{"id":13432858,"url":"https://github.com/chetan/invalidate-cloudfront-action","last_synced_at":"2026-03-01T22:08:17.560Z","repository":{"id":37344345,"uuid":"209871042","full_name":"chetan/invalidate-cloudfront-action","owner":"chetan","description":"Invalidate AWS CloudFront distribution paths","archived":false,"fork":false,"pushed_at":"2026-01-08T20:39:01.000Z","size":30,"stargazers_count":168,"open_issues_count":1,"forks_count":41,"subscribers_count":1,"default_branch":"develop","last_synced_at":"2026-02-18T04:46:17.418Z","etag":null,"topics":["aws","github-actions"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chetan.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-20T19:59:03.000Z","updated_at":"2026-02-02T17:10:36.000Z","dependencies_parsed_at":"2024-06-18T12:19:54.843Z","dependency_job_id":"f1291eb5-7676-4dce-a1a3-9da9f93a465b","html_url":"https://github.com/chetan/invalidate-cloudfront-action","commit_stats":{"total_commits":53,"total_committers":2,"mean_commits":26.5,"dds":"0.018867924528301883","last_synced_commit":"026a6df0e0d5b1bdcb915e813bdc6d02b9474841"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/chetan/invalidate-cloudfront-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chetan%2Finvalidate-cloudfront-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chetan%2Finvalidate-cloudfront-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chetan%2Finvalidate-cloudfront-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chetan%2Finvalidate-cloudfront-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chetan","download_url":"https://codeload.github.com/chetan/invalidate-cloudfront-action/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chetan%2Finvalidate-cloudfront-action/sbom","scorecard":{"id":277009,"data":{"date":"2025-08-11","repo":{"name":"github.com/chetan/invalidate-cloudfront-action","commit":"026a6df0e0d5b1bdcb915e813bdc6d02b9474841"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/26 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/tests.yml:5","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/chetan/invalidate-cloudfront-action/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/chetan/invalidate-cloudfront-action/tests.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/chetan/invalidate-cloudfront-action/tests.yml/develop?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating pahud/awscli:with-bash to pahud/awscli:with-bash@sha256:f2667bd3aec3401860e041a1c739bcd48a0a4d0a691126fe7b748880ec1c3686","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'develop'","Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T14:44:25.127Z","repository_id":37344345,"created_at":"2025-08-17T14:44:25.127Z","updated_at":"2025-08-17T14:44:25.127Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29844845,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-25T22:37:40.667Z","status":"ssl_error","status_checked_at":"2026-02-25T22:37:25.960Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","github-actions"],"created_at":"2024-07-31T02:01:17.650Z","updated_at":"2026-03-01T22:08:17.518Z","avatar_url":"https://github.com/chetan.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# Invalidate AWS CloudFront action\n\nA GitHub Workflow Action for invalidating CloudFront distribution paths\n\n## Usage\n\n```yaml\n- name: Invalidate CloudFront\n  uses: chetan/invalidate-cloudfront-action@v2\n  env:\n    DISTRIBUTION: ${{ secrets.DISTRIBUTION }}\n    PATHS: \"/index.html\"\n    AWS_REGION: \"us-east-1\"\n    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}\n    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n```\n\nSee also a [sample workflow](./example.yml) which illustrates a static site\nbuild and deploy.\n\n## Configuration\n\n| Param                 | Required? | Description                                                                                        |\n| --------------------- | --------- | -------------------------------------------------------------------------------------------------- |\n| PATHS                 | yes*      | A list of one or more space-separated paths to invalidate                                          |\n| PATHS_FROM            | yes*      | Filename to read list of paths from                                                                |\n| DISTRIBUTION          | yes       | CloudFront distribution ID to operate on, e.g., 'EDFDVBD6EXAMPLE'                                  |\n| AWS_REGION            | yes       | AWS Region to operate in                                                                           |\n| AWS_ACCESS_KEY_ID     | yes       | Access key with necessary permissions to invalidate objects in the target distribution (see below) |\n| AWS_SECRET_ACCESS_KEY | yes       | Secret key                                                                                         |\n| DEBUG                 | no        | When set to \"1\", prints the final awscli invalidation command for troubleshooting purposes         |\n\n__Note__: *either* `PATHS` or `PATHS_FROM` is required. `PATHS_FROM` will\noverwrite `PATHS` if both are set.\n\nSee also: [AWS CLI reference](https://docs.aws.amazon.com/cli/latest/reference/cloudfront/create-invalidation.html)\n\n### Paths\n\nPaths are passed directly to the aws cli `create-invalidation` command and so\nmust be a proper space-separated list of paths. Examples:\n\n```sh\nPATHS=/index.html\nPATHS=/ /index.html /foo/bar/baz\n```\n\nAlternatively, you can write the list of files to invalidate to a file which\nwill then be slurped into the PATHS variable. This lets you use some other\nmethod to dynamically generate the list of files based on the commit, etc.\nExample workflow steps:\n\n```yaml\n- name: checkout dist\n  uses: actions/checkout@master\n  with:\n    ref: dist\n    # need at least 2 here so we can get a proper log in next step\n    fetch-depth: 2\n\n- name: get updated files\n  run: |\n    # allow grep to fail\n    set +e\n    FILES=$(git log --stat=\"1000\" -1 | grep '|' | awk '{print \"/\"$1}' | grep -e '\\.html$')\n    set -e\n    [ -z \"$FILES\" ] \u0026\u0026 touch .updated_files \u0026\u0026 exit 0\n    for file in $FILES; do\n      echo $file\n      # add bare directory to list of updated paths when we see index.html\n      [[ \"$file\" == *\"/index.html\" ]] \u0026\u0026 echo $file | sed -e 's/\\/index.html$/\\//'\n    done | sort | uniq | tr '\\n' ' ' \u003e .updated_files\n\n- name: invalidate\n  uses: chetan/invalidate-cloudfront-action@v2\n  env:\n    PATHS_FROM: .updated_files\n    AWS_REGION: 'us-east-1'\n    DISTRIBUTION: ${{ secrets.DISTRIBUTION }}\n    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}\n    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n```\n\n### AWS Credentials\n\nThe recommended way to pass AWS credentials to your GitHub actions is to use\n[OpenID\nConnect](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services).\n\nOnce configured, you can use the\n[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials)\naction to properly authentication and supply AWS credentials to subsequent steps\nin your workflow.\n\nNote that your workflow will need the following permission when using OIDC:\n\n```yaml\npermissions:\n  id-token: write\n```\n\nFor a complete example, see the [workflow](./.github/workflows/tests.yml) in\nthis repository.\n\nAlso note that if you using the CloudFormation template from the aws repo above,\nthe 'thumbprint' shown in the example is out of date. I've included a [working\ntemplate](./docs/github-oidc.yaml) complete with the below IAM policy that\nshould work out of the box (as of 2022-01-27).\n\nAs an alternative, you may directly pass an access/secret key pair. See the\nconfig section above.\n\n### AWS IAM Policy\n\nIn order to use this action, you will need to supply credentials which have, at minimum, the following permission:\n\n```json\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"VisualEditor0\",\n            \"Effect\": \"Allow\",\n            \"Action\": \"cloudfront:CreateInvalidation\",\n            \"Resource\": \"arn:aws:cloudfront::\u003caccount id\u003e:distribution/\u003cdistribution ID\u003e\"\n        }\n    ]\n}\n```\n\n## Self-hosted runners\n\nA note regarding [self-hosted\nrunners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners):\n\n`V2` of the `invalidate-cloudfront-action` executes via a bash script on the\nrunner and requires the following additional tools:\n\n- jq 1.6\n- aws 1.x+\n- tr\n- date\n- wget\n\nPlease ensure that they are available on your system or use V1 of the action,\nwhich executes within a docker container.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchetan%2Finvalidate-cloudfront-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchetan%2Finvalidate-cloudfront-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchetan%2Finvalidate-cloudfront-action/lists"}