aws
diff --git a/‎.eslintrc.js‎
Lines changed: 15 additions & 1 deletion b/‎.eslintrc.js‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎.github/workflows/copyPasteDetection.yml‎
Lines changed: 0 additions & 86 deletions b/‎.github/workflows/copyPasteDetection.yml‎
Lines changed: 0 additions & 86 deletions
diff --git a/‎.github/workflows/lintbranch.js‎
Lines changed: 67 additions & 0 deletions b/‎.github/workflows/lintbranch.js‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎.github/workflows/node.js.yml‎
Lines changed: 87 additions & 0 deletions b/‎.github/workflows/node.js.yml‎
Lines changed: 87 additions & 0 deletions
diff --git a/‎buildspec/shared/common.sh‎
Lines changed: 1 addition & 1 deletion b/‎buildspec/shared/common.sh‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/arch_features.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/arch_features.md‎
Lines changed: 1 addition & 0 deletions
@@ -12,7 +12,7 @@ module.exports = {
         mocha: true,
         es2024: true,
     },
-    plugins: ['@typescript-eslint', 'unicorn', 'header', 'security-node', 'aws-toolkits'],
+    plugins: ['@typescript-eslint', '@stylistic', 'unicorn', 'header', 'security-node', 'aws-toolkits'],
     extends: [
         'eslint:recommended',
         'plugin:@typescript-eslint/eslint-recommended',
@@ -113,6 +113,20 @@ module.exports = {
         'no-constant-condition': ['error', { checkLoops: false }],
         'no-empty': 'off',
 
+        // https://eslint.style/rules/default/spaced-comment
+        // Require space after // comment.
+        '@stylistic/spaced-comment': [
+            'error',
+            'always',
+            {
+                block: {
+                    markers: ['!'], // Allow the /*!…*/ license header.
+                    // exceptions: ['*'],
+                    // balanced: true
+                },
+            },
+        ],
+
         // Rules from https://github.com/sindresorhus/eslint-plugin-unicorn
         // TODO: 'unicorn/no-useless-promise-resolve-reject': 'error',
         // TODO: 'unicorn/prefer-at': 'error',
 
@@ -0,0 +1,67 @@
+// Check that branch name conforms to GitHub naming convention:
+// https://docs.github.com/en/get-started/using-git/dealing-with-special-characters-in-branch-and-tag-names#naming-branches-and-tags
+
+// To run self-tests,
+// node lintbranch.js test
+// TODO: deduplicate code from lintbranch.js and lintcommit.js.
+
+function isValid(branchName) {
+    const branchNameRegex = /^[a-zA-Z][a-zA-Z0-9._/-]*$/
+
+    return branchNameRegex.test(branchName)
+}
+
+function run(branchName) {
+    if (isValid(branchName)) {
+        console.log(`Branch name "${branchName}" is valid.`)
+        process.exit(0)
+    } else {
+        const helpUrl =
+            'https://docs.github.com/en/get-started/using-git/dealing-with-special-characters-in-branch-and-tag-names#naming-branches-and-tags'
+        console.log(`Branch name "${branchName}" is invalid see ${helpUrl} for more information.`)
+        process.exit(1)
+    }
+}
+
+function _test() {
+    const tests = {
+        'feature/branch-name': true,
+        feature_123: true,
+        'my-branch': true,
+        '123invalid-start': false,
+        '!invalid@start': false,
+        '': false,
+        'another/valid-name134': true,
+        'feature/123";id;{echo,Y2F0IC9ldGMvcGFzc3dk}|{base64,-d}|{bash,-i};#': false,
+    }
+
+    let passed = 0
+    let failed = 0
+
+    for (const [branchName, expected] of Object.entries(tests)) {
+        const result = isValid(branchName)
+        if (result === expected) {
+            console.log(`✅ Test passed for "${branchName}"`)
+            passed++
+        } else {
+            console.log(`❌ Test failed for "${branchName}" (expected "${expected}", got "${result}")`)
+            failed++
+        }
+    }
+
+    console.log(`\n${passed} tests passed, ${failed} tests failed`)
+}
+
+function main() {
+    const mode = process.argv[2]
+
+    if (mode === 'test') {
+        _test()
+    } else if (mode === 'run') {
+        run(process.argv[3])
+    } else {
+        throw new Error(`Unknown mode: ${mode}`)
+    }
+}
+
+main()
@@ -32,6 +32,12 @@ jobs:
             - uses: actions/setup-node@v4
               with:
                   node-version: '20'
+            - name: Validate Branch name
+              if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref != ''}}
+              env:
+                  BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
+              run: |
+                  node "$GITHUB_WORKSPACE/.github/workflows/lintbranch.js" run "$BRANCH_NAME"
             - name: Check PR title
               run: |
                   node "$GITHUB_WORKSPACE/.github/workflows/lintcommit.js"
@@ -55,6 +61,87 @@ jobs:
             - run: npm run testCompile
             - run: npm run lint
 
