aws-powertools
diff --git a/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/dispatch_analytics.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dispatch_analytics.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/docs.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/docs.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/e2e-tests.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/e2e-tests.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/workflows/ossf_scorecard.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/ossf_scorecard.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/reusable_publish_docs.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/reusable_publish_docs.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/update_version.yml‎
Lines changed: 72 additions & 0 deletions b/‎.github/workflows/update_version.yml‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎docs/core/tracing.md‎
Lines changed: 93 additions & 1 deletion b/‎docs/core/tracing.md‎
Lines changed: 93 additions & 1 deletion
@@ -35,7 +35,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93  # v3.29.5
+      uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885  # v3.29.5
       with:
         languages: ${{ matrix.language }}
 
@@ -45,7 +45,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93  # v3.29.5
+      uses: github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885  # v3.29.5
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -58,4 +58,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93  # v3.29.5
+      uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885  # v3.29.5
@@ -31,7 +31,7 @@ jobs:
     environment: analytics
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8
         with:
           aws-region: eu-central-1
           role-to-assume: ${{ secrets.AWS_ANALYTICS_ROLE_ARN }}
 
@@ -36,7 +36,7 @@ jobs:
       - name: Build docs website
         run: make build-docs-website
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.AWS_DOCS_ROLE_ARN }}
@@ -69,7 +69,7 @@ jobs:
           docfx apidocs/docfx.json
       
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.AWS_DOCS_ROLE_ARN }}
 
@@ -34,7 +34,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           role-to-assume: ${{ secrets.E2E_DEPLOY_ROLE }}
           aws-region: us-east-1
@@ -78,7 +78,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           role-to-assume: ${{ secrets.E2E_DEPLOY_ROLE }}
           aws-region: us-east-1
@@ -119,7 +119,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           role-to-assume: ${{ secrets.E2E_DEPLOY_ROLE }}
           aws-region: us-east-1
@@ -151,7 +151,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           role-to-assume: ${{ secrets.E2E_DEPLOY_ROLE }}
           aws-region: us-east-1
@@ -192,7 +192,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           role-to-assume: ${{ secrets.E2E_DEPLOY_ROLE }}
           aws-region: us-east-1
 
@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -43,6 +43,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5
+        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
         with:
           sarif_file: results.sarif
@@ -68,7 +68,7 @@ jobs:
           poetry run mike set-default --push latest
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.AWS_DOCS_ROLE_ARN }}
@@ -99,7 +99,7 @@ jobs:
           brew install -f docfx --skip-cask-deps --ignore-dependencies
           docfx apidocs/docfx.json
       - name: Configure AWS credentials 
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.AWS_DOCS_ROLE_ARN }}
 
@@ -0,0 +1,72 @@
+name: Update Version File After Release
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+permissions:
+  contents: read 
+
+jobs:
+  update-version:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
+
+      - name: Get version
+        id: get_version
+        run: |
+          if [ "${{ github.event_name }}" = "release" ]; then
+            VERSION="${{ github.event.release.tag_name }}"
+          else
+            VERSION=$(gh release list --limit 1 --json tagName -q '.[0].tagName')
+          fi
+          
+          # Remove 'v' prefix if present
+          VERSION="${VERSION#v}"
+          
+          echo "VERSION=${VERSION}" >> $GITHUB_ENV
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Write version to version.txt
+        run: echo "${{ env.VERSION }}" > version.txt
+
+      - name: Check if changes exist
+        id: check_changes
+        run: |
+          git add version.txt
+          if git diff --staged --quiet; then
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+          else
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create PR for version.txt update
+        if: steps.check_changes.outputs.has_changes == 'true'
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+          commit-message: "chore: update version.txt to ${{ env.VERSION }}"
+          branch: update-version-txt-${{ github.run_id }}
+          title: "chore: update version to ${{ env.VERSION }}"
+          body: |
+            This PR updates version.txt to the latest release version.
+            
+            **Version**: ${{ env.VERSION }}
+            **Release**: ${{ github.event_name == 'release' && github.event.release.html_url || format('https://github.com/{0}/releases/tag/{1}', github.repository, env.VERSION) }}
+            **Triggered by**: ${{ github.event_name }}
+          labels: automation,version-update
+          delete-branch: true
+
+  trigger-changelog:
+    needs: update-version
+    permissions:
+      contents: write       # create temporary branch to store changelog changes
+      pull-requests: write  # create PR with changelog changes
+    uses: ./.github/workflows/reusable_publish_changelog.yml
@@ -196,9 +196,76 @@ context for an operation using any native object.
 
