Merge branch 'main' into RFC30/serde-decorator

Author: thomas-k-cameron

.github/workflows/ci-merge-queue.yml

@@ -84,7 +84,7 @@ jobs:
     needs:
     - save-docker-login-token
     - acquire-base-image
-    if: ${{ github.event.pull_request.head.repo.full_name == 'awslabs/smithy-rs' || toJSON(github.event.merge_group) != '{}' }}
+    if: ${{ github.event.pull_request.head.repo.full_name == 'smithy-lang/smithy-rs' || toJSON(github.event.merge_group) != '{}' }}
     uses: ./.github/workflows/ci.yml
     with:
       run_sdk_examples: true

.github/workflows/ci-pr-forks.yml

@@ -18,7 +18,7 @@ jobs:
   # it uploads the image as a build artifact for other jobs to download and use.
   acquire-base-image:
     name: Acquire Base Image
-    if: ${{ github.event.pull_request.head.repo.full_name != 'awslabs/smithy-rs' }}
+    if: ${{ github.event.pull_request.head.repo.full_name != 'smithy-lang/smithy-rs' }}
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
@@ -39,7 +39,7 @@ jobs:
   # Run shared CI after the Docker build image has either been rebuilt or found in ECR
   ci:
     needs: acquire-base-image
-    if: ${{ github.event.pull_request.head.repo.full_name != 'awslabs/smithy-rs' }}
+    if: ${{ github.event.pull_request.head.repo.full_name != 'smithy-lang/smithy-rs' }}
     uses: ./.github/workflows/ci.yml
     with:
       run_sdk_examples: true

.github/workflows/ci-pr.yml

@@ -21,7 +21,7 @@ jobs:
   # The login password is encrypted with the repo secret DOCKER_LOGIN_TOKEN_PASSPHRASE
   save-docker-login-token:
     name: Save a docker login token
-    if: ${{ github.event.pull_request.head.repo.full_name == 'awslabs/smithy-rs' }}
+    if: ${{ github.event.pull_request.head.repo.full_name == 'smithy-lang/smithy-rs' }}
     outputs:
       docker-login-password: ${{ steps.set-token.outputs.docker-login-password }}
     permissions:
@@ -51,7 +51,7 @@ jobs:
   acquire-base-image:
     name: Acquire Base Image
     needs: save-docker-login-token
-    if: ${{ github.event.pull_request.head.repo.full_name == 'awslabs/smithy-rs' }}
+    if: ${{ github.event.pull_request.head.repo.full_name == 'smithy-lang/smithy-rs' }}
     runs-on: smithy_ubuntu-latest_8-core
     env:
       ENCRYPTED_DOCKER_PASSWORD: ${{ needs.save-docker-login-token.outputs.docker-login-password }}
@@ -86,7 +86,7 @@ jobs:
     needs:
     - save-docker-login-token
     - acquire-base-image
-    if: ${{ github.event.pull_request.head.repo.full_name == 'awslabs/smithy-rs' }}
+    if: ${{ github.event.pull_request.head.repo.full_name == 'smithy-lang/smithy-rs' }}
     uses: ./.github/workflows/ci.yml
     with:
       run_sdk_examples: true
@@ -97,7 +97,7 @@ jobs:
   # The PR bot requires a Docker build image, so make it depend on the `acquire-base-image` job.
   pr_bot:
     name: PR Bot
-    if: ${{ github.event.pull_request.head.repo.full_name == 'awslabs/smithy-rs' }}
+    if: ${{ github.event.pull_request.head.repo.full_name == 'smithy-lang/smithy-rs' }}
     needs: acquire-base-image
     uses: ./.github/workflows/pull-request-bot.yml
     with:

.github/workflows/release.yml

@@ -13,33 +13,65 @@ env:
   rust_version: 1.70.0
 
 name: Release smithy-rs
-run-name: ${{ github.workflow }} ${{ inputs.semantic_version }} (${{ inputs.commit_sha }}) - ${{ inputs.dry_run && 'Dry run' || 'Production run' }}
+run-name: ${{ inputs.dry_run && 'Dry run' || 'Prod run' }} - ${{ github.workflow }} ${{ inputs.stable_semantic_version }}/${{ inputs.unstable_semantic_version }} (${{ inputs.commit_sha }})
 on:
   workflow_dispatch:
     inputs:
       commit_sha:
         description: |
-          The SHA of the git commit that you want to release.
+          Commit SHA: The SHA of the git commit that you want to release.
           You must use the non-abbreviated SHA (e.g. b2318b0 won't work!).
         required: true
         type: string
-      semantic_version:
-        description: The semver tag that you want to release (e.g. 0.52.1)
+      stable_semantic_version:
+        description: |
+          Stable semantic version: The semver tag that you want to release for stable crates (e.g. 1.0.2)
+        required: true
+        type: string
+      unstable_semantic_version:
+        description: |
+          Unstable semantic version: The semver tag that you want to release for unstable crates (e.g. 0.52.1)
         required: true
         type: string
       dry_run:
-        description: Dry runs will only produce release artifacts, but they will not cut a release tag in GitHub nor publish to crates.io
+        description: |
+          Dry run: When selected, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io
         required: true
         type: boolean
         default: true
 
