Skip to content

Commit 13221b8

Browse files
committed
Merge remote-tracking branch 'upstream/main' into smithy-rpc-v2
2 parents 6dcb841 + e8449bd commit 13221b8

File tree

680 files changed

+44376
-17916
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

680 files changed

+44376
-17916
lines changed

.cargo-deny-config.toml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ allow = [
2222
confidence-threshold = 1.0
2323
exceptions = [
2424
{ allow = ["OpenSSL"], name = "ring", version = "*" },
25+
{ allow = ["OpenSSL"], name = "aws-lc-sys", version = "*" },
26+
{ allow = ["OpenSSL"], name = "aws-lc-fips-sys", version = "*" },
2527
]
2628

2729
[[licenses.clarify]]

.github/actions/docker-build/action.yml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ inputs:
1515
runs:
1616
using: composite
1717
steps:
18-
- uses: actions/cache@v3
18+
- uses: actions/cache@v4
1919
name: Gradle Cache
2020
with:
2121
path: |
@@ -24,8 +24,8 @@ runs:
2424
key: ${{ runner.os }}-gradle-${{ hashFiles('gradle/caches/**/*', 'gradle/wrapper/**/*') }}
2525
restore-keys: |
2626
${{ runner.os }}-gradle-
27-
# Pinned to the commit hash of v2.1.0
28-
- uses: Swatinem/rust-cache@b894d59a8d236e2979b247b80dac8d053ab340dd
27+
# Pinned to the commit hash of v2.7.3
28+
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84
2929
with:
3030
shared-key: ${{ runner.os }}-${{ github.job }}
3131
workspaces: |
@@ -60,9 +60,10 @@ runs:
6060
./smithy-rs/tools/ci-build/ci-action ${{ inputs.action }} ${{ inputs.action-arguments}}
6161
tar cfz artifacts-${{ inputs.action }}.tar.gz -C artifacts .
6262
- name: Upload artifacts
63-
uses: actions/upload-artifact@v3
63+
uses: actions/upload-artifact@v4
6464
with:
6565
name: artifacts-${{ inputs.action }}
6666
path: artifacts-${{ inputs.action }}.tar.gz
6767
if-no-files-found: error
6868
retention-days: 3
69+
overwrite: true

.github/actions/download-all-artifacts/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ runs:
77
using: composite
88
steps:
99
- name: Download artifacts
10-
uses: actions/download-artifact@v3
10+
uses: actions/download-artifact@v4
1111
- name: Untar artifacts
1212
shell: bash
1313
run: find . -maxdepth 2 -iname 'artifacts-*.tar.gz' -print -exec tar xfz {} \;

.github/scripts/get-or-create-release-branch.sh

Lines changed: 1 addition & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -5,46 +5,18 @@
55
#
66
set -eux
77

8-
# Compute the name of the release branch starting from the version that needs to be released ($SEMANTIC_VERSION).
9-
# If it's the beginning of a new release series, the branch is created and pushed to the remote (chosen according to
10-
# the value $DRY_RUN).
11-
#
128
# The script populates an output file with key-value pairs that are needed in the release CI workflow to carry out
139
# the next steps in the release flow: the name of the release branch and a boolean flag that is set to 'true' if this
1410
# is the beginning of a new release series.
1511

16-
if [ -z "$SEMANTIC_VERSION" ]; then
17-
echo "'SEMANTIC_VERSION' must be populated."
18-
exit 1
19-
fi
20-
2112
if [ -z "$1" ]; then
2213
echo "You need to specify the path of the file where you want to collect the output"
2314
exit 1
2415
else
2516
output_file="$1"
2617
fi
2718

28-
# Split on the dots
29-
version_array=(${SEMANTIC_VERSION//./ })
30-
major=${version_array[0]}
31-
minor=${version_array[1]}
32-
patch=${version_array[2]}
33-
if [[ "${major}" == "" || "${minor}" == "" || "${patch}" == "" ]]; then
34-
echo "'${SEMANTIC_VERSION}' is not a valid semver tag"
35-
exit 1
36-
fi
37-
if [[ $major == 0 ]]; then
38-
branch_name="smithy-rs-release-${major}.${minor}.x"
39-
if [[ $patch == 0 ]]; then
40-
echo "new_release_series=true" >"${output_file}"
41-
fi
42-
else
43-
branch_name="smithy-rs-release-${major}.x.y"
44-
if [[ $minor == 0 && $patch == 0 ]]; then
45-
echo "new_release_series=true" >"${output_file}"
46-
fi
47-
fi
19+
branch_name="smithy-rs-release-1.x.y"
4820

