Open pjaws opened 5 years ago
The best would be to have an example using Github Actions I have added a .clasprc.json and creds.json files content to Github secrets and using it as environment variables. But clasp is activating login by URL which I cannot provide
In CI/CD, I consider the following commands should be modified to be able to run on local credentials
Note: This assumes that you have an encrypted .clasprc.json
committed to the repository.
Currently, only clasp run works with .clasprc.json
.
I propose the ability for CLAPS to run only on local credentials when the --local
option is specified, as follows
clasp push --local
clasp deploy
is the same as the above too.
Wow, I just tried to setup a CI workflow and I was going to open a new issue asking what to do about the interactive login step. So after setting up all the google project and that stuff this is indeed not supported. How long is this from being implemented? Is this considered or is it a won't do?
FYI
I've developed a CI/CD process for Google Apps Script using GitHub Actions.
See my repo here: https://github.com/ericanastas/deploy-google-app-script-action
It works by creating a .clasprc.json
from a Github repository secret, but then uses hmanzur/actions-set-secret to update the stored secret value when the tokens change.
In addition to push triggers there's also a schedule trigger that runs one a week to login to clasp and keep the tokens in the secret refreshed.
See my repo here: https://github.com/ericanastas/deploy-google-app-script-action
Interesting! By the way that 404s - private?
Sorry, it's public now.
See my repo here: https://github.com/ericanastas/deploy-google-app-script-action
Interesting! By the way that 404s - private?
@ericanastas Interesting!
An official CI/CD workflow would be a great option
FYI
I've developed a CI/CD process for Google Apps Script using GitHub Actions.
See my repo here: https://github.com/ericanastas/deploy-google-app-script-action
It works by creating a
.clasprc.json
from a Github repository secret, but then uses hmanzur/actions-set-secret to update the stored secret value when the tokens change.In addition to push triggers there's also a schedule trigger that runs one a week to login to clasp and keep the tokens in the secret refreshed.
10/10 solution. Wish there were a better one. But this one is as good it gets tbh.
I've been several days trying to find an easy way to do this and readed all the issues/blogs that i found related to authenticate CLASP without human-user interaction (in my case, i was trying to just set-up, auto-authenticate and send a simple clasp push
from the virtual machine when a push on master is done).
Besides having an official/native CI/CD options for configuring CLASP for these basic commands would be the best, the only workaround that worked for me was the published by @ericanastas.
I think the main problem is that you can't execute commands which needs to be authenticated by using the local .clasprc.json from the project. You need to have global credentials.
Service accounts would be perfect for this, unfortunately, although AppsScript works fine with OAuth and service accounts runed by Google Cloud, AppsScript doesn't supports this option.
I didn't made major changes, but it worked in the repo i'm working: https://github.com/contratacionessalta/Actualizacion-de-Precios
Sorry, it's public now.
See my repo here: https://github.com/ericanastas/deploy-google-app-script-action
Interesting! By the way that 404s - private?
@IVillanueva770
When using Clasp or the Apps Script API as a normal user account the first thing you need to do is enable the API in the settings section.
There are some endpoints that will work with out setting this, like /version. But others required to automate deployment will return and error. Attempting to use a service account to access the GAS API returns these same errors. So my assumption is the API is not enabled.
So, the fundamental problem using a service account is there is no programmatic way to enable this setting that I have found, nor can you open the UI with a service account to change this setting.
I understand what you think the problem is, but my assumption is that clasp commands (particularly those who requires to certain permissions, like clasp run
or clasp push
) uses directly the global authentication file and mostly ignores the local one inside the project folder (in both cases i'm talking about the .clasprc.json
files: one is in the project folder and the other in your user folder) .
That's why all the options i proved (enabling AppsScript API was already made in the project im working before i started my search) didn't work until I used your script that takes the secret CLASPRC_JSON
and sets it to ~/.clasprc.json
(the global authentication file from the virtual machine).
I made a quick review on my records from last week but couldn't find the post related to service accounts, OAuth and clasp from the Official Google Developers Documentation where I readed in a big red disclaimer (and later checked by console), that service accounts are expressly not supported to run clasp commands, so that's what supports my assumption on how the credentials files works generally
Expected Behavior
Most serious production applications will require CI/CD. A user should be able to read the documentation and understand the requirements and process for implementing this.
Actual Behavior
There is no documentation on this.
Steps to Reproduce the Problem
Specifications
node -v
): 10.16.3clasp -v
): 2.3.0I would really appreciate any help in getting around this login issue. I've tried searching through the existing related issues and did not find a solution. Thank you.