chore: Merge branch 'dev'

Author: bbrauneck

.github/labeler.yml

@@ -0,0 +1,19 @@
+Feature:
+ - head-branch: ['^feature', 'feature']
+Hotfix:
+ - head-branch: ['^hotfix', 'hotfix']
+Documentation:
+- changed-files:
+  - any-glob-to-any-file: '**/*.md'
+CICD:
+- changed-files:
+  - any-glob-to-any-file: '.github/**'
+
+typescript:
+- changed-files:
+  - any-glob-to-any-file:  '**/*.ts'
+css:
+- changed-files:
+  - any-glob-to-any-file:  '**/*.css'
+
+

.github/pull_request_template.md

@@ -0,0 +1,33 @@
+# Description
+
+Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.
+
+Fixes # (issue)
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+# How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
+
+- [ ] Test A
+- [ ] Test B
+
+
+# Checklist:
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests or screenshots that prove my fix is effective or that my feature works
+- [ ] Any dependent changes have been merged and published in downstream modules
+

.github/reviewers.yml

@@ -0,0 +1,4 @@
+reviewers:
+  defaults:
+    - repository-owners
+    - bbrauneck

.github/workflows/dependabot.yaml

@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.3.1
+        uses: dependabot/fetch-metadata@v1.3.2
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
       - name: Approve a PR

.github/workflows/labelling.yaml

@@ -0,0 +1,47 @@
+name: label PRs
+on:
+  pull_request:
+    branches: [dev, master]
+jobs:
+  size-label:
+    needs: pr-reviewer 
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: size-label
+        uses: "pascalgn/size-label-action@v0.5.0"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        with:
+          sizes: >
+            {
+              "0": "XS",
+              "20": "S",
+              "50": "M",
+              "200": "L",
+              "800": "XL",
+              "2000": "XXL"
+            }
+      - name: general-labels
+        uses: actions/labeler@v5
+        with:
+          sync-labels: true
+  pr-reviewer:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+      - name: Request review and assign
+        uses: necojackarc/auto-request-review@v0.13.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          config: .github/reviewers.yml 
+          use_local: true

.pre-commit-config.yaml

@@ -1,13 +1,13 @@
 ---
 repos:
   - repo: https://github.com/compilerla/conventional-pre-commit
-    rev: v1.2.0
+    rev: v3.2.0
     hooks:
       - id: conventional-pre-commit
         stages: [commit-msg]
         args: []
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.6.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -32,25 +32,20 @@ repos:
         args:
           - -b main
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.62.0
+    rev: v1.89.1
     hooks:
       - id: terraform_fmt
-      - id: terraform_tflint
       - id: terraform_docs
         args:
           - --hook-config=--path-to-file=README.md
           - --hook-config=--add-to-existing-file=true
           - --hook-config=--create-file-if-not-exist=true
-  - repo: https://github.com/Checkmarx/kics
-    rev: v1.5.4
-    hooks:
-      - id: kics
   - repo: https://github.com/sirosen/check-jsonschema
-    rev: 0.13.0
+    rev: 0.28.3
     hooks:
       - id: check-github-workflows
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v2.5.1
+    rev: v4.0.0-alpha.8
     hooks:
       - id: prettier
         stages: [commit]

README.md

@@ -117,7 +117,7 @@ Please be aware that this is mainly a copy operation which means all your curren
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_bucket"></a> [bucket](#module\_bucket) | git::github.com/xoap-io/terraform-aws-storage-s3.git | v0.1.0 |
+| <a name="module_bucket"></a> [bucket](#module\_bucket) | git::github.com/xoap-io/terraform-aws-storage-s3.git | v0.1.1 |
 | <a name="module_this_label"></a> [this\_label](#module\_this\_label) | git::github.com/xoap-io/terraform-aws-misc-label | v0.1.0 |
 
 ## Resources
@@ -127,6 +127,7 @@ Please be aware that this is mainly a copy operation which means all your curren
 | [aws_cloudfront_cache_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_cache_policy) | resource |
 | [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
 | [aws_cloudfront_origin_request_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_request_policy) | resource |
+| [aws_cloudfront_response_headers_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_response_headers_policy) | resource |
 
 ## Inputs
 

main.tf

@@ -4,7 +4,7 @@ module "this_label" {
   attributes = ["hosting", var.site_name]
 }
 module "bucket" {
-  source                = "git::github.com/xoap-io/terraform-aws-storage-s3.git?ref=v0.1.0"
+  source                = "git::github.com/xoap-io/terraform-aws-storage-s3.git?ref=v0.1.1"
   context               = var.context
   name                  = var.site_name
   website_enabled       = true
@@ -49,6 +49,29 @@ resource "aws_cloudfront_origin_request_policy" "this" {
   }
   query_strings_config {
     query_string_behavior = "all"
+
+  }
+
+}
+resource "aws_cloudfront_response_headers_policy" "this" {
+  name = module.this_label.id
+
+  cors_config {
+    access_control_allow_credentials = false
+
+    access_control_allow_headers {
+      items = var.cors_allowed_headers
+    }
+
+    access_control_allow_methods {
+      items = concat(var.cors_allowed_methods, ["OPTIONS"])
+    }
+
+    access_control_allow_origins {
+      items = var.cors_allowed_origins
+    }
+
+    origin_override = true
   }
 }
 #tfsec:ignore:AWS045
@@ -77,16 +100,14 @@ resource "aws_cloudfront_distribution" "this" {
   default_root_object = var.default_root_object
   aliases             = var.cloudfront_aliases
   default_cache_behavior {
-    allowed_methods          = var.allowed_methods
-    cached_methods           = var.cached_methods
-    target_origin_id         = var.s3_origin_id
-    compress                 = true
-    cache_policy_id          = aws_cloudfront_cache_policy.this.id
-    origin_request_policy_id = aws_cloudfront_origin_request_policy.this.id
-    viewer_protocol_policy   = var.viewer_protocol_policy
-    min_ttl                  = var.cf_min_ttl
-    max_ttl                  = var.cf_max_ttl
-    default_ttl              = var.cf_default_ttl
+    allowed_methods            = var.allowed_methods
+    cached_methods             = var.cached_methods
+    target_origin_id           = var.s3_origin_id
+    compress                   = true
+    cache_policy_id            = aws_cloudfront_cache_policy.this.id
+    origin_request_policy_id   = aws_cloudfront_origin_request_policy.this.id
+    viewer_protocol_policy     = var.viewer_protocol_policy
+    response_headers_policy_id = aws_cloudfront_response_headers_policy.this.id
   }
   price_class = var.cf_price_class
   viewer_certificate {