feat(website): add Astro documentation site and CDK infrastructure#133
feat(website): add Astro documentation site and CDK infrastructure#133
Conversation
Introduce the envilder marketing/docs website built with Astro. Includes landing page components (hero, features, providers, docs, changelog, roadmap), theme switcher, and full i18n support for English, Catalan, and Spanish. Registers the website package in the pnpm workspace and updates .gitignore for Astro artifacts.
Introduce the src/iac package with AWS CDK stacks for deploying static websites (S3 + CloudFront + Route53) and CodePipeline CI/CD. Includes hexagonal architecture with domain validation, stack builders, console deployment logger, and comprehensive test coverage (19 suites, 157 tests, 9 snapshots).
Removed references to shared stacks in various test files to simplify the test structure and focus on frontend stack configurations.
…ution, and validation
- Introduced a global variable for application version. - Updated various components to display the current version dynamically. - Enhanced localization for version-related strings.
- Enhance icon filters and text shadows for better aesthetics - Adjust background colors for code blocks and terminal components - Replace SVG icons with image tags for better performance
- Implement tests for CloudFront URL rewrite functionality. - Create tests for CustomStack and StaticWebsiteStack. - Add tests for formatting repository names for CloudFormation.
- Implement tests for CloudFront URL rewrite functionality. - Create tests for CustomStack and StaticWebsiteStack. - Add tests for formatting repository names for CloudFormation.
…lder into macalbert/website
This comment was marked as outdated.
This comment was marked as outdated.
macalbert
added
documentation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Updated import statements in various Astro page files to maintain a consistent order, improving code readability and organization.
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
- Expanded the roadmap to include GCP Secret Manager as a supported provider. - Updated descriptions and translations to reflect the addition of GCP. - Enhanced UI components to display GCP-related information.
…tyling - Implemented a sidebar for version navigation in the changelog. - Updated markdown parsing to support new features and improved HTML output. - Added new "Exec Mode" feature to translations and UI components. - Refactored existing components for better layout and responsiveness.
Added a back-to-top button to the changelog and footer pages for improved navigation. Enhanced styling for footer and navbar logos. Updated translations to include "back to top" in multiple languages.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
- Added Biome and related packages to pnpm workspace catalog. - Updated Astro to version 6.1.1 in website package. - Refactored markdown version extraction logic for clarity. - Changed dependency versions in iac and tests/iac to use catalog.
| .replace(/^# (.+)$/gm, '<h1>$1</h1>') | ||
| // Horizontal rules | ||
| .replace(/^---$/gm, '<hr />') | ||
| .replace(/\*\*(.+?)\*\*/g, '<strong>$1</strong>') |
There was a problem hiding this comment.
🟡 Markdown-to-HTML converter corrupts fenced code block content via bold and inline-code regex passes
The changelogToHtml function at src/apps/website/src/utils/markdown.ts:70 processes regex replacements sequentially. The fenced code block handler (line 87-91) correctly escapes < and > inside <pre><code> blocks, but subsequent regex passes for bold (**...** at line 99) and inline code (`...` at line 101) still run on the already-processed output. This means patterns like **text** or `text` inside fenced code blocks are incorrectly converted to <strong>text</strong> or nested <code>text</code>, breaking the rendered HTML. The output is injected via Astro's set:html on changelog pages (src/apps/website/src/pages/changelog.astro:65). I confirmed this by running the regex chain: <pre><code>echo **hello**</code></pre> becomes <pre><code>echo <strong>hello</strong></code></pre>.
Prompt for agents
In src/apps/website/src/utils/markdown.ts, the changelogToHtml function (line 70) applies bold, inline-code, link, list-item, and paragraph regexes to the entire document AFTER fenced code blocks have been converted to <pre><code>...</code></pre>. This corrupts code block content. Fix by extracting fenced code blocks into placeholders before running inline transformations, then reinserting them afterward. For example: (1) Replace fenced code blocks with unique placeholder tokens like %%CODEBLOCK_0%%, storing each block's HTML in an array. (2) Run all the inline regex passes (bold, code, links, lists, paragraphs). (3) Replace the placeholder tokens back with the stored <pre><code>...</code></pre> HTML.
Was this helpful? React with 👍 or 👎 to provide feedback.
| .replace( | ||
| /\[([^\]]+)\]\(([^)]+)\)/g, | ||
| '<a href="$2" target="_blank" rel="noopener noreferrer">$1</a>', | ||
| ) |
There was a problem hiding this comment.
🟡 Markdown link URLs inserted into href attributes without HTML-escaping double quotes (XSS)
The link replacement at src/apps/website/src/utils/markdown.ts:106 inserts the captured URL directly into an href attribute without escaping " characters: '<a href="$2" ...'. If a changelog link URL contains a double quote (e.g., [text](url"onmouseover="alert(1))), it breaks out of the attribute and injects arbitrary HTML attributes. The resulting HTML is rendered unsanitized via Astro's set:html directive on three changelog pages (changelog.astro:65, ca/changelog.astro:63, es/changelog.astro:63). While the attack surface is limited to content in the project's own docs/CHANGELOG.md, this is still an unsafe HTML generation pattern.
| .replace( | |
| /\[([^\]]+)\]\(([^)]+)\)/g, | |
| '<a href="$2" target="_blank" rel="noopener noreferrer">$1</a>', | |
| ) | |
| .replace( | |
| /\[([^\]]+)\]\(([^)]+)\)/g, | |
| (_m, text, url) => | |
| `<a href="${url.replace(/&/g, '&').replace(/"/g, '"')}" target="_blank" rel="noopener noreferrer">${text}</a>`, | |
| ) |
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
Summary
Adds the Envilder documentation website built with Astro (i18n landing page) and AWS CDK infrastructure for deploying static websites via CloudFront and S3. Includes comprehensive unit tests for the CDK stacks, deployment handler, and domain models.
Changes
Website (src/apps/website/)
Infrastructure (src/iac/)
Testing ( ests/iac/)
Style & Refactoring
Testing
Summary by CodeRabbit
Release Notes