{"id":16293559,"url":"https://github.com/badsyntax/github-action-aws-cloudfront","last_synced_at":"2026-03-05T06:33:15.465Z","repository":{"id":37911593,"uuid":"437382150","full_name":"badsyntax/github-action-aws-cloudfront","owner":"badsyntax","description":"GitHub Action to easily invalidate CloudFront paths","archived":false,"fork":false,"pushed_at":"2023-04-20T15:00:38.000Z","size":717,"stargazers_count":3,"open_issues_count":6,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-18T23:16:19.418Z","etag":null,"topics":["aws","aws-cloudfront","cloudfront","github-action"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/badsyntax.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-11T20:29:11.000Z","updated_at":"2023-03-07T14:50:16.000Z","dependencies_parsed_at":"2024-10-27T21:44:35.292Z","dependency_job_id":"e0ebcb5c-7212-4906-a3d2-ede2358b5093","html_url":"https://github.com/badsyntax/github-action-aws-cloudfront","commit_stats":{"total_commits":45,"total_committers":2,"mean_commits":22.5,"dds":0.4,"last_synced_commit":"9b6a53113817f729eb38f368ac06818178d4475e"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/badsyntax/github-action-aws-cloudfront","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badsyntax%2Fgithub-action-aws-cloudfront","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badsyntax%2Fgithub-action-aws-cloudfront/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badsyntax%2Fgithub-action-aws-cloudfront/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badsyntax%2Fgithub-action-aws-cloudfront/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/badsyntax","download_url":"https://codeload.github.com/badsyntax/github-action-aws-cloudfront/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/badsyntax%2Fgithub-action-aws-cloudfront/sbom","scorecard":{"id":222973,"data":{"date":"2025-08-11","repo":{"name":"github.com/badsyntax/github-action-aws-cloudfront","commit":"9b6a53113817f729eb38f368ac06818178d4475e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/1 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/deploy.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/badsyntax/github-action-aws-cloudfront/test.yml/master?enable=pin","Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned","Info: 0 out of 4 third-party GitHubAction dependencies pinned","Info: 2 out of 2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"13 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-x3cc-x39p-42qx","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T03:02:20.934Z","repository_id":37911593,"created_at":"2025-08-17T03:02:20.934Z","updated_at":"2025-08-17T03:02:20.934Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30112256,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T03:40:26.266Z","status":"ssl_error","status_checked_at":"2026-03-05T03:39:15.902Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cloudfront","cloudfront","github-action"],"created_at":"2024-10-10T20:11:43.937Z","updated_at":"2026-03-05T06:33:15.435Z","avatar_url":"https://github.com/badsyntax.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS CloudFront GitHub Action\n\n[![Build \u0026 Test](https://github.com/badsyntax/github-action-aws-cloudfront/actions/workflows/test.yml/badge.svg)](https://github.com/badsyntax/github-action-aws-cloudfront/actions/workflows/test.yml)\n[![Deploy](https://github.com/badsyntax/github-action-aws-cloudfront/actions/workflows/deploy.yml/badge.svg)](https://github.com/badsyntax/github-action-aws-cloudfront/actions/workflows/deploy.yml)\n[![CodeQL](https://github.com/badsyntax/github-action-aws-cloudfront/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/badsyntax/github-action-aws-cloudfront/actions/workflows/codeql-analysis.yml)\n\nA GitHub Action to invalidate a list of CloudFront paths.\n\nThe Action will generate a new list based on input options. This is especially helpful when you're piping in origin paths (eg from an S3 Action) that need to be transformed into absolute URL paths from root. You can also include origin prefixes to cache-bust URL's rewritten by Lambda's (in which case you need to invalidate both the `viewer-request` and rewritten URL's). A root slash `/` is added if a url matches the `default-root-object`.\n\n## Example Path Transformations\n\n| input | prefix | include-origin-prefix | default-root-object | output |\n| ------------------------------------- | -------- | --------------------- | ------------------- | ----------------------------------------------------------- |\n| `index.html,blog.html,css/styles.css` | `(none)` | `false` | `index.html` | `/index.html,/blog.html,/css/styles.css,/` |\n| `root/index,/root/css/styles.css,/` | `root` | `false` | `index` | `/index,/css/styles.css,/` |\n| `root/index,root/css/styles.css` | `root` | `true` | `index` | `/index,/root/index,/css/styles.css,/root/css/styles.css,/` |\n\n## Getting Started\n\nPlease read: \u003chttps://github.com/aws-actions/configure-aws-credentials#credentials\u003e\n\n```yaml\nname: 'Deploy'\n\nconcurrency:\n group: prod_deploy\n cancel-in-progress: false\n\non:\n push:\n branches:\n - main\n\njobs:\n deploy:\n name: 'Invalidate Cache'\n runs-on: ubuntu-20.04\n steps:\n - uses: actions/checkout@v2\n\n - name: Configure AWS Credentials\n uses: aws-actions/configure-aws-credentials@v1\n with:\n aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}\n aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n aws-region: us-east-1\n\n - uses: badsyntax/github-action-aws-cloudfront@master\n name: Invalidate CloudFront Cache\n id: invalidate-cloudfront-cache\n with:\n distribution-id: ${{ secrets.CFDistributionId }}\n aws-region: 'us-east-1'\n origin-prefix: 'root'\n include-origin-prefix: true\n invalidate-paths: '/index.html,/'\n default-root-object: 'index.html'\n```\n\n## Action Inputs\n\n| key | description | example |\n| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |\n| `invalidate-paths` | Comma separated list of invalidation paths | `root/blog.html,root/index.html` |\n| `distribution-id` | The CloudFront Distribution Id | `ABC123DEF` |\n| `origin-prefix` | The prefix of the object location in origin, which will be optionally stripped from the invalidation paths, if `include-origin-prefix` is false. For example if origin-prefix is \"root\" and invalidationPath is \"root/blog.html\" then the final path will be \"blog.html\" | `root` |\n| `include-origin-prefix` | Whether to include origin prefix paths. Useful when paths ere rewritten by Lambda's | `true` |\n| `default-root-object` | The object returned when a user requests the root URL for your distribution. If this path is invalidated then a slash (/) is added to the invalidation paths | `index.html` |\n| `aws-region` | The AWS region | `us-east-1` |\n\n## Cache Invalidation Gotchas\n\nIf you've specified the distribution `OriginPath` then this path must not exist in the invalidation path.\n\n## Related GitHub Actions\n\n- [badsyntax/github-action-aws-cloudformation](https://github.com/badsyntax/github-action-aws-cloudformation)\n- [badsyntax/github-action-aws-s3](https://github.com/badsyntax/github-action-aws-s3)\n\n## Debugging\n\nCheck the Action output for logs.\n\nIf you need to see more verbose logs you can set `ACTIONS_STEP_DEBUG` to `true` as an Action Secret.\n\n## License\n\nSee [LICENSE.md](./LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbadsyntax%2Fgithub-action-aws-cloudfront","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbadsyntax%2Fgithub-action-aws-cloudfront","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbadsyntax%2Fgithub-action-aws-cloudfront/lists"}