Releases: clee704/sbt-azure-devops-credentials
Releases · clee704/sbt-azure-devops-credentials
Release list
v0.0.9
Fix
WorkloadIdentityCredential is now skipped from the credential chain when its AZURE_CLIENT_ID / AZURE_TENANT_ID / AZURE_FEDERATED_TOKEN_FILE env vars are absent, empty, or whitespace-only. Fixes the v0.0.8 regression where ChainedTokenCredentialBuilder couldn't be assembled at all on developer workstations that had az login working but no workload-identity env vars set, leaving the plugin to always report "failed to get access token. Did you forget to run \az login`?"`.
If you're on v0.0.8 and using the plugin on a developer workstation (i.e. not in a workload-identity-enabled CI environment), upgrade to v0.0.9.
Other behavior changes
- Parallel token resolution. Concurrent
CredentialsBuilderinstances (multi-project sbt builds resolving credentials in parallel) now share a reference-counted log-suppression instead of holding a JVM-wide lock across the Azure SDK call. Token fetches actually run in parallel; theorg.slf4j.simpleLogger.log.com.azure.identityproperty is restored correctly after the last in-flight builder completes. - Broadened SLF4J suppression scope.
org.slf4j.simpleLogger.log.com.azure.identityis now set to"off"at plugin classloading time if it isn't already set, defending against SLF4J SimpleLogger's per-logger init-time level caching. Pre-v0.0.9, suppression was strictly scoped togetTokencalls — but if anything else in the JVM initialized acom.azure.identitylogger before our firstgetToken, the per-call suppression silently no-op'd for the rest of the run. As a side effect, other plugins that consumeazure-identitydirectly (azure-storage-blob,azure-keyvault, …) will now have theircom.azure.identitylogs suppressed across the whole sbt run too — set-Dorg.slf4j.simpleLogger.log.com.azure.identity=debug(or any non-offvalue) via JVM args to opt out. - Whitespace tolerance on AAD env vars.
AZURE_CLIENT_ID/AZURE_TENANT_ID/AZURE_FEDERATED_TOKEN_FILEvalues are now.trimmed before being passed to the SDK, so a stray trailing newline (e.g. from a YAML literal-block substitution leaving whitespace around the value) is tolerated instead of producing a credential that builds successfully but fails AAD validation atgetTokentime.
Compatibility
- Binary-incompatible:
CredentialsBuilderconstructor parameter widened fromsbt.internal.util.ManagedLoggertosbt.util.Logger. Source-compatible (ManagedLogger <: Logger); binary-incompatible. The class is effectively internal — only constructed by the plugin's ownprojectSettingstask wiring — so this should be invisible to downstream users in practice. - Extension surface widened: Four
CredentialsBuildermethods (mavenSettingsFile,newCredential,getRealm,getToken) widened fromprivatetoprotectedto enable unit-test substitution via anonymous subclasses.class CredentialsBuilderis unqualified-public, so this technically expands the downstream extension surface, even though there's no public extension point in practice (onlyprojectSettingsinstantiates the class). Flagged so a future re-tightening toprivateis treated as the SemVer-major / deprecation-cycle change it would be, not a silent revert.
Internal
releaseAzureIdentityLogSuppressionnow throwsIllegalArgumentExceptionwhen called without a matching prioracquire. The method isprivate[chungmin]and only invoked internally bygetTokenImpl'stry/finally, so end users won't see this in practice — but it's a behavior change for anyone embedding the plugin and calling the suppression API directly. Previously an unbalanced release silently corrupted the counter, leaving the suppression dead for the rest of the JVM run; now it fails fast at the actual bad caller.
Test infrastructure (new)
- First unit-test suite on this repo (
CredentialsBuilderSpec+AzureDevOpsCredentialsPluginSpec) — 62 tests covering every code path with realistic ADO fixtures, 100% statement and branch coverage enforced viacoverageMinimumStmt/BranchTotal := 100+coverageFailOnMinimum := true. - GitHub Actions CI running
sbt -batch clean coverage test coverageReporton JDK 8 / 11 / 17 / 21 against every PR and every push tomaster. Coverage results emitted toGITHUB_STEP_SUMMARYper-Java-version and full HTML report uploaded as a build artifact. Test / parallelExecution := falseinbuild.sbtto close the cross-suite property-race window introduced by suites mutating the JVM-globalorg.slf4j.simpleLogger.log.com.azure.identity. Only affectssbt testof this repository, not downstream consumers of the plugin.
Usage
addSbtPlugin("dev.chungmin" % "sbt-azure-devops-credentials" % "0.0.9")PR: #5