Initial commit

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,50 @@
+name: Bug report
+description: Report a reproducible bug to help us improve
+title: "Bug: TITLE"
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for submitting a bug report. Please add as much information as possible to help us reproduce, and remove any potential sensitive data.
+
+  - type: textarea
+    id: expected_behaviour
+    attributes:
+      label: Expected Behaviour
+      description: Please share details on the behaviour you expected
+    validations:
+      required: true
+  - type: textarea
+    id: current_behaviour
+    attributes:
+      label: Current Behaviour
+      description: Please share details on the current issue
+    validations:
+      required: true
+  - type: textarea
+    id: code_snippet
+    attributes:
+      label: Code snippet
+      description: Please share a code snippet to help us reproduce the issue
+      render: python
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Possible Solution
+      description: If known, please suggest a potential resolution
+    validations:
+      required: false
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: Please share how we might be able to reproduce this issue
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: |
+        ---

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,34 @@
+name: Feature request
+description: Suggest an idea for CloudFront Hosting Toolkit
+title: "Feature request: TITLE"
+labels: ["feature-request", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to suggest an idea to the CloudFront Hosting Toolkit project.
+
+        *Future readers*: Please react with 👍 and your use case to help us understand customer demand.
+  - type: textarea
+    id: problem
+    attributes:
+      label: Use case
+      description: Please help us understand your use case or problem you're facing
+    validations:
+      required: true
+  - type: textarea
+    id: suggestion
+    attributes:
+      label: Solution/User Experience
+      description: Please share what a good solution would look like to this use case
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternative solutions
+      description: Please describe what alternative solutions to this use case, if any
+      render: markdown
+    validations:
+      required: false
+

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,38 @@
+<!-- markdownlint-disable MD041 MD043 -->
+**Issue number:**
+
+## Summary
+
+### Changes
+
+> Please provide a summary of what's being changed
+
+### User experience
+
+> Please share what the user experience looks like before and after this change
+
+## Checklist
+
+If your change doesn't seem to apply, please leave them unchecked.
+
+* [ ] I have performed a self-review of this change
+* [ ] Changes have been tested
+* [ ] Changes are documented
+
+<details>
+<summary>Is this a breaking change?</summary>
+
+**RFC issue number**:
+
+Checklist:
+
+* [ ] Migration process documented
+* [ ] Implement warnings (if it can live side by side)
+
+</details>
+
+## Acknowledgment
+
+By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
+
+**Disclaimer**: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

.github/workflows/npm-publish.yml

@@ -0,0 +1,23 @@
+# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
+
+name: Publish to NPM
+
+on: 
+  workflow_dispatch
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@6ccd57f4c5d15bdc2fef309bd9fb6cc9db2ef1c6
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org/
+      - run: npm install
+      - run: npm run build
+      - run: npm pack
+      - run: npm publish --access=public
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}

.github/workflows/on-issue-opened.yml

@@ -0,0 +1,24 @@
+name: Label issues
+
+on:
+  issues:
+    types:
+      - reopened
+      - opened
+
+permissions:
+  issues: write
+
+jobs:
+  label_issues:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@1f16022c7518aad314c43abcd029895291be0f52
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ["triage"]
+            })

.github/workflows/on-push.yml

@@ -0,0 +1,18 @@
+name: Push Workflow
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - edited
+
+permissions:
+  contents: read
+
+jobs:
+  security-checks:
+    uses: ./.github/workflows/run-security-checks.yml
+    secrets: inherit

.github/workflows/on-workflow-update.yml

@@ -0,0 +1,23 @@
+name: Lockdown untrusted workflows
+
+on:
+  push:
+    paths:
+      - ".github/workflows/**"
+  pull_request:
+    paths:
+      - ".github/workflows/**"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  enforce_pinned_workflows:
+    name: Harden Security
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - name: Ensure 3rd party workflows have SHA pinned
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@f32435541e24cd6a4700a7f52bb2ec59e80603b1

.github/workflows/run-security-checks.yml

@@ -0,0 +1,30 @@
+name: Run security checks on the project
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout and setup.
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - name: Install dependencies
+        run: npm install
+
+      # NPM audit.
+      - name: Run audit
+        run: npm audit
+
+      # GitLeaks.
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@4df650038e2eb9f7329218df929c2780866e61a3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+

.gitignore

@@ -0,0 +1,29 @@
+
+!jest.config.js
+*.d.ts
+node_modules
+.package-lock.json
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+
+lib/**/*.js
+bin/*.js
+
+!lambda/url_rewrite/*.js 
+resources/ui/public/aws-exports.json
+resources/ui/dist
+
+
+.DS_Store
+
+**/dist/**/*
+
+*.tgz
+*aws-exports.json
+!download.js
+
+examples/local-demo/.env
+
+coverage/**/*

.gitlab-ci.yml

@@ -0,0 +1,19 @@
+image: node:lts
+
+pages:
+  stage: deploy
+  script:
+    - npm install
+    - cd docs
+    - npm install
+    - npx astro build
+    - mv dist ../public
+  artifacts:
+    paths:
+      - public
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      changes:
+        - docs/**/*
+        - package.json
+        - package-lock.json

.npmignore

@@ -0,0 +1,64 @@
+# Source code
+src/
+
+# Test files
+test/
+**tests**/
+*.spec.js
+*.test.js
+
+# Configuration files
+.babelrc
+.eslintrc
+.prettierrc
+tsconfig.json
+webpack.config.js
+
+# Git files
+.git
+.gitignore
+
+# CI files
+.travis.yml
+.gitlab-ci.yml
+.github/
+
+# Editor directories
+.vscode/
+.idea/
+
+# Logs
+logs
+*.log
+npm-debug.log*
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# Dependency directories
+node_modules/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# dotenv environment variables file
+.env
+.env.test
+
+# Documentation
+docs/
+
+# Miscellaneous
+.DS_Store
+Thumbs.db
+
+# Explicitly include dist folder
+!dist/
+
+examples
+img
+package
+*.tgz

CODE_OF_CONDUCT.md

@@ -0,0 +1,5 @@
+# Code of Conduct
+
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+[opensource-codeofconduct@amazon.com](opensource-codeofconduct@amazon.com) with any additional questions or comments.