Merge branch 'main' into feature/http-1.x

Author: landonxjames

.changelog/1751482946.md

@@ -0,0 +1,37 @@
+---
+applies_to:
+- aws-sdk-rust
+- client
+authors:
+- ysaito1001
+references:
+- smithy-rs#4203
+breaking: false
+new_feature: true
+bug_fix: false
+---
+Add support for configuring auth schemes manually using an auth scheme preference list.
+The preference list allows customers to reprioritize the order of auth schemes originally
+determined by the auth scheme resolver.
+Customers can configure the auth scheme preference at the following locations, listed in order of precedence:
+1. Service Client Configuration
+```rust
+use aws_runtime::auth::sigv4;
+use aws_smithy_runtime_api::client::auth::AuthSchemeId;
+use aws_smithy_runtime_api::client::auth::http::HTTP_BEARER_AUTH_SCHEME_ID;
+
+let config = aws_sdk_s3::Config::builder()
+    .auth_scheme_preference([AuthSchemeId::from("scheme1"), sigv4::SCHEME_ID, HTTP_BEARER_AUTH_SCHEME_ID])
+    // ...
+    .build();
+```
+2. Environment Variable
+```
+AWS_AUTH_SCHEME_PREFERENCE=scheme1, sigv4, httpBearerAuth
+```
+3. Configuration File
+```
+auth_scheme_preference=scheme1, sigv4, httpBearerAuth
+```
+With this configuration, the auth scheme resolver will prefer to select them in the specified order,
+if they are supported.

.changelog/1752160009.md

@@ -58,8 +58,9 @@ jobs:
       run: ./.github/scripts/acquire-build-image
     - name: Tag and upload image
       run: |
+        pwd
         IMAGE_TAG="ci-$(./.github/scripts/docker-image-hash)"
-        ./smithy-rs/.github/scripts/upload-build-image.sh $IMAGE_TAG
+        ./.github/scripts/upload-build-image.sh $IMAGE_TAG
 
   # Run the shared CI after a Docker build image has been uploaded to ECR
   ci:

.github/workflows/ci-main.yml

@@ -105,8 +105,8 @@ jobs:
           fetch-depth: 0
         - action: check-sdk-codegen-unit-tests
           runner: ubuntu-latest
-        # - action: check-fuzzgen
-        #   runner: ubuntu-latest
+        - action: check-fuzzgen
+          runner: ubuntu-latest
         - action: check-server-codegen-integration-tests
           runner: smithy_ubuntu-latest_8-core
         - action: check-server-codegen-integration-tests-python

.github/workflows/ci.yml

@@ -25,9 +25,11 @@ jobs:
     with:
       commit_sha: main
       dry_run: true
-      skip_ci: true
+      # If the automation runs this workflow in the background, we might as well run the full CI to catch any potential issues.
+      skip_ci: false
     secrets:
       RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}
       RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}
       CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}
       CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}
+      SMITHY_RS_ECR_PUSH_ROLE_ARN: ${{ secrets.SMITHY_RS_ECR_PUSH_ROLE_ARN }}

.github/workflows/dry-run-release-scheduled.yml

@@ -34,5 +34,5 @@ jobs:
       force_update_on_broken_dependencies: ${{ inputs.force_update_on_broken_dependencies }}
     secrets:
       DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}
-      SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
+      SMITHY_RS_ECR_PUSH_ROLE_ARN: ${{ secrets.SMITHY_RS_ECR_PUSH_ROLE_ARN }}
       RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

.github/workflows/manual-update-lockfiles.yml

@@ -18,14 +18,11 @@ on:
     secrets:
       DOCKER_LOGIN_TOKEN_PASSPHRASE:
         required: true
-      SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN:
+      SMITHY_RS_ECR_PUSH_ROLE_ARN:
         required: true
       RELEASE_AUTOMATION_BOT_PAT:
         required: true
 
