feat: Support no credentials mode

Author: abdolence

README.md

@@ -84,6 +84,12 @@ The example how to use with GitHub Actions is:
       access_token_lifetime: '240s'
 ```
 
+### No credentials mode
+If you want to access only public buckets without any authentication you can disable credentials loading:
+```
+googleCredentialsDisable := true
+```
+
 ### Configure publish access level (GCS only):
 ```
 gcsPublishFilePolicy := GcsPublishFilePolicy.InheritedFromBucket // Default

build.sbt

@@ -46,10 +46,10 @@ lazy val sbtGcsArtifactRepositoryPlaygroundToPublish = project
   .in( file( "playground-publish-artifact-repository" ) )
   .settings(
     name                 := "sbt-gcs-plugin-playground-artifact-publish",
-    version              := "0.0.20-SNAPSHOT",
+    version              := "0.0.25-SNAPSHOT",
     crossScalaVersions   := Nil,
     gcsPublishFilePolicy := GcsPublishFilePolicy.InheritedFromBucket,
-    publishTo := Some(
+    publishTo            := Some(
       "Custom Releases" at "artifactregistry://europe-north1-maven.pkg.dev/latestbit/latestbit-artifacts-snapshots"
     ),
     logLevel := Level.Debug
@@ -62,7 +62,7 @@ lazy val sbtGcsArtifactRepositoryPlaygroundToResolve = project
     crossScalaVersions := Nil,
     resolvers += "Custom Releases" at "artifactregistry://europe-north1-maven.pkg.dev/latestbit/latestbit-artifacts-snapshots",
     libraryDependencies ++= Seq(
-      "org.latestbit" %% "sbt-gcs-plugin-playground-artifact-publish" % "0.0.20-SNAPSHOT"
+      "org.latestbit" %% "sbt-gcs-plugin-playground-artifact-publish" % "0.0.25-SNAPSHOT"
     ),
     logLevel := Level.Debug
   )
@@ -74,11 +74,12 @@ lazy val plugin = project
 lazy val sbtGcsRoot = project
   .in( file( "." ) )
   .settings(
-    name               := "sbt-gcs-plugin-root",
-    crossScalaVersions := Nil,
-    publish            := {},
-    publishLocal       := {},
-    publishArtifact    := false,
-    logLevel           := Level.Debug
+    name                     := "sbt-gcs-plugin-root",
+    crossScalaVersions       := Nil,
+    publish                  := {},
+    publishLocal             := {},
+    publishArtifact          := false,
+    logLevel                 := Level.Debug,
+    googleCredentialsDisable := true
   )
   .aggregate( sbtGcsPlaygroundToPublish )

project/plugins.sbt

@@ -7,3 +7,5 @@ addSbtPlugin( "org.latestbit" % "sbt-gcs-plugin" % "1.12.0" )
 addSbtPlugin( "org.scalameta" % "sbt-scalafmt" % "2.5.4" )
 
 addSbtPlugin( "com.typesafe.sbt" % "sbt-git" % "1.0.2" )
+
+addSbtPlugin( "org.xerial.sbt" % "sbt-sonatype" % "3.12.2" )

sbt-gcs-plugin/src/main/scala/org/latestbit/sbt/gcs/GcsPlugin.scala

@@ -33,24 +33,32 @@ object GcsPlugin extends AutoPlugin {
   import autoImport._
 
   private val gcsPluginDefaultSettings = Seq(
-    gcsPublishFilePolicy := GcsPublishFilePolicy.InheritedFromBucket,
-    googleCredentialsFile := None
+    gcsPublishFilePolicy     := GcsPublishFilePolicy.InheritedFromBucket,
+    googleCredentialsFile    := None,
+    googleCredentialsDisable := false
   )
 
   private val gcsPluginTaskInits = Seq(
     onLoad in Global := ( onLoad in Global ).value.andThen { state =>
       implicit val logger: Logger         = state.log
       implicit val projectRef: ProjectRef = thisProjectRef.value
       Try {
-        val googleCredentials = loadGoogleCredentials(
-          googleCredentialsFile.value.map( _.toPath )
-        )
+        val googleCredentials = if ( googleCredentialsDisable.value ) {
+          logger.debug( s"Google Application Default Credentials lookup is disabled for ${projectRef.toString}" )
+          None
+        } else {
+          Some(
+            loadGoogleCredentials(
+              googleCredentialsFile.value.map( _.toPath )
+            )
+          )
+        }
         GcsUrlHandlerFactory.install( googleCredentials, gcsPublishFilePolicy.value )
       } match {
-        case Success( _ ) => state
+        case Success( _ )   => state
         case Failure( err ) => {
           logger.err(
-            s"Unable to find/initialise google credentials: ${err}. Publishing/resolving artifacts from GCP is disabled."
+            s"Unable to find/initialise google credentials: ${err}. Publishing/resolving artifacts from GCP is disabled (${projectRef.toString})."
           )
           state
         }
@@ -77,10 +85,10 @@ object GcsPlugin extends AutoPlugin {
           .createScoped( scopes )
       }
       .orElse {
-        Option(System.getenv("GOOGLE_OAUTH_ACCESS_TOKEN")).map(accessToken =>
+        Option( System.getenv( "GOOGLE_OAUTH_ACCESS_TOKEN" ) ).map( accessToken =>
           GoogleCredentials
-            .create(AccessToken.newBuilder().setTokenValue(accessToken).build())
-            .createScoped(scopes)
+            .create( AccessToken.newBuilder().setTokenValue( accessToken ).build() )
+            .createScoped( scopes )
         )
       }
       .getOrElse {
@@ -93,9 +101,9 @@ object GcsPlugin extends AutoPlugin {
   private def lookupGoogleCredentialsInSbtDir(): Option[Path] = {
     Try( Option( System.getProperty( "user.home" ) ) ).toOption.flatten.flatMap { userHomeDir =>
       val sbtUserRootDir = new File( userHomeDir, ".sbt" )
-      if (sbtUserRootDir.exists() && sbtUserRootDir.isDirectory) {
+      if ( sbtUserRootDir.exists() && sbtUserRootDir.isDirectory ) {
         val googleAccountInSbt = new File( sbtUserRootDir, "gcs-resolver-google-account.json" )
-        if (googleAccountInSbt.exists() && googleAccountInSbt.isFile) {
+        if ( googleAccountInSbt.exists() && googleAccountInSbt.isFile ) {
           Some( googleAccountInSbt.toPath )
         } else
           None

