chore: fix merge conflicts

.devcontainer/devcontainer.json

@@ -22,7 +22,6 @@
     "firsttris.vscode-jest-runner",
     "visualstudioexptteam.vscodeintellicode",
     "amazonwebservices.aws-toolkit-vscode",
-    "ms-vscode.vscode-typescript-tslint-plugin",
     "ms-azuretools.vscode-docker"
   ],
   // Use 'postCreateCommand' to run commands after the container is created.

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -28,23 +28,31 @@ body:
     attributes:
       label: Code snippet
       description: Please share a code snippet to help us reproduce the issue
-      render: JavaScript
+      placeholder: |
+        ```typescript
+        some code here
+        ```
     validations:
       required: true
-  - type: textarea
-    id: solution
-    attributes:
-      label: Possible Solution
-      description: If known, please suggest a potential resolution
-    validations:
-      required: false
   - type: textarea
     id: steps
     attributes:
       label: Steps to Reproduce
       description: Please share how we might be able to reproduce this issue
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
     validations:
       required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Possible Solution
+      description: If known, please suggest a potential resolution
+    validations:
+      required: false
   - type: input
     id: version
     attributes:
@@ -69,7 +77,7 @@ body:
       label: Packaging format used
       options:
         - Lambda Layers
-        - Npm
+        - npm
       multiple: true
     validations:
       required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -2,4 +2,7 @@ blank_issues_enabled: false
 contact_links:
   - name: Ask a question
     url: https://github.com/awslabs/aws-lambda-powertools-typescript/discussions/new
-    about: Ask a general question about Lambda Powertools
+    about: Ask a general question about Lambda Powertools
+  - name: Join Community Discord Server
+    url: https://discord.gg/B8zZKbbyET
+    about: "Check out the #typescript channel"

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -7,8 +7,6 @@ body:
     attributes:
       value: |
         Thank you for taking the time to suggest an idea to the Lambda Powertools project.
-
-        *Future readers*: Please react with 👍 and your use case to help us understand customer demand.
   - type: textarea
     id: problem
     attributes:
@@ -38,11 +36,17 @@ body:
       options:
         - label: This feature request meets [Lambda Powertools Tenets](https://awslabs.github.io/aws-lambda-powertools-typescript/latest/#tenets)
           required: true
-        - label: Should this be considered in other Lambda Powertools languages? i.e. [Python](https://github.com/awslabs/aws-lambda-powertools-python/), [Java](https://github.com/awslabs/aws-lambda-powertools-java/)
+        - label: Should this be considered in other Lambda Powertools languages? i.e. [Python](https://github.com/awslabs/aws-lambda-powertools-python/), [Java](https://github.com/awslabs/aws-lambda-powertools-java/), and [.NET](https://github.com/awslabs/aws-lambda-powertools-dotnet/)
           required: false
   - type: markdown
     attributes:
       value: |
         ---
 
-        **Disclaimer**: After creating an issue, please wait until it is triaged and confirmed by a maintainer before implementing it. This will reduce amount of rework and the chance that a pull request gets rejected.
+        **Disclaimer**: After creating an issue, please wait until it is triaged and confirmed by a maintainer before implementing it. This will reduce amount of rework and the chance that a pull request gets rejected.
+  - type: input
+    id: notes
+    attributes:
+      label: Future readers
+      description: Please not edit this field
+      value: "Please react with 👍 and your use case to help us understand customer demand."