4921
if [[ "${DRY_RUN}" == "true" ]]; then
5022
branch_name="${branch_name}-preview"
Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2+
# SPDX-License-Identifier: Apache-2.0
3+
4+
name: Open a backport PR to merge the release branch into main
5+
6+
on:
7+
# automatically called by release.yml
8+
workflow_dispatch:
9+
# can also be manually triggered when a patch fix is merged into the release branch and needs to be back-ported
10+
workflow_call:
11+
secrets:
12+
RELEASE_AUTOMATION_BOT_PAT:
13+
required: true
14+
15+
env:
16+
release_branch: smithy-rs-release-1.x.y
17+
18+
jobs:
19+
create-backport-pull-request:
20+
runs-on: ubuntu-latest
21+
steps:
22+
- name: Checkout
23+
uses: actions/checkout@v4
24+
with:
25+
token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
26+
27+
- name: Prepare backport branch
28+
id: backport-branch
29+
run: |
30+
# This step assumes the merge runs cleanly without conflicts, which should be the case when
31+
# this workflow is called by the release workflow right after a release tag has been created.
32+
git config --local user.name "AWS SDK Rust Bot"
33+
git config --local user.email "aws-sdk-rust-primary@amazon.com"
34+
35+
git fetch
36+
git checkout origin/main
37+
backport_branch="merge-${{ env.release_branch }}-to-main-$(date +%s)"
38+
git checkout -b "${backport_branch}"
39+
40+
git merge "origin/${{ env.release_branch }}" -m 'Merge remote-tracking branch "origin/${{ env.release_branch }}" into "merge-${{ env.release_branch }}-to-main"'
41+
git push origin HEAD
42+
43+
echo "branch_name=${backport_branch}" > $GITHUB_OUTPUT
44+
45+
- name: Create pull request
46+
env:
47+
GITHUB_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
48+
run: |
49+
gh pr create \
50+
--title "Merge ${{ env.release_branch }} into main" \
51+
--body "Merge it with \`gh pr merge --admin --merge\` or manually merge it with the merge commit (not squash merge)." \
52+
--base main \
53+
--head ${{ steps.backport-branch.outputs.branch_name }} \
54+
--label "needs-sdk-review" \
55+
--draft

.github/workflows/ci-main.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,16 +23,17 @@ jobs:
2323
acquire-base-image:
2424
runs-on: smithy_ubuntu-latest_8-core
2525
name: Acquire Base Image
26+
timeout-minutes: 60
2627
outputs:
2728
docker-login-password: ${{ steps.set-token.outputs.docker-login-password }}
2829
permissions:
2930
id-token: write
3031
contents: read
3132
steps:
3233
- name: Checkout
33-
uses: actions/checkout@v3
34+
uses: actions/checkout@v4
3435
- name: Acquire credentials
35-
uses: aws-actions/configure-aws-credentials@v2.2.0
36+
uses: aws-actions/configure-aws-credentials@v4
3637
with:
3738
role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
3839
role-session-name: GitHubActions
@@ -68,3 +69,5 @@ jobs:
6869
secrets:
6970
ENCRYPTED_DOCKER_PASSWORD: ${{ needs.acquire-base-image.outputs.docker-login-password }}
7071
DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}
72+
CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
73+
CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}