 jobs:
+  check-actor-for-prod-run:
+    name: Check actor for prod run
+    if: inputs.dry_run == false
+    runs-on: ubuntu-latest
+    env:
+      ACTOR: ${{ github.actor }}
+    steps:
+    - name: Check actor for prod run
+      run: |
+        set -e
+
+        if [ "${ACTOR}" != "aws-sdk-rust-ci" ]; then
+          echo "Error: The current actor is '${ACTOR}' but only 'aws-sdk-rust-ci' is allowed to run a prod release workflow."
+          exit 1
+        fi
+
+        echo "The current actor is 'aws-sdk-rust-ci', continuing with the workflow."
+
   # We'll need to build a base image to work against if:
   # - a release was kicked off before the image build step triggered by a push to the release branch/main completed
   # - a dry-run release was kicked off against a feature branch to test automation changes
   # This job will be a no-op if an image had already been built.
   acquire-base-image:
     name: Acquire Base Image
+    needs:
+    - check-actor-for-prod-run
+    # We need `always` here otherwise this job won't run if the previous job has been skipped
+    # See https://samanpavel.medium.com/github-actions-conditional-job-execution-e6aa363d2867
+    if: |
+      always() &&
+      (needs.check-actor-for-prod-run.result == 'success' || needs.check-actor-for-prod-run.result == 'skipped')
     runs-on: smithy_ubuntu-latest_16-core
     steps:
     - uses: actions/checkout@v3
@@ -92,7 +124,7 @@ jobs:
       id: branch-push
       shell: bash
       env:
-        SEMANTIC_VERSION: ${{ inputs.semantic_version }}
+        SEMANTIC_VERSION: ${{ inputs.stable_semantic_version }}
         DRY_RUN: ${{ inputs.dry_run }}
       run: |
         set -e
@@ -125,15 +157,15 @@ jobs:
       uses: ./smithy-rs/.github/actions/docker-build
       with:
         action: upgrade-gradle-properties
-        action-arguments: ${{ inputs.semantic_version }}
+        action-arguments: ${{ inputs.stable_semantic_version }} ${{ inputs.unstable_semantic_version }}
     - name: Download all artifacts
       uses: ./smithy-rs/.github/actions/download-all-artifacts
     - name: Push gradle.properties changes
       id: gradle-push
       working-directory: upgrade-gradle-properties/smithy-rs
       shell: bash
       env:
-        SEMANTIC_VERSION: ${{ inputs.semantic_version }}
+        SEMANTIC_VERSION: ${{ inputs.stable_semantic_version }}
         RELEASE_COMMIT_SHA: ${{ inputs.commit_sha }}
         RELEASE_BRANCH_NAME: ${{ needs.get-or-create-release-branch.outputs.release_branch }}
         DRY_RUN: ${{ inputs.dry_run }}
@@ -152,7 +184,13 @@ jobs:
           # to retry a release action execution that failed due to a transient issue.
           # In that case, we expect the commit to be releasable as-is, i.e. the runtime crate version in gradle.properties
           # should already be the expected one.
-          git push origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}"
+          if [[ "${DRY_RUN}" == "true" ]]; then
+            # During dry-runs, "git push" without "--force" can fail if smithy-rs-release-x.y.z-preview is behind
+            # smithy-rs-release-x.y.z, but that does not matter much during dry-runs.
+            git push --force origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}"
+          else
+            git push origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}"
+          fi
 
           echo "commit_sha=$(git rev-parse HEAD)" > $GITHUB_OUTPUT
         else
@@ -193,6 +231,7 @@ jobs:
       id: push-changelog
       env:
         RELEASE_BRANCH_NAME: ${{ needs.upgrade-gradle-properties.outputs.release_branch }}
+        DRY_RUN: ${{ inputs.dry_run }}
       run: |
         if ! git diff-index --quiet HEAD; then
           echo "Pushing release commits..."
@@ -201,7 +240,13 @@ jobs:
           # to retry a release action execution that failed due to a transient issue.
           # In that case, we expect the commit to be releasable as-is, i.e. the changelog should have already
           # been processed.
-          git push origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}"
+          if [[ "${DRY_RUN}" == "true" ]]; then
+            # During dry-runs, "git push" without "--force" can fail if smithy-rs-release-x.y.z-preview is behind
+            # smithy-rs-release-x.y.z, but that does not matter much during dry-runs.
+            git push --force origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}"
+          else
+            git push origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}"
+          fi
         fi
         echo "commit_sha=$(git rev-parse HEAD)" > $GITHUB_OUTPUT
     - name: Tag release

.github/workflows/update-sdk-next.yml

@@ -25,7 +25,7 @@ jobs:
     - name: Check out `smithy-rs`
       uses: actions/checkout@v3
       with:
-        repository: awslabs/smithy-rs
+        repository: smithy-lang/smithy-rs
         ref: ${{ inputs.generate_ref }}
         path: smithy-rs
     - name: Check out `aws-sdk-rust`

.pre-commit-config.yaml

@@ -7,7 +7,7 @@ repos:
     exclude: ^aws/rust-runtime/aws-sigv4/aws-sig-v4-test-suite/
   - id: trailing-whitespace
 - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-  rev: v2.10.0
+  rev: v2.11.0
   hooks:
   - id: pretty-format-kotlin
     args: [--autofix, --ktlint-version, 0.48.2]