ci: smoke-test built wheel and sdist after build (closes #1169)

[thehesiod]

Summary

Adds a test-dist matrix job (wheel, sdist) that depends on build and verifies the produced artifact installs into a fresh Python env and imports cleanly. The job is wired into the check aggregator so branch protection gates on it.

Closes #1169.

What this catches that current CI doesn't

Existing	What it catches
twine check --strict (in build)	metadata validity, README rendering
Test matrix (test)	functional behavior, but installs from source via uv sync so an editable install — never actually exercises the built wheel/sdist

This new job catches the gap:

• MANIFEST issues — required modules missing from the sdist
• pyproject.toml dependency mistakes — package installs from source via uv but the wheel can't resolve its declared dependencies on a clean env
• Missing data files — anything referenced at import time but not packaged
• Conditional imports — aiobotocore.httpxsession requires the [httpx] extra; smoke test uses it to verify the extra resolves

What this is NOT

@webknjaz's original framing in #1169 was broader: "the tests should depend on building the dists" — i.e., make the entire test matrix install from the dist artifact instead of editable source. That's a meaningful CI restructure (changes coverage paths, requires test files outside the source tree, breaks editable-install dev ergonomics). This PR is the smoke-test-sized increment; happy to file a follow-up for the full restructure if there's interest.

Implementation notes

• Both wheel and sdist as a matrix (fail-fast: false) so each is exercised independently.
• Uses uv venv + uv pip install for env creation rather than actions/setup-python to match the rest of the repo's tooling (every other job uses astral-sh/setup-uv).
• Pinned to the same SHA-and-comment-version pattern as other actions in this workflow.
• 3-minute timeout (build-and-import is fast).
• Imports the public submodules explicitly (aiobotocore.session, client, config, endpoint, httpsession, httpxsession, credentials, response) — so an accidentally missing module surfaces in the smoke test rather than at user import time.

Test plan

• Pre-commit clean locally (yamllint, GitHub Actions schema validation, line-length).
• Local validation: built wheel + sdist via uv build, installed wheel into fresh uv venv, all listed imports succeed.
• CI run on this PR will exercise the new job against a real GitHub-built dist artifact.

[gemini-code-assist]

Important

Installation incomplete: to start using Gemini Code Assist, please ask the organization owner(s) to visit the Gemini Code Assist Admin Console and sign the Terms of Services.

[claude]

Claude finished @thehesiod's task in 2m 5s —— View job

---

Code review

Re-reviewed after a7d5200 (cache-poisoning mitigation) — no issues found.

• CLAUDE.md compliance: ✓ all YAML lines ≤120 chars, timeout-minutes set on the new job, actions SHA-pinned with version comments.
• The github-advanced-security[bot] finding on line 113 (zizmor cache-poisoning Add tests for python 3.5 features like async with and async for #49) is addressed by enable-cache: false plus an inline comment explaining why.
• Shell logic in the install/import step is correct: bash array glob → uv pip install <wheel>[httpx] → uv run --no-project --python smoke-env python -c "...".
• No Python code touched, so no override-drift / async-pattern / version-bump concerns apply.

🤖 Generated with Claude Code
• Branch

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.84%. Comparing base (0cbf437) to head (722f294).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1589   +/-   ##
=======================================
  Coverage   93.84%   93.84%           
=======================================
  Files          81       81           
  Lines        8462     8462           
=======================================
  Hits         7941     7941           
  Misses        521      521           

Flag	Coverage Δ
no-httpx	90.82% <ø> (ø)
os-ubuntu-24.04	93.84% <ø> (ø)
os-ubuntu-24.04-arm	92.10% <ø> (ø)
python-3.10	92.09% <ø> (ø)
python-3.11	92.09% <ø> (ø)
python-3.12	92.09% <ø> (ø)
python-3.13	92.09% <ø> (ø)
python-3.14	93.83% <ø> (ø)
unittests	93.84% <ø> (ø)
with-awscrt	93.67% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.