 ## Utilities
 
-Tracing modules comes with certain utility method when you don't want to use attribute for capturing a code block
+Tracing modules comes with certain utility methods when you don't want to use attribute for capturing a code block
 under a subsegment, or you are doing multithreaded programming. Refer examples below.
 
+### Using Statement Pattern
+
+You can create subsegments using the familiar `using` statement pattern for automatic cleanup and exception safety.
+
+=== "Basic Using Statement"
+
+    ```c# hl_lines="8 9 10 11 12 13"
+    using AWS.Lambda.Powertools.Tracing;
+
+    public class Function
+    {
+        public async Task<APIGatewayProxyResponse> FunctionHandler
+            (APIGatewayProxyRequest apigProxyEvent, ILambdaContext context)
+        {
+            using var gatewaySegment = Tracing.BeginSubsegment("PaymentGatewayIntegration");
+            gatewaySegment.AddAnnotation("Operation", "ProcessPayment");
+            gatewaySegment.AddAnnotation("PaymentMethod", "CreditCard");
+
+            var result = await ProcessPaymentAsync();
+            gatewaySegment.AddAnnotation("ProcessingTimeMs", result.ProcessingTimeMs);
+            // Subsegment automatically ends when disposed
+        }
+    }
+    ```
+
+=== "With Custom Namespace"
+
+    ```c# hl_lines="8 9 10"
+    using AWS.Lambda.Powertools.Tracing;
+
+    public class Function
+    {
+        public async Task<APIGatewayProxyResponse> FunctionHandler
+            (APIGatewayProxyRequest apigProxyEvent, ILambdaContext context)
+        {
+            using var segment = Tracing.BeginSubsegment("MyCustomNamespace", "DatabaseOperation");
+            segment.AddAnnotation("TableName", "Users");
+            segment.AddMetadata("query", "SELECT * FROM Users WHERE Active = 1");
+        }
+    }
+    ```
+
+=== "Nested Subsegments"
+
+    ```c# hl_lines="8 9 10 11 12 13 14 15 16"
+    using AWS.Lambda.Powertools.Tracing;
+
+    public class Function
+    {
+        public async Task<APIGatewayProxyResponse> FunctionHandler
+            (APIGatewayProxyRequest apigProxyEvent, ILambdaContext context)
+        {
+            using var outerSegment = Tracing.BeginSubsegment("PaymentProcessing");
+            outerSegment.AddAnnotation("Operation", "ProcessPayment");
+
+            var result = await ProcessPaymentAsync();
+
+            using var postProcessingSegment = Tracing.BeginSubsegment("PaymentPostProcessing");
+            postProcessingSegment.AddAnnotation("PaymentId", result.PaymentId);
+
+            await PostProcessPaymentAsync(result);
+        }
+    }
+    ```
+
+### Callback Pattern
+
 === "Functional Api"
 
     ```c# hl_lines="8 9 10 12 13 14"
@@ -244,6 +311,31 @@ under a subsegment, or you are doing multithreaded programming. Refer examples b
     }
     ```
 
+### Subsegment Methods
+
+When using the `using` statement pattern, the returned `TracingSubsegment` object provides direct access to tracing methods:
+
+=== "Available Methods"
+
+    ```c# hl_lines="8 9 10 11 12 13 14 15 16"
+    using var segment = Tracing.BeginSubsegment("PaymentProcessing");
+
+    // Add annotations (indexed by X-Ray)
+    segment.AddAnnotation("PaymentMethod", "CreditCard");
+    segment.AddAnnotation("Amount", 99.99);
+
+    // Add metadata (not indexed, for additional context)
+    segment.AddMetadata("PaymentDetails", paymentObject);
+    segment.AddMetadata("CustomNamespace", "RequestId", requestId);
+
+    // Add exception information
+    segment.AddException(exception);
+
+    // Add HTTP information
+    segment.AddHttpInformation("response_code", 200);
+    segment.AddHttpInformation("url", "https://api.payment.com/process");
+    ```
+
 ## Instrumenting SDK clients
 
 You should make sure to instrument the SDK clients explicitly based on the function dependency. You can instrument all of your AWS SDK for .NET clients by calling RegisterForAllServices before you create them.