Dev v3 amanabiy pages

[amanabiy]

Description

Related links, issue #, if available: n/a

How has this been tested?

Review checklist

The following items are to be evaluated by the author(s) and the reviewer(s).

Correctness

• Changes include appropriate documentation updates.
• Changes are backward-compatible if not indicated, see CONTRIBUTING.md.
• Changes do not include unsupported browser features, see CONTRIBUTING.md.
• Changes were manually tested for accessibility, see accessibility guidelines.

Security

• If the code handles URLs: all URLs are validated through the checkSafeUrl function.

Testing

• Changes are covered with new/existing unit tests?
• Changes are covered with new/existing integration tests?

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.15%. Comparing base (0f8232f) to head (112b41b).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4136   +/-   ##
=======================================
  Coverage   97.15%   97.15%           
=======================================
  Files         878      878           
  Lines       25716    25716           
  Branches     9297     9297           
=======================================
  Hits        24985    24985           
  Misses        725      725           
  Partials        6        6           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Generally, the problem is fixed by avoiding concatenating environment-derived values into a shell command string executed via a shell. Instead, call the program directly and pass arguments as an array using child_process.execFileSync or spawnSync, so the shell doesn’t reinterpret special characters. If dynamic construction is unavoidable, inputs must be safely escaped—but that is error-prone and unnecessary here.

In this specific file, we should:

• Replace execSync(command, ...) with execFileSync using a command binary and an arguments array.
• Stop passing full shell command strings like mkdir -p ${copyBuildToolsPath} into execCommand. Instead, call execCommand with a command name and a list of arguments, e.g. execCommand('mkdir', ['-p', copyBuildToolsPath]).
• Update execCommand to accept (cmd, args = [], options = {}), log a human-readable representation, and pass those directly to execFileSync.
• Keep functionality identical: still run mkdir -p <path>, rm -rf <path>, and git clone --branch ... with the same options and error logging.

Concretely in scripts/setup-build-tools.js:

• Add execFileSync to the import from child_process.
• Change the three top-level execCommand calls on lines 17–19 to use (command, args) instead of a single string.
• Rewrite execCommand on lines 23–33 accordingly, and update error messages to print the reconstructed command string for readability.

[pan-kot]

this description is a leftover, I believe we don't need any for this script as all

[pan-kot]

For such a simple command - can we inline that in the package.json?

E.g. "rimraf shared/build-tools && mkdir -p shared/build-tools && git clone --branch add-test-pages-util-permutation-view --single-branch https://github.com/cloudscape-design/build-tools.git shared/build-tools"

[pan-kot]

why the param is explicitly annotated here - it is necessary?

[pan-kot]

what is @cloudscape-design/build-tools-repo for?