Integration with CI pipeline and Jenkins

google / clasp

🔗 Command Line Apps Script Projects

https://developers.google.com/apps-script/guides/clasp

Apache License 2.0

4.59k stars 428 forks source link

Integration with CI pipeline and Jenkins #524

Open darul75 opened 5 years ago

darul75 commented 5 years ago

Please search existing issues before creating a new one.

DON'T DELETE THIS! FILL THESE SECTIONS OUT!

Expected Behavior

Being able to push using clasp on each Jenkins build.

Actual Behavior

There is no easy way to publish from a Jenkins CI infra, even by using clasp login --creds Our build system generates new versions and we would need to get an association between this version and the clasp versions.

Steps to Reproduce the Problem

Our project builder process prepare the project files.
Locally we use clasp push command to update content of our app script project
In jenkins there is no easy way to run the push command
Storing the .clasprc.json at the project folder level is not enough or is considered as a bad practice as it would need to be committed into git.
Do you see other options?

Specifications

Node version (node -v): v10.14.1
Version (clasp -v): 2.0.1
OS (Mac/Linux/Windows): Linux

erickoledadevrel commented 5 years ago

What changes to clasp would allow this to work for you? Perhaps be more specific about how clasp fails today and what a better option would look like?

alx-andru commented 5 years ago

We're saving the .clasprc.json file with the credentials of a generic user that ownes the script files in a secure storage of our build system. The actual build downloads the file into the root directory. During the release we simply call clasp push && clasp deploy

darul75 commented 5 years ago

Hello,

Thank you both for giving some thought, @alx-andru's solution looks good, but there is something I don't really like.

Why do we need to put the clasp credentials file into the user home directory, is there no other way?

We could have different projects using clasp and the same jenkins environment and that could cause problems.

Why can we not just put it in the project folder by copying it as you describe at build time.

grant commented 5 years ago

@darul75 The original issue seems solved by logging in with a generic Google account.

The request described of using non-$HOME directory credentials for push is a feature request. We currently only use custom credentials (getLocalScript) for clasp run, although we could consider using custom credentials if that's in demand.

If you have multiple G Suite accounts/credentials in the same Jenkins environments, then I could see why you'd want custom credentials. But it seems like an edge-case.

darul75 commented 5 years ago

Storing files of credentials in home directories on all the build agents is the less desirable backup plan.

An alternative would be great so we don't need to store anything at the $HOME level.

grant commented 5 years ago

Let us know what your solution is then besides $HOME.

Putting credentials in a local directory is bad since you'll likely put them in source control, which would be very bad.

ptrkstr commented 4 years ago

Is there any update on this? This would be very useful.

flavianh commented 3 years ago

In case you missed it, a good samarithan created this repo to show how to set up a continuous deployment with clasp: https://github.com/ericanastas/deploy-google-app-script-action#gcp-service-accounts