search

google / clasp

🔗 Command Line Apps Script Projects
https://developers.google.com/apps-script/guides/clasp
Apache License 2.0
4.62k stars 430 forks source link

How to use a service account for CI deployments #225

Open marcosscriven opened 6 years ago

marcosscriven commented 6 years ago

Running clasp login sets up a .clasprc file with a token that seems to last about a week.

Is there any way to get some kind of authentication working that could work in a headless setup like CI (E.g. GitHub Travis or Bitbucket Pipelines) please?

I looked at https://script.google.com/home/usersettings which has a switch for the API, but nothing about service tokens.

Note from @grant, please upvote this bug! https://issuetracker.google.com/issues/36763096

ericanastas commented 1 year ago

@ericanastas This one can be hardly called a "process" as .clasprc.json token will expire in 6 month.

Did you look at the script? It's run by a cron trigger every week and stores. classprc.json if it is updated.

Admin token required? No thanks, lol

Which "admin" token are you referring to?

fletort commented 1 year ago

Hello , everybody, i succed to make a clasp push from my github worflow with the help of namaggarwal/clasp-token-action . Now, i try to automate a call to the clasp run from the CI. I change my appscript project to a GCP custom project, and success to male the run call from my computer (ok). But now, i don't understand which credentaisl must be given in my workflow to can do the run there.

Does someone succeed to do that ?

IVillanueva770 commented 3 months ago

@fletort i think the answer is that you need to generate credentials on your local computer (the global .clasprc.json generated in your /users/yourUser directory when you do a clasp login), copy those to a secret in your repo (since they are sensitive credentials and would not be expected to be public) and when the virtual machine that executes the CI/CD workflows sets-up the basic configuration, copy these credentials from the secret to a .clasprc.json located in the root (~/.clasprc.json) 

      - name: Write CLASPRC_JSON secret to .clasprc.json file
        id: write-clasprc
        run: echo "$CLASPRC_JSON_SECRET" >> ~/.clasprc.json
        env:
          CLASPRC_JSON_SECRET: ${{ secrets.CLASPRC_JSON }}

I attach to this response also this other comment in a related post where i explain the workaround that worked for what i was trying to do in this link