Clojars Worklog - 2023
Table of Contents
Intro
This worklog covers work performed on Clojars under a contract from the Clojurists Together Foundation. The contract covers general maintenance.
December 2023
Commit Logs: clojars-web, infrastructure
This month I released the permissions system rewrite, updated the release logic to require a license in the POM for all releases, and made a few other minor improvements:
- Use long polling with SQS
- Throw on SQS receive-loop exception to force prcess to exit
- Use mock mailer in development
- Update logback to address CVE-2023-6378
On the infrastructure front, I added disk space and SQS queue delay alarms so we can be better informed of when things go wrong.
November 2023
Commit Logs: clojars-web, infrastructure
I rewrote the permissions system this month to support project-level scoping, allowing delegation of deploy rights to a user for a subset of projects under a group. This was released in December.
I also made improvements to the AMI release process.
October 2023
Commit Logs: clojars-web
The work this month was modernization: we moved away from yesql in favor of honeysql, and to next.jdbc from clojure.java.jdbc:
September 2023
Commit Logs: clojars-web
Most of September was vacation, but I did make a few improvements towards the end of the month:
- Prevent memory leak from in-memory session store This was the source of intermittent OOMs for years, and I finally tracked it down.
- Require a license in the POM for new projects
August 2023
Commit Logs: clojars-web, infrastructure
I took this month to clean up some long-standing issues:
- Fixed an issue with error reporting from the repository routes
- Include release date for each version in feed.clj
- Include scm tag for each version in feed.clj
- Require MFA group wide to deploy
And a few quality of life improvements:
- Add denylist to email sender
- Migrate from project.clj to deps.edn
- Upgraded to latest clj-kondo for code linting
The CHANGELOG file also covers any user-facing changes.