-env:
-  ecr_repository: public.ecr.aws/w0m4q9l7/github-awslabs-smithy-rs-ci
-
 jobs:
   save-docker-login-token:
     name: Save a docker login token
@@ -42,14 +39,14 @@ jobs:
     - name: Attempt to load a docker login password
       uses: aws-actions/configure-aws-credentials@v4
       with:
-        role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
+        role-to-assume: ${{ secrets.SMITHY_RS_ECR_PUSH_ROLE_ARN }}
         role-session-name: GitHubActions
         aws-region: us-west-2
     - name: Save the docker login password to the output
       id: set-token
       run: |
         ENCRYPTED_PAYLOAD=$(
-          gpg --symmetric --batch --passphrase "${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}" --output - <(aws ecr-public get-login-password --region us-east-1) | base64 -w0
+          gpg --symmetric --batch --passphrase "${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}" --output - <(aws ecr get-login-password --region us-west-2) | base64 -w0
         )
         echo "docker-login-password=$ENCRYPTED_PAYLOAD" >> $GITHUB_OUTPUT
 
@@ -77,19 +74,18 @@ jobs:
     - name: Acquire credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
-        role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
+        role-to-assume: ${{ secrets.SMITHY_RS_ECR_PUSH_ROLE_ARN }}
         role-session-name: GitHubActions
         aws-region: us-west-2
     - name: Upload image
       run: |
-        IMAGE_TAG="$(./smithy-rs/.github/scripts/docker-image-hash)"
-        docker tag "smithy-rs-base-image:${IMAGE_TAG}" "${{ env.ecr_repository }}:${IMAGE_TAG}"
-        aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
-        docker push "${{ env.ecr_repository }}:${IMAGE_TAG}"
+        IMAGE_TAG="ci-$(./smithy-rs/.github/scripts/docker-image-hash)"
+        ./smithy-rs/.github/scripts/upload-build-image.sh $IMAGE_TAG
 
   create-pull-request-for-updating-lockfiles:
     name: Create a Pull Request for updating lockfiles
     needs:
+    - save-docker-login-token
     - acquire-base-image
     runs-on: ubuntu-latest
     steps:
@@ -106,6 +102,9 @@ jobs:
         branch_name="update-all-lockfiles-$(date +%s)"
         echo "branch_name=${branch_name}" > $GITHUB_OUTPUT
     - name: Cargo update all lockfiles
+      env:
+        ENCRYPTED_DOCKER_PASSWORD: ${{ needs.save-docker-login-token.outputs.docker-login-password }}
+        DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}
       uses: ./smithy-rs/.github/actions/docker-build
       with:
         action: cargo-update-lockfiles

.github/workflows/pull-request-updating-lockfiles.yml

@@ -23,5 +23,5 @@ jobs:
       force_update_on_broken_dependencies: false
     secrets:
       DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}
-      SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}
+      SMITHY_RS_ECR_PUSH_ROLE_ARN: ${{ secrets.SMITHY_RS_ECR_PUSH_ROLE_ARN }}
       RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

.github/workflows/update-lockfiles.yml

@@ -1,4 +1,16 @@
 <!-- Do not manually edit this file. Use the `changelogger` tool. -->
+July 17th, 2025
+===============
+**New this release:**
+- (all, [smithy-rs#4212](https://github.com/smithy-lang/smithy-rs/issues/4212)) Event streams now allocate a right-sized buffer avoiding repeated reallocations during serialization
+
+
+July 16th, 2025
+===============
+**New this release:**
+- (client) re-use checksums on retry attempts for enhanced durability
+
+
 July 8th, 2025
 ==============
 **New this release:**