.github/workflows/ci-merge-queue.yml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ jobs:
2222
# The login password is encrypted with the repo secret DOCKER_LOGIN_TOKEN_PASSPHRASE
2323
save-docker-login-token:
2424
name: Save a docker login token
25+
timeout-minutes: 10
2526
outputs:
2627
docker-login-password: ${{ steps.set-token.outputs.docker-login-password }}
2728
permissions:
@@ -31,7 +32,7 @@ jobs:
3132
runs-on: ubuntu-latest
3233
steps:
3334
- name: Attempt to load a docker login password
34-
uses: aws-actions/configure-aws-credentials@v2.2.0
35+
uses: aws-actions/configure-aws-credentials@v4
3536
with:
3637
role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
3738
role-session-name: GitHubActions
@@ -51,14 +52,15 @@ jobs:
5152
name: Acquire Base Image
5253
needs: save-docker-login-token
5354
runs-on: ubuntu-latest
55+
timeout-minutes: 60
5456
env:
5557
ENCRYPTED_DOCKER_PASSWORD: ${{ needs.save-docker-login-token.outputs.docker-login-password }}
5658
DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}
5759
permissions:
5860
id-token: write
5961
contents: read
6062
steps:
61-
- uses: actions/checkout@v3
63+
- uses: actions/checkout@v4
6264
with:
6365
path: smithy-rs
6466
- name: Acquire base image
@@ -67,7 +69,7 @@ jobs:
6769
DOCKER_BUILDKIT: 1
6870
run: ./smithy-rs/.github/scripts/acquire-build-image
6971
- name: Acquire credentials
70-
uses: aws-actions/configure-aws-credentials@v2.2.0
72+
uses: aws-actions/configure-aws-credentials@v4
7173
with:
7274
role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
7375
role-session-name: GitHubActions
@@ -91,3 +93,5 @@ jobs:
9193
secrets:
9294
ENCRYPTED_DOCKER_PASSWORD: ${{ needs.save-docker-login-token.outputs.docker-login-password }}
9395
DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}
96+
CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
97+
CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}

.github/workflows/ci-pr-forks.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,9 @@ jobs:
2020
name: Acquire Base Image
2121
if: ${{ github.event.pull_request.head.repo.full_name != 'smithy-lang/smithy-rs' }}
2222
runs-on: ubuntu-latest
23+
timeout-minutes: 60
2324
steps:
24-
- uses: actions/checkout@v3
25+
- uses: actions/checkout@v4
2526
with:
2627
path: smithy-rs
2728
- name: Acquire base image
@@ -30,7 +31,7 @@ jobs:
3031
DOCKER_BUILDKIT: 1
3132
run: ./smithy-rs/.github/scripts/acquire-build-image
3233
- name: Upload base image
33-
uses: actions/upload-artifact@v3
34+
uses: actions/upload-artifact@v4
3435
with:
3536
name: smithy-rs-base-image
3637
path: smithy-rs-base-image
@@ -42,4 +43,5 @@ jobs:
4243
if: ${{ github.event.pull_request.head.repo.full_name != 'smithy-lang/smithy-rs' }}
4344
uses: ./.github/workflows/ci.yml
4445
with:
46+
run_canary: false
4547
run_sdk_examples: true

.github/workflows/ci-pr.yml

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ jobs:
2121
# The login password is encrypted with the repo secret DOCKER_LOGIN_TOKEN_PASSPHRASE
2222
save-docker-login-token:
2323
name: Save a docker login token
24+
timeout-minutes: 10
2425
if: ${{ github.event.pull_request.head.repo.full_name == 'smithy-lang/smithy-rs' }}
2526
outputs:
2627
docker-login-password: ${{ steps.set-token.outputs.docker-login-password }}
@@ -31,7 +32,7 @@ jobs:
3132
runs-on: ubuntu-latest
3233
steps:
3334
- name: Attempt to load a docker login password
34-
uses: aws-actions/configure-aws-credentials@v2.2.0
35+
uses: aws-actions/configure-aws-credentials@v4
3536
with:
3637
role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
3738
role-session-name: GitHubActions
@@ -50,6 +51,7 @@ jobs:
5051
# it uploads the image as a build artifact for other jobs to download and use.
5152
acquire-base-image:
5253
name: Acquire Base Image
54+
timeout-minutes: 60
5355
needs: save-docker-login-token
5456
if: ${{ github.event.pull_request.head.repo.full_name == 'smithy-lang/smithy-rs' }}
5557
runs-on: smithy_ubuntu-latest_8-core
@@ -60,7 +62,7 @@ jobs:
6062
id-token: write
6163
contents: read
6264
steps:
63-
- uses: actions/checkout@v3
65+
- uses: actions/checkout@v4
6466
with:
6567
path: smithy-rs
6668
- name: Acquire base image
@@ -69,7 +71,7 @@ jobs:
6971
DOCKER_BUILDKIT: 1
7072
run: ./smithy-rs/.github/scripts/acquire-build-image
7173
- name: Acquire credentials
72-
uses: aws-actions/configure-aws-credentials@v2.2.0
74+
uses: aws-actions/configure-aws-credentials@v4
7375
with:
7476
role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
7577
role-session-name: GitHubActions
@@ -93,6 +95,8 @@ jobs:
9395
secrets:
9496
ENCRYPTED_DOCKER_PASSWORD: ${{ needs.save-docker-login-token.outputs.docker-login-password }}
9597
DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}
98+
CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
99+
CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}
96100