.github/ISSUE_TEMPLATE/maintenance.yml

@@ -7,8 +7,6 @@ body:
     attributes:
       value: |
         Thank you for taking the time to help us improve this project.
-
-        *Future readers*: Please react with 👍 and your use case to help us understand customer demand.
   - type: textarea
     id: activity
     attributes:
@@ -52,11 +50,17 @@ body:
       options:
         - label: This request meets [Lambda Powertools Tenets](https://awslabs.github.io/aws-lambda-powertools-typescript/latest/#tenets)
           required: true
-        - label: Should this be considered in other Lambda Powertools languages? i.e. [Python](https://github.com/awslabs/aws-lambda-powertools-python/), [Java](https://github.com/awslabs/aws-lambda-powertools-java/)
+        - label: Should this be considered in other Lambda Powertools languages? i.e. [Python](https://github.com/awslabs/aws-lambda-powertools-python/), [Java](https://github.com/awslabs/aws-lambda-powertools-java/), and [.NET](https://github.com/awslabs/aws-lambda-powertools-dotnet/)
           required: false
   - type: markdown
     attributes:
       value: |
         ---
 
-        **Disclaimer**: After creating an issue, please wait until it is triaged and confirmed by a maintainer before implementing it. This will reduce amount of rework and the chance that a pull request gets rejected.
+        **Disclaimer**: After creating an issue, please wait until it is triaged and confirmed by a maintainer before implementing it. This will reduce amount of rework and the chance that a pull request gets rejected.
+  - type: input
+    id: notes
+    attributes:
+      label: Future readers
+      description: Please not edit this field
+      value: "Please react with 👍 and your use case to help us understand customer demand."

.github/ISSUE_TEMPLATE/rfc.yml

@@ -83,7 +83,7 @@ body:
       options:
         - label: This feature request meets [Lambda Powertools Tenets](https://awslabs.github.io/aws-lambda-powertools-typescript/latest/#tenets)
           required: true
-        - label: Should this be considered in other Lambda Powertools languages? i.e. [Python](https://github.com/awslabs/aws-lambda-powertools-python/), [Java](https://github.com/awslabs/aws-lambda-powertools-java/)
+        - label: Should this be considered in other Lambda Powertools languages? i.e. [Python](https://github.com/awslabs/aws-lambda-powertools-python/), [Java](https://github.com/awslabs/aws-lambda-powertools-java/), and [.NET](https://github.com/awslabs/aws-lambda-powertools-dotnet/)
           required: false
   - type: markdown
     attributes:
@@ -96,4 +96,10 @@ body:
 
         * RFC PR:
         * Approved by: ''
-        * Reviewed by: ''
+        * Reviewed by: ''
+  - type: input
+    id: notes
+    attributes:
+      label: Future readers
+      description: Please not edit this field
+      value: "Please react with 👍 and your use case to help us understand customer demand."

.github/PULL_REQUEST_TEMPLATE.md

@@ -25,11 +25,6 @@
 <!--- If no issue is present the PR might get blocked and not be reviewed. -->
 **Issue number:** 
 
-### PR status
-
-***Is this ready for review?:*** NO  
-***Is it a breaking change?:*** NO
-
 ## Checklist
 
 - [ ] [My changes meet the tenets criteria](https://awslabs.github.io/aws-lambda-powertools-typescript/#tenets)
@@ -46,6 +41,8 @@
 
 ### Breaking change checklist
 
+***Is it a breaking change?:*** NO
+
 - [ ] I have documented the migration process
 - [ ] I have added, implemented necessary warnings (if it can live side by side)
 

.github/scripts/setup_tmp_layer_files.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+rm -rf tmp/nodejs
+mkdir -p tmp/nodejs
+cd tmp/nodejs
+npm init -y
+npm i \
+  @aws-lambda-powertools/logger@$VERSION \
+  @aws-lambda-powertools/metrics@$VERSION \
+  @aws-lambda-powertools/tracer@$VERSION
+rm -rf node_modules/@types \
+  package.json \
+  package-lock.json
+cd ../..

