
   push:
-    branches: [master]
-  pull_request:
-    branches: ["*"]
+    branches:
+      - develop
+    tags:
+      - "*"
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
-        node-version: [10.x, 12.x, 14.x]
+        node-version: [22.x]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
-      - run: npm install
+
+      - name: npm build and test
+        run: |
+          npm run clean
+          npm run build
+          npm run test
       - run: npm test
       - name: Coveralls
         uses: coverallsapp/github-action@master
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
+  package:
+    name: Package Application
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          # renovate: datasource=docker depName=node
+          node-version: "22"
+      - name: "Build Package"
+        run: |
+          npm run clean
+          npm run build
+
+      - name: Write version vars
+        run: |
+          BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"`
+          BRANCH=${GITHUB_REF_NAME#v}
+          APP_VERSION=$(cat package.json | grep version| head -1 | awk -F: '{ print $2 }' | sed 's/[",]//g')
+          echo Version: $APP_VERSION
+          echo "VERSION=$APP_VERSION" >> $GITHUB_ENV
+          echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV
+          echo "BUILD_DATE=$BUILD_DATE" >> $GITHUB_ENV
+
+      - name: Build Container Image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: continuoussecuritytooling/ajv-cli
+          tags: "latest next ${{env.APP_VERSION}} ${{env.APP_VERSION}}_rc"
+          containerfiles: |
+            ./Dockerfile
+          build-args: |
+            BUILD_DATE=${{env.BUILD_DATE}}
+            APP_VERSION=${{env.APP_VERSION}}
+
+      - name: Test Container Image
+        id: test-image
+        run:
+          wget https://gitlab.com/gitlab-org/gitlab/-/raw/master/ee/app/validators/json_schemas/security_orchestration_policy.json
+          ajv-cli migrate -s security_orchestration_policy.json
+          docker run -v $(pwd):/build -it continuoussecuritytooling/ajv-cli:${{env.APP_VERSION}}_rc validate --spec=draft2020 --strict=false --validate-formats=true  -c ajv-formats --unicodeRegExp=false -s /build/security_orchestration_policy.json -d /build/test/gitlab/policy.yml
+
+  build-results:
+    name: Build results
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - run: exit 1
+        # see https://stackoverflow.com/a/67532120/4907315
+        if: >-
+          ${{
+                contains(needs.*.result, 'failure')
+            || contains(needs.*.result, 'cancelled')
+                || contains(needs.*.result, 'skipped')
+                }}

.github/workflows/release.yml

@@ -0,0 +1,117 @@
+name: Create release # You may choose a different name
+run-name: ${{ inputs.releaseversion }} # Enumerates entries in the "workflow runs" view
+on:
+    workflow_dispatch:
+        inputs:
+            releaseversion:
+                description: 'Release version'
+                required: true
+                type: string
+                default: "X.Y.Z"
+
+jobs:
+    release: # Arbitrarily chosen
+        name: Release
+        runs-on: ubuntu-latest
+        permissions:
+            contents: write
+            packages: write
+            attestations: write
+            id-token: write
+        steps:
+
+            -   uses: actions/create-github-app-token@v2
+                id: app-token
+                with:
+                    app-id: ${{ vars.CI_APP_ID }}
+                    private-key: ${{ secrets.CI_PRIVATE_KEY }}
+
+            -   name: Checkout
+                uses: actions/checkout@v4
+                with:
+                    fetch-depth: 0
+                    token: ${{ steps.app-token.outputs.token }}
+                    ref: ${{ github.head_ref }}
+
+            -   name: Get GitHub App User ID
+                id: get-user-id
+                run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+                env:
+                    GH_TOKEN: ${{ steps.app-token.outputs.token }}
+
+            -   name: Configure Git author
+                run: |
+                    git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
+                    git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
+
+            -   name: Setup NodeJS
+                uses: actions/setup-node@v4
+                with:
+                    node-version: '22'
+                    registry-url: 'https://registry.npmjs.org'
+
+            -   name: Package Application
+                run: |
+                    npm run clean
+                    npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }}
+                    npm run build
+
+            -   name: Write version vars
+                run: |
+                    BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"`
+                    BRANCH=${GITHUB_REF_NAME#v}
+                    APP_VERSION=$(cat package.json | grep version| head -1 | awk -F: '{ print $2 }' | sed 's/[",]//g')
+                    echo Version: $APP_VERSION
+                    echo "VERSION=$APP_VERSION" >> $GITHUB_ENV
+                    echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV
+                    echo "BUILD_DATE=$BUILD_DATE" >> $GITHUB_ENV
+
+            -   name: Conventional Changelog Action
+                uses: TriPSs/conventional-changelog-action@v6
+                with:
+                    input-file: CHANGELOG.md
+                    github-token: ${{ steps.app-token.outputs.token }}
+                    version-file: package.json
+                    pre-release: true
+                    skip-bump: true
+                    skip-tag: true
+                    skip-on-empty: true
+                    tag-prefix: 'v'
+
+            -   name: Create Release on GH
+                id: tag-and-release
+                uses: avakar/tag-and-release@v1
+                with:
+                    draft: true
+                    release_name: ${{ github.event.inputs.releaseversion }}
+                    tag_name: v${{ github.event.inputs.releaseversion }}
+                env:
+                    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+            -   name: Build Container Image
+                id: build-image
+                uses: redhat-actions/buildah-build@v2
+                with:
+                    image: continuoussecuritytooling/keycloak-reporting-cli
+                    tags: 'latest ${{ github.event.inputs.releaseversion }}'
+                    containerfiles: |
+                        ./Dockerfile
+                    build-args: |
+                        BUILD_DATE=${{ env.BUILD_DATE }}
+                        APP_VERSION=${{ github.event.inputs.releaseversion }}
+
+            -   name: Push To Docker Hub
+                id: push-to-dockerhub-preview
+                uses: redhat-actions/push-to-registry@v2
+                with:
+                    image: ${{ steps.build-image.outputs.image }}
+                    tags: 'latest ${{ github.event.inputs.releaseversion }}'
+                    registry: registry.hub.docker.com
+                    username: continuoussecuritytooling
+                    password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+            -   name: Publish npm package
+                run: |
+                    npm publish
+                env:
+                    NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}