sbt-gcs-plugin/src/main/scala/org/latestbit/sbt/gcs/GcsPluginKeys.scala

@@ -24,4 +24,7 @@ class GcsPluginKeys {
 
   val googleCredentialsFile = settingKey[Option[File]]( "A file path to Google credentials (optional)" )
 
+  val googleCredentialsDisable =
+    settingKey[Boolean]( "If true, disables automatic lookup of Google Application Default Credentials." )
+
 }

sbt-gcs-plugin/src/main/scala/org/latestbit/sbt/gcs/GcsUrlHandlerFactory.scala

@@ -29,16 +29,18 @@ import java.net.URL
 
 object GcsUrlHandlerFactory {
 
-  /**
-   * To install if it isn't already installed gs:// URLs handler
-   * without throwing a java.net.MalformedURLException.
-   */
-  def install( credentials: GoogleCredentials, gcsPublishFilePolicy: GcsPublishFilePolicy )( implicit
+  /** To install if it isn't already installed gs:// URLs handler without throwing a java.net.MalformedURLException.
+    */
+  def install( credentials: Option[GoogleCredentials], gcsPublishFilePolicy: GcsPublishFilePolicy )( implicit
       logger: Logger,
       projectRef: ProjectRef
   ) = {
 
-    val gcsStorage               = StorageOptions.newBuilder().setCredentials( credentials ).build().getService
+    val gcsStorage = {
+      val builder = StorageOptions.newBuilder()
+      credentials.foreach( builder.setCredentials( _ ) )
+      builder.build().getService
+    }
     val googleHttpRequestFactory = createHttpRequestFactory( credentials )
 
     // Install gs:// handler for JDK
@@ -59,7 +61,7 @@ object GcsUrlHandlerFactory {
     // Install gs:// handler for ivy
     val dispatcher: URLHandlerDispatcher = URLHandlerRegistry.getDefault match {
       case existingUrlHandlerDispatcher: URLHandlerDispatcher => existingUrlHandlerDispatcher
-      case otherKindOfDispatcher =>
+      case otherKindOfDispatcher                              =>
         logger.info( "Setting up Ivy URLHandlerDispatcher to handle gs:// and artifactregistry://" )
         val dispatcher: URLHandlerDispatcher = new URLHandlerDispatcher()
         dispatcher.setDefault( otherKindOfDispatcher )
@@ -75,9 +77,15 @@ object GcsUrlHandlerFactory {
     new NetHttpTransport()
   }
 
-  private def createHttpRequestFactory( credentials: GoogleCredentials ): HttpRequestFactory = {
-    val requestInitializer = new HttpCredentialsAdapter( credentials )
-    val httpTransport      = httpTransportFactory.create()
-    httpTransport.createRequestFactory( requestInitializer )
+  private def createHttpRequestFactory( credentials: Option[GoogleCredentials] ): HttpRequestFactory = {
+    val httpTransport = httpTransportFactory.create()
+    credentials
+      .map { creds =>
+        httpTransport.createRequestFactory( new HttpCredentialsAdapter( creds ) )
+      }
+      .getOrElse {
+        httpTransport.createRequestFactory()
+      }
+
   }
 }

sbt-gcs-plugin/src/main/scala/org/latestbit/sbt/gcs/artifactregistry/GcsArtifactRegistryIvyUrlHandler.scala

@@ -96,7 +96,13 @@ class GcsArtifactRegistryIvyUrlHandler( googleHttpRequestFactory: HttpRequestFac
         }
       }
     )
-    httpRequest.execute()
+    try {
+      httpRequest.execute()
+    } catch {
+      case ex: Exception =>
+        logger.error( s"Unable to publish an artifact to '${dest}': ${ex.getMessage}" )
+        throw ex
+    }
     Option( l ).foreach( _.end( event ) )
   }