97101
# The PR bot requires a Docker build image, so make it depend on the `acquire-base-image` job.
98102
pr_bot:
@@ -109,8 +113,9 @@ jobs:
109113
SMITHY_RS_PULL_REQUEST_CDN_ROLE_ARN: ${{ secrets.SMITHY_RS_PULL_REQUEST_CDN_ROLE_ARN }}
110114

111115
semver-checks:
112-
name: check the semver status of this PR
116+
name: Check PR semver compliance
113117
runs-on: smithy_ubuntu-latest_8-core
118+
timeout-minutes: 20
114119
needs:
115120
- save-docker-login-token
116121
- acquire-base-image
@@ -121,13 +126,13 @@ jobs:
121126
!contains(needs.*.result, 'failure') &&
122127
!contains(needs.*.result, 'cancelled')
123128
steps:
124-
- uses: actions/checkout@v3
129+
- uses: actions/checkout@v4
125130
with:
126131
path: smithy-rs
127132
ref: ${{ inputs.git_ref }}
128133
- name: Get PR info
129134
id: check-breaking-label
130-
uses: actions/github-script@v6
135+
uses: actions/github-script@v7
131136
with:
132137
script: |
133138
const response = await github.rest.pulls.get({
@@ -148,6 +153,6 @@ jobs:
148153
with:
149154
action: check-semver
150155
action-arguments: ${{ github.event.pull_request.base.sha }} ${{ fromJSON(steps.check-breaking-label.outputs.result).isBreaking }}
151-
- name: print help message
156+
- name: Print help message
152157
if: failure()
153-
run: echo "::error::This pull request contains breaking changes. Please add the `breaking-changes` label and a changelog entry"
158+
run: echo "::error::This pull request either contains breaking changes, or has cross-crate changes that may be backwards compatible, but that cargo-semver-checks cannot verify. Please scrutinize the change for backwards compatibility."

.github/workflows/ci-tls.yml

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ env:
1111

1212
name: Verify client TLS configuration
1313
on:
14+
workflow_dispatch:
1415
pull_request:
1516
push:
1617
branches: [main]
@@ -19,31 +20,37 @@ jobs:
1920
verify-tls-config:
2021
name: Verify TLS configuration
2122
runs-on: ubuntu-latest
23+
timeout-minutes: 20
2224
steps:
2325
- name: Install packages
2426
shell: bash
2527
run: |
2628
sudo apt-get update
27-
sudo apt-get -y install gcc make python3-pip nginx git ruby openjdk-17-jre pkg-config libssl-dev faketime
29+
sudo apt-get -y install gcc make python3-pip nginx git ruby pkg-config libssl-dev faketime
2830
pip3 install certbuilder crlbuilder
31+
- name: Configure JDK
32+
uses: actions/setup-java@v4
33+
with:
34+
distribution: corretto
35+
java-version: 17
2936
- name: Stop nginx
3037
run: sudo systemctl stop nginx
3138
- name: Checkout smithy-rs
32-
uses: actions/checkout@v3
39+
uses: actions/checkout@v4
3340
with:
3441
path: ./smithy-rs
3542
- name: Checkout trytls
36-
uses: actions/checkout@v3
43+
uses: actions/checkout@v4
3744
with:
3845
repository: ouspg/trytls
3946
path: ./trytls
4047
- name: Checkout badtls
41-
uses: actions/checkout@v3
48+
uses: actions/checkout@v4
4249
with:
4350
repository: wbond/badtls.io
4451
path: ./badtls.io
4552
- name: Checkout badssl
46-
uses: actions/checkout@v3
53+
uses: actions/checkout@v4
4754
with:
4855
repository: chromium/badssl.com
4956
path: ./badssl.com

0 commit comments

Comments
 (0)