Holiday in Paramout Plus

After being ill for most of the week I am finally starting to enjoying my second week of holiday, binging on some Paramount+ and having a lazy Sunday enjoying the extra hour in bed after the end of summer time.

Updating Practicalli Journal and Clojure CLI Config repositories, fixing links and markdown issues from the Megalinter reports.

Updating to Megalinter 0.8.1 GitHub action on Practicalli repositories as I work on them. The upgrade will include each repository in the Grafana dashboards for Practicalli projects.

Issues

• DOING security: add clj-watson to clojure cli config
• DOING zsh environment varaibles not loading into jvm

Clojure CLI Config

Resolved all the issues reported by Megalinter.

Updated the Megalinter config and workflows to the latest versions and common Practicalli configs.

Installed markdown-table-formatter npm package globally to ensure all the markdown tables were correctly formatted.

npm install markdown-table-formatter -g

The README.md file containing the markdown tables was saved and any changes staged, so I could see exactly what the markdown-table-formatter tool fixed.

markdown-table-formatter README.md

All the markdown tables were updated and nicely formatted.

NOTE: There is a --check option, but this did not give any details of what tables were not correctly formatted, so not a useful option in this case.

clj-watson

clj-watson is a software composition analysis (SCA) tool, reporting on security vulnerabilities detected in the libraries used for a project.

clj-watson scans for reported security vulnerabilities for library dependencies defined in the deps.edn file of a Clojure project. clj-watson also scans transitive library dependencies (library dependencies of each defined dependency)

An :security/nvd-scan alias has been designed for Practicalli Clojure CLI Config.

:security/nvd-scan alias design

  ;; clj-holmes/clj-watson/
  ;; Request an API key from: https://nvd.nist.gov/developers/request-an-api-key
  ;; `CLJ_WATSON_NVD_API_KEY` set to API key value
  :security/nvd-scan
  {:replace-deps
   {io.github.clj-holmes/clj-watson {:git/tag "v6.0.0" :git/sha "cb02879"}}
   :main-opts ["-m" "clj-watson.cli" "scan"]}

The alias requires an API Key to access the NIST National Vulnerability Database (NVD).

CLJ_WATSON_NVD_API_KEY environment variable was set to the value of the API Key via the .zshenv file in my user account.

Tested the :security/nvd-scan alias with the Practicalli Project Templates repository.

Running the designed alias was not picking up the CLJ_WATSON_NVD_API_KEY environment variable

Fails to find API Key

clojure -M:security/nvd-scan

Zsh configuration broken - not loading env vars correctly

On one laptop the zsh configuration has a fault and environment variables are not being loaded when running clojure. The suggestion from the Clojure community was to ensure autoexport is set.

setopt allexport && source ~/.zshenv

Defining the NIST API Key as part of the command successfully downloaded the database and scanned the library dependencies.

Successfully finds key

CLJ_WATSON_NVD_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx clojure -M:security/nvd-scan

20 minutes to download the database

On first run of the clj-watson tool, the NIST NVD database took 20 minutes and 32 seconds to download (on a very good Internet connection). Successive runs take about 10 seconds, although may be longer if there are substantial updates to the database.

Added CLJ_WATSON_NVD_API_KEY to GitHub Secrets

Practicalli GitHub Org is used to securely store API keys and other sensitive values. Secrets can be used by GitHub actions across any repository that is part of the Practicalli organisation.

Neovim

The neogit graph view is now powered by gitgraph.nvim. There is a specific graph_style for the Kitty Terminal

Neogit change history from Astro update

    d523ae3 Add both flog style "unicode" graph and gitgraph style graph for kitty. (2 days ago)
    3f82e30 Replace flog graph with gitgraph.nvim so we can support color (2 days ago)

Practicalli Astro - Astrocommunity plugin overrides - Neogit plugin

lua/plugins/user-practicalli.lua

  -- Neogit: astrocommunity.git.neogit
  {
    "neogit",
    dependencies = {
      { "nvim-lua/plenary.nvim", "sindrets/diffview.nvim" },
    },
    opts = {
      disable_signs = true, -- duplicate signs if enabled
      -- graph_style = "unicode", -- elegant commit graph
      graph_style = "kitty", -- elegant commit graph
      integrations = { diffview = true },
    },
    keys = {
      -- Neogit status - overrides stage hunk astronvim mapping
      { "<leader>gs", "<cmd>Neogit<cr>", desc = "Status (Neogit)" },
    },
  },

TV Series

Star Trek Lower Desks provides a different and often quite silly experience of the world of Star Fleet. Catching up with season 3 this week.

A Gentleman in Moscow is a moving Drama that covers some of the darkest times of the USSR. It provides a unique view of the peoples revolution and Stalin era from a person of privilege, adjusting to their new and revoltingly dark reality.

The Castaways was okay, a nice distraction whilst fixing issues reported by Megalinter.

---

Thank you.

Practical.li Website

Practical.li GitHub Org practicalli-johnny profile

@practicalli@clj.social @practical_li