chore: make aws optional

[ctron]

Summary by Sourcery

Enable optional AWS S3 support behind a new "s3" feature flag and make S3-related code and dependencies conditional, falling back to HTTP or filesystem sources when disabled, and bump package version to 0.15.0.

New Features:

• Introduce an optional "s3" feature in the common crate to enable AWS S3-based source variant and client operations
• Expose S3 support in CLI crates by enabling the "s3" feature on walker-common

Enhancements:

• Make Source enum variants and methods for S3 conditional on the "s3" feature and return an error for s3:// URIs when disabled
• Promote aws-config and aws-sdk-s3 to optional dependencies and wire them under the new "s3" feature

Build:

• Bump workspace version to 0.15.0 and update internal crate dependencies to match

Tests:

• Guard existing S3 parsing tests under the "s3" feature flag

[sourcery-ai]

Reviewer's Guide

This PR extracts AWS S3 support behind a new "s3" feature flag by conditionally compiling all S3-related code, marks the Source enum as non-exhaustive for future expansion, and updates project versioning and dependencies accordingly.

File-Level Changes

Change	Details	Files
Make AWS S3 support optional behind an "s3" feature flag	Guard all S3 imports, struct definitions, methods, and tests with #[cfg(feature = "s3")] Add conditional TryFrom logic for S3 URLs with a fallback bail when the feature is disabled Wrap discovery, formatting, I/O, and deletion logic of S3 sources under the feature flag	common/src/scoop/source.rs
Mark the Source enum as non-exhaustive	Add #[non_exhaustive] attribute to the Source enum Ensure future variants can be added without breaking downstream code	common/src/scoop/source.rs
Update project versioning and define the new S3 feature	Bump workspace and internal crate versions from 0.14.2 to 0.15.0 Introduce optional aws-config and aws-sdk-s3 dependencies and define the "s3" feature in common/Cargo.toml Enable the "s3" feature in csaf-cli and sbom-cli Cargo.toml files	Cargo.toml common/Cargo.toml csaf/csaf-cli/Cargo.toml sbom/sbom-cli/Cargo.toml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `common/src/scoop/source.rs:27-35` </location>
<code_context>
 };
 use url::Url;

+#[cfg(feature = "s3")]
+use aws_config::{BehaviorVersion, Region, meta::region::RegionProviderChain};
+#[cfg(feature = "s3")]
</code_context>

<issue_to_address>
**question:** Conditional compilation may lead to inconsistent behavior if 's3' feature is disabled.

If 's3' is disabled, S3 URLs are handled as Path sources without warning. Consider raising an explicit error for unsupported schemes instead.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[ctron]

@sourcery-ai review

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Consider returning an explicit error when encountering an "s3://" URI with the s3 feature disabled, rather than silently treating it as a file path.
• The new #[non_exhaustive] on the Source enum can break existing exhaustive matches downstream—please verify call sites are updated to handle this change.
• There’s a lot of repetitive cfg(feature = "s3") around each S3 match arm and method; you might extract those into helper functions or modules to reduce duplication and improve readability.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider returning an explicit error when encountering an "s3://" URI with the s3 feature disabled, rather than silently treating it as a file path.
- The new #[non_exhaustive] on the Source enum can break existing exhaustive matches downstream—please verify call sites are updated to handle this change.
- There’s a lot of repetitive cfg(feature = "s3") around each S3 match arm and method; you might extract those into helper functions or modules to reduce duplication and improve readability.

## Individual Comments

### Comment 1
<location> `common/src/scoop/source.rs:37` </location>
<code_context>
+        #[cfg(feature = "s3")]
+        if value.starts_with("s3://") {
</code_context>

<issue_to_address>
**issue (bug_risk):** The conditional compilation for S3 parsing may lead to silent fallback to Path if the feature is disabled.

Consider raising an explicit error or warning when 's3://' is encountered but the 's3' feature is disabled, to prevent user confusion from silent fallback.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[ctron]

@sourcery-ai review

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Consider consolidating the scattered #[cfg(feature = "s3")] blocks by moving all S3-specific functionality into its own module behind the feature flag to improve readability in source.rs.
• Since you marked Source as non_exhaustive, ensure all downstream match statements include a wildcard arm to handle future variants without breaking.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider consolidating the scattered #[cfg(feature = "s3")] blocks by moving all S3-specific functionality into its own module behind the feature flag to improve readability in source.rs.
- Since you marked Source as non_exhaustive, ensure all downstream match statements include a wildcard arm to handle future variants without breaking.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[mrizzi]

@ctron it looks very good, thanks