+    jscpd:
+        needs: lint-commits
+        if: ${{ github.event_name == 'pull_request'}}
+        runs-on: ubuntu-latest
+        strategy:
+            matrix:
+                node-version: [18.x]
+        env:
+            NODE_OPTIONS: '--max-old-space-size=8192'
+
+        steps:
+            - uses: actions/checkout@v4
+              with:
+                  fetch-depth: 0
+
+            - name: Use Node.js ${{ matrix.node-version }}
+              uses: actions/setup-node@v4
+              with:
+                  node-version: ${{ matrix.node-version }}
+
+            - name: Fetch fork upstream
+              env:
+                  REPO_NAME: ${{ github.event.pull_request.head.repo.full_name }}
+              run: |
+                  git remote add forkUpstream https://github.com/$REPO_NAME  # URL of the fork
+                  git fetch forkUpstream  # Fetch fork
+
+            - name: Compute git diff
+              env:
+                  CURRENT_BRANCH: ${{ github.head_ref }}
+                  TARGET_BRANCH: ${{ github.event.pull_request.base.ref }}
+              run: git diff --name-only origin/$TARGET_BRANCH forkUpstream/$CURRENT_BRANCH > diff_output.txt
+
+            - run: npm install -g jscpd
+
+            - run: jscpd --config "$GITHUB_WORKSPACE/.github/workflows/jscpd.json"
+
+            - if: always()
+              uses: actions/upload-artifact@v4
+              with:
+                  name: unfiltered-jscpd-report
+                  path: ./jscpd-report.json
+
+            - name: Filter jscpd report for changed files
+              run: |
+                  if [ ! -f ./jscpd-report.json ]; then
+                    echo "jscpd-report.json not found"
+                    exit 1
+                  fi
+                  echo "Filtering jscpd report for changed files..."
+                  CHANGED_FILES=$(jq -R -s -c 'split("\n")[:-1]' diff_output.txt)
+                  echo "Changed files: $CHANGED_FILES"
+                  jq --argjson changed_files "$CHANGED_FILES" '
+                  .duplicates | map(select(
+                      (.firstFile?.name as $fname | $changed_files | any(. == $fname)) or
+                      (.secondFile?.name as $sname | $changed_files | any(. == $sname))
+                  ))
+                  ' ./jscpd-report.json > filtered-jscpd-report.json
+                  cat filtered-jscpd-report.json
+
+            - name: Check for duplicates
+              run: |
+                  if [ $(wc -l < ./filtered-jscpd-report.json) -gt 1 ]; then
+                    echo "filtered_report_exists=true" >> $GITHUB_ENV
+                  else
+                    echo "filtered_report_exists=false" >> $GITHUB_ENV
+                  fi
+            - name: upload filtered report (if applicable)
+              if: env.filtered_report_exists == 'true'
+              uses: actions/upload-artifact@v4
+              with:
+                  name: filtered-jscpd-report
+                  path: ./filtered-jscpd-report.json
+
+            - name: Fail and log found duplicates.
+              if: env.filtered_report_exists == 'true'
+              run: |
+                  cat ./filtered-jscpd-report.json
+                  echo "Duplications found, failing the check."
+                  exit 1
+
     macos:
         needs: lint-commits
         name: test macOS
 
@@ -8,7 +8,7 @@
 #   - "waiting for browser": from `ssoAccessTokenProvider.test.ts`, unclear how to fix it.
 #   - "HTTPError: Response code …": caused by github rate-limiting.
 #   - "npm WARN deprecated querystring": transitive dep of aws sdk v2 (check `npm ls querystring`), so that's blocked until we migrate to v3.
-_ignore_pat='Timed-out waiting for browser login flow\|HTTPError: Response code 403\|HTTPError: Response code 404\|npm WARN deprecated querystring\|npm WARN deprecated'
+_ignore_pat='HTTPError: Response code 403\|HTTPError: Response code 404\|npm WARN deprecated querystring\|npm WARN deprecated'
 
 # Do not print (noisy) lines matching these patterns.
 #   - "ERROR:bus… Failed to connect to the bus": noise related to "xvfb". https://github.com/cypress-io/cypress/issues/19299
 
@@ -43,6 +43,7 @@ For EC2 specifically, there are a few additional steps:
 
 1. If connecting to EC2 instance via remote window, the toolkit generates temporary SSH keys (30 second lifetime), with the public key sent to the remote instance.
     - Key type is ed25519 if supported, or RSA otherwise.
+    - This connection will overwrite the `.ssh/authorized_keys` file on the remote machine with each connection.
 1. If insufficient permissions are detected on the attached IAM role, toolkit will prompt to add an inline policy with the necessary actions.
 1. If SSM sessions remain open after closing the window/terminal, the toolkit will terminate them on-shutdown, or when starting another session to the same instance.