.github/scripts/update_layer_arn.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+
+# This script is run during the reusable_update_v2_layer_arn_docs CI job,
+# and it is responsible for replacing the layer ARN in our documentation,
+# based on the output files generated by CDK when deploying to each pseudo_region.
+#
+# see .github/workflows/reusable_deploy_v2_layer_stack.yml
+
+set -eo pipefail
+
+if [[ $# -ne 1 ]]; then
+  cat <<EOM
+Usage: $(basename $0) cdk-output-dir
+
+cdk-output-dir: directory containing the cdk output files generated when deploying the Layer
+EOM
+  exit 1
+fi
+
+CDK_OUTPUT_DIR=$1
+
+# Check if CDK output dir is a directory
+if [ ! -d "$CDK_OUTPUT_DIR" ]; then
+  echo "No $CDK_OUTPUT_DIR directory found, not replacing lambda layer versions"
+  exit 1
+fi
+
+# Process each file inside the directory
+files="$CDK_OUTPUT_DIR/*"
+for file in $files; do
+  echo "[+] Processing: $file"
+
+  # Process each line inside the file
+  lines=$(cat "$file")
+  for line in $lines; do
+    echo -e "\t[*] ARN: $line"
+    # line = arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScript:49
+
+    # From the full ARN, extract everything but the version at the end. This prefix
+    # will later be used to find/replace the ARN on the documentation file.
+    prefix=$(echo "$line" | cut -d ':' -f 1-7)
+    # prefix = arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScript
+
+    # Now replace the all "prefix"s in the file with the full new Layer ARN (line)
+    # prefix:\d+ ==> line
+    # sed doesn't support \d+ in a portable way, so we cheat with (:digit: :digit: *)
+    sed -i -e "s/$prefix:[[:digit:]][[:digit:]]*/$line/g" docs/index.md
+
+    # We use the eu-central-1 layer as the version for all the frameworks (SAM, CDK, SLS, etc)
+    # We could have used any other region. What's important is the version at the end.
+
+    # Examples of strings found in the documentation with pseudo regions:
+    # arn:aws:lambda:{region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:39
+    # arn:aws:lambda:${AWS::Region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:39
+    # arn:aws:lambda:${aws:region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:39
+    # arn:aws:lambda:{env.region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:39
+    if [[ "$line" == *"eu-central-1"* ]]; then
+      # These are all the framework pseudo parameters currently found in the docs
+      for pseudo_region in '{region}' '${AWS::Region}' '${aws::region}' '{aws::region}' '{env.region}' '${cdk.Stack.of(this).region}' '${aws.getRegionOutput().name}'; do
+        prefix_pseudo_region=$(echo "$prefix" | sed "s/eu-central-1/${pseudo_region}/")
+        # prefix_pseudo_region = arn:aws:lambda:${AWS::Region}:094274105915:layer:AWSLambdaPowertoolsTypeScript
+
+        line_pseudo_region=$(echo "$line" | sed "s/eu-central-1/${pseudo_region}/")
+        # line_pseudo_region = arn:aws:lambda:${AWS::Region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:49
+
+        # Replace all the "prefix_pseudo_region"'s in the file
+        # prefix_pseudo_region:\d+ ==> line_pseudo_region
+        sed -i -e "s/$prefix_pseudo_region:[[:digit:]][[:digit:]]*/$line_pseudo_region/g" docs/index.md
+      done
+    fi
+  done
+done

.github/workflows/make-release.yml

@@ -9,6 +9,8 @@ jobs:
   publish-npm:
     needs: run-unit-tests
     runs-on: ubuntu-latest
+    outputs:
+      RELEASE_VERSION: ${{ steps.set-release-version.outputs.RELEASE_VERSION }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -28,7 +30,7 @@ jobs:
           npm set "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}"
       - name: Cache node modules
         id: cache-node-modules
-        uses: actions/cache@v3
+        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
         with:
           path: "./node_modules"
           # Use the combo between node version, name, and SHA-256 hash of the lock file as cache key so that
@@ -47,3 +49,21 @@ jobs:
           git remote set-url origin https://x-access-token:${GH_TOKEN}@github.com/$GITHUB_REPOSITORY
           npx lerna version --conventional-commits --force-publish --yes
           npx lerna publish from-git --no-verify-access --yes
+      - name: Set release version
+        id: set-release-version
+        run: |
+          RELEASE=$(npm view  @aws-lambda-powertools/tracer version)
+          echo RELEASE_VERSION="$RELEASE_VERSION" >> "$GITHUB_OUTPUT"
+
+  # NOTE: Watch out for the depth limit of 4 nested workflow_calls.
+  # publish_layer -> reusable_deploy_layer_stack -> reusable_update_layer_arn_docs
+  publish_layer:
+    needs: publish-npm
+    secrets: inherit
+    permissions:
+      id-token: write
+      contents: write
+      pages: write
+    uses: ./.github/workflows/publish_layer.yml
+    with:
+      latest_published_version: ${{ needs.publish-npm.outputs.RELEASE_VERSION }}