.gitignore

@@ -15,5 +15,5 @@ coverage
 node_modules
 
 .DS_Store
-package-lock.json
 dist
+.qodo

CHANGELOG.md

@@ -0,0 +1,28 @@
+# 0.2.0 (2025-04-09)
+
+
+### Bug Fixes
+
+* **deps:** update dependency fast-json-patch to v3 ([b34a751](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/b34a7511ad17af7f176fe50aa645e3f51242759a))
+* **deps:** update dependency glob to v11 ([be25850](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/be25850338e2cbfac635c94227cf18c2cace9576))
+* set `$data` option in the presence of the `--data` switch ([8c440a5](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/8c440a564fb712b3a2ed93d443e561117ab036b6)), closes [#93](https://github.com/ContinuousSecurityTooling/ajv-cli/issues/93)
+
+
+### Features
+
+* compile schema to standalone module exporting validation function using ajv-pack, closes [#1](https://github.com/ContinuousSecurityTooling/ajv-cli/issues/1) ([e303d61](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/e303d61b6be5fda212c63e5e5c0e8f38ec793095))
+* custom keywords/formats, [#17](https://github.com/ContinuousSecurityTooling/ajv-cli/issues/17), [#18](https://github.com/ContinuousSecurityTooling/ajv-cli/issues/18) ([666dad7](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/666dad73579ded698b8b3f63fad94973b5dc6e22))
+* **Docker:** Adding docker image for running ([c282963](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/c28296328e70d1b16a4cd2d1f7610b24074766fe))
+* **Docker:** Finalize docker usage ([d534fc1](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/d534fc1e312dc343328d6191ffc01ddf8302b5fd))
+* help for "migrate" command ([f1bd6d2](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/f1bd6d2c4413e61591ee04b6c514063ab0ca3586))
+* migrate schema to draft-06 ([74c61bc](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/74c61bcbfb42c1e47026ca264dc14503b32f56eb))
+* option inline-refs; fixed options with value "false", closes [#19](https://github.com/ContinuousSecurityTooling/ajv-cli/issues/19) ([62b0ba3](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/62b0ba3bd429ac9751a7cba4d979fb0a385e2f11))
+* options -o and -c added to help ([eda7450](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/eda74505403c6e4749a2127b1e8c0e9b11947939))
+* options supported by Ajv 5.0 ([cce95e6](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/cce95e6dfc475cb3d51bd2a2e6c0131ae950fdde))
+* support `json5` & `yaml` file types ([974d686](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/974d6864f56abd8428671874b56127873779e1d0))
+* support draft-04 meta-schema by default, closes [#28](https://github.com/ContinuousSecurityTooling/ajv-cli/issues/28) ([a297a43](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/a297a430376b3e127d45df48ff832439fe11bda1))
+* support keywords written in typescript ([f13a09a](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/f13a09a85b7e95e824b523764e8f49c1dae6fa0b))
+* use draft-06, remove v5 option and tests ([5a63420](https://github.com/ContinuousSecurityTooling/ajv-cli/commit/5a6342066e37b1c967873fb2fd4798853c4e3b56))
+
+
+

Dockerfile

@@ -0,0 +1,31 @@
+FROM node:22.14.0-slim
+
+ARG BUILD_DATE
+ARG APP_VERSION
+
+LABEL org.opencontainers.image.authors='Martin Reinhardt ([email protected])' \
+    org.opencontainers.image.created=$BUILD_DATE \
+    org.opencontainers.image.version=$APP_VERSION \
+    org.opencontainers.image.url='https://hub.docker.com/r/continuoussecuritytooling/ajv-cli' \
+    org.opencontainers.image.documentation='https://github.com/ContinuousSecurityTooling/ajv-cli' \
+    org.opencontainers.image.source='https://github.com/ContinuousSecurityTooling/ajv-cli.git' \
+    org.opencontainers.image.licenses='MIT'
+
+COPY dist/ docker_entrypoint.sh package-lock.json package.json /app
+
+WORKDIR /app
+
+RUN npm install --omit=dev &&\
+    npm install ajv-formats &&\
+    ln -s /app/index.js /usr/local/bin/ajv-cli && chmod +x /usr/local/bin/ajv-cli &&\
+    chown -R 1000:2000 /app /usr/local/bin/ajv-cli
+
+# apt update
+RUN apt-get update && apt-get -y upgrade &&\
+  apt-get install -y jq wget curl &&\
+  # clean up to slim image
+  apt-get clean autoclean && apt-get autoremove --yes && rm -rf /var/lib/{apt,dpkg,cache,log}/
+
+USER 1000
+
+ENTRYPOINT ["/app/docker_entrypoint.sh"]