CHANGELOG.md

@@ -6,100 +6,84 @@
   "smithy-rs": [],
   "aws-sdk-rust": [
     {
-      "message": "Fix h2 GoAway errors not being retried by hyper legacy client\n",
+      "message": "Temporarily disable fetching account ID from IMDS credentials on EC2.\n",
       "meta": {
-        "bug": true,
+        "bug": false,
         "breaking": false,
         "tada": false
       },
-      "author": "aajtodd",
+      "author": "ysaito1001",
       "references": [
-        "aws-sdk-rust#1272"
+        "smithy-rs#4187"
       ],
-      "since-commit": "7d64b2f9e8fc89159d7fb1ff1309d6d6b8b53189",
+      "since-commit": "dd10f0602682dfabafc465dbcd9eb92d3d915c51",
       "age": 5
     },
     {
-      "message": "Fix default supported protocols incorrectly ordered in `ClientProtocolLoader`.\n",
+      "message": "Fix hyper 1.x connection refused errors not marked as retryable\n",
       "meta": {
         "bug": true,
         "breaking": false,
         "tada": false
       },
-      "author": "ysaito1001",
-      "references": [
-        "smithy-rs#4165"
-      ],
-      "since-commit": "c624a84d9ecc451854521e363e34cf6f1c10e009",
-      "age": 4
+      "author": "aajtodd",
+      "references": [],
+      "since-commit": "dd10f0602682dfabafc465dbcd9eb92d3d915c51",
+      "age": 5
     },
     {
-      "message": "Add support for fetching account ID from IMDS credentials on EC2.\n",
+      "message": "Make Rpc V2 CBOR a compatible protocol for `awsQuery` using `awsQueryCompatible` trait\n",
       "meta": {
         "bug": false,
         "breaking": false,
         "tada": false
       },
       "author": "ysaito1001",
       "references": [
-        "smithy-rs#4109"
+        "smithy-rs#4186"
       ],
-      "since-commit": "c624a84d9ecc451854521e363e34cf6f1c10e009",
-      "age": 4
+      "since-commit": "dd10f0602682dfabafc465dbcd9eb92d3d915c51",
+      "age": 5
     },
     {
-      "message": "Temporarily disable fetching account ID from IMDS credentials on EC2.\n",
+      "message": "Allows customers to configure the auth schemes and auth scheme resolver. For more information see the GitHub [discussion](https://github.com/smithy-lang/smithy-rs/discussions/4197).\n",
       "meta": {
         "bug": false,
         "breaking": false,
         "tada": false
       },
       "author": "ysaito1001",
       "references": [
-        "smithy-rs#4187"
+        "smithy-rs#4076",
+        "smithy-rs#4198"
       ],
-      "since-commit": "dd10f0602682dfabafc465dbcd9eb92d3d915c51",
+      "since-commit": "ccf374dddc0690ef8aca1ed006b9e9b21299558e",
       "age": 3
     },
     {
-      "message": "Fix hyper 1.x connection refused errors not marked as retryable\n",
+      "message": "re-use checksums on retry attempts for enhanced durability\n",
       "meta": {
-        "bug": true,
+        "bug": false,
         "breaking": false,
         "tada": false
       },
       "author": "aajtodd",
       "references": [],
-      "since-commit": "dd10f0602682dfabafc465dbcd9eb92d3d915c51",
-      "age": 3
+      "since-commit": "1378695258e645d2c65a99cc0311b8c3d982e167",
+      "age": 2
     },
     {
-      "message": "Make Rpc V2 CBOR a compatible protocol for `awsQuery` using `awsQueryCompatible` trait\n",
+      "message": "Event streams now allocate a right-sized buffer avoiding repeated reallocations during serialization\n",
       "meta": {
         "bug": false,
         "breaking": false,
         "tada": false
       },
-      "author": "ysaito1001",
+      "author": "rcoh",
       "references": [
-        "smithy-rs#4186"
+        "smithy-rs#4212"
       ],
-      "since-commit": "dd10f0602682dfabafc465dbcd9eb92d3d915c51",
-      "age": 3
-    },
-    {
-      "message": "Allows customers to configure the auth schemes and auth scheme resolver. For more information see the GitHub [discussion](https://github.com/smithy-lang/smithy-rs/discussions/4197).\n",
-      "meta": {
-        "bug": false,
-        "breaking": false,
-        "tada": false
-      },
-      "author": "ysaito1001",
-      "references": [
-        "smithy-rs#4076",
-        "smithy-rs#4198"
-      ],
-      "since-commit": "ccf374dddc0690ef8aca1ed006b9e9b21299558e",
+      "since-commit": "a23d116a79e8920c2efa813a8f831541a9943e4f",
       "age": 1
     }
   ],