.github/workflows/measure-packages-size.yml

@@ -31,7 +31,7 @@ jobs:
         with:
           ref: ${{ steps.extract_PR_details.outputs.headSHA }}
       - name: Packages size report
-        uses: flochaz/pkg-size-action@v2.0.0
+        uses: flochaz/pkg-size-action@e41584e9396375027c8a3c68909e3eca55719e47 # v.2.0.0
         with:
           build-command: mkdir dist && npm run package -w packages/logger -w packages/tracer -w packages/metrics -w packages/commons -w packages/parameters && npm run package-bundle -w packages/logger -w packages/tracer -w packages/metrics -w packages/commons -w packages/parameters && bash -c "mv ./packages/*/dist/* dist/" && ls dist
           dist-directory: /dist

.github/workflows/on-merge-to-main.yml

@@ -21,23 +21,14 @@ jobs:
     needs: get_pr_details
     if: ${{ needs.get_pr_details.outputs.prIsMerged == 'true' }}
     uses: ./.github/workflows/reusable-run-linting-check-and-unit-tests.yml
-  publish:
-    needs:
-      [get_pr_details, run-unit-tests]
-    uses: ./.github/workflows/reusable-publish-docs.yml
-    with:
-      workflow_origin: ${{ github.event.repository.full_name }}
-      prIsMerged: ${{ needs.get_pr_details.outputs.prIsMerged }}
-    secrets:
-      token: ${{ secrets.GITHUB_TOKEN }}
   update-release-draft:
-    needs: publish
+    needs: run-unit-tests
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
       - name: Update release draft
-        uses: release-drafter/release-drafter@v5.20.0
+        uses: release-drafter/release-drafter@569eb7ee3a85817ab916c8f8ff03a5bd96c9c83e # v5.23.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   release_label_on_merge:

.github/workflows/on-workflows-push-pr.yml

@@ -0,0 +1,32 @@
+name: Lockdown untrusted workflows
+
+on:
+  push:
+    paths:
+      - ".github/workflows/**"
+  pull_request:
+    paths:
+      - ".github/workflows/**"
+
+jobs:
+  enforce_pinned_workflows:
+    name: Harden Security
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Ensure 3rd party workflows have SHA pinned
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b9ddf6a5153efe6fb94f071c8915175afdce60fa # v2.1.0
+        with:
+          # Trusted GitHub Actions and/or organizations
+          allowlist: |
+            aws-actions/
+            actions/checkout
+            actions/github-script
+            actions/setup-node
+            actions/setup-python
+            actions/upload-artifact
+            actions/download-artifact
+            github/codeql-action/init
+            github/codeql-action/analyze
+            dependabot/fetch-metadata

.github/workflows/on_doc_merge.yml

@@ -0,0 +1,23 @@
+name: Docs
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "docs/**"
+      - "mkdocs.yml"
+      - "examples/**"
+
+jobs:
+  release-docs:
+    permissions:
+      contents: write
+      pages: write
+    uses: ./.github/workflows/reusable-publish-docs.yml
+    with:
+      workflow_origin: ${{ github.event.repository.full_name }}
+      version: dev
+      alias: stage
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}