Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide instructions for deploying via CI #707

Open
pjaws opened this issue Oct 10, 2019 · 12 comments
Open

Provide instructions for deploying via CI #707

pjaws opened this issue Oct 10, 2019 · 12 comments

Comments

@pjaws
Copy link

pjaws commented Oct 10, 2019

(Note: Non-breaking issues are likely not to be prioritized. Please consider a PR in addition to your issue)

Expected Behavior

Most serious production applications will require CI/CD. A user should be able to read the documentation and understand the requirements and process for implementing this.

Actual Behavior

There is no documentation on this.

Steps to Reproduce the Problem

  1. Install clasp on CI server
  2. Attempt to login with credentials file as outlined in the docs.
  3. clasp either attempts to open a browser window on the server or requires user input when --no-localhost option is used.
  4. Build hangs

Specifications

  • Node version (node -v): 10.16.3
  • Version (clasp -v): 2.3.0
  • OS (Mac/Linux/Windows): Linux

I would really appreciate any help in getting around this login issue. I've tried searching through the existing related issues and did not find a solution. Thank you.

@sativ01
Copy link

sativ01 commented Apr 20, 2020

The best would be to have an example using Github Actions
I have added a .clasprc.json and creds.json files content to Github secrets and using it as environment variables.
But clasp is activating login by URL which I cannot provide

@fossamagna
Copy link
Contributor

fossamagna commented Apr 21, 2020

In CI/CD, I consider the following commands should be modified to be able to run on local credentials

  • clasp push
  • clasp deploy
  • clasp run

Note: This assumes that you have an encrypted .clasprc.json committed to the repository.

Currently, only clasp run works with .clasprc.json.

I propose the ability for CLAPS to run only on local credentials when the --local option is specified, as follows

clasp push --local

clasp deploy is the same as the above too.

@danielo515
Copy link

Wow, I just tried to setup a CI workflow and I was going to open a new issue asking what to do about the interactive login step.
So after setting up all the google project and that stuff this is indeed not supported. How long is this from being implemented? Is this considered or is it a won't do?

@ericanastas
Copy link

FYI

I've developed a CI/CD process for Google Apps Script using GitHub Actions.

See my repo here: https://github.com/ericanastas/deploy-google-app-script-action

It works by creating a .clasprc.json from a Github repository secret, but then uses hmanzur/actions-set-secret to update the stored secret value when the tokens change.

In addition to push triggers there's also a schedule trigger that runs one a week to login to clasp and keep the tokens in the secret refreshed.

@marcosscriven
Copy link

See my repo here: https://github.com/ericanastas/deploy-google-app-script-action

Interesting! By the way that 404s - private?

@ericanastas
Copy link

Sorry, it's public now.

See my repo here: https://github.com/ericanastas/deploy-google-app-script-action

Interesting! By the way that 404s - private?

@oshliaer
Copy link
Contributor

@ericanastas Interesting!

@muddi900
Copy link

An official CI/CD workflow would be a great option

@DOZBORNE
Copy link

FYI

I've developed a CI/CD process for Google Apps Script using GitHub Actions.

See my repo here: https://github.com/ericanastas/deploy-google-app-script-action

It works by creating a .clasprc.json from a Github repository secret, but then uses hmanzur/actions-set-secret to update the stored secret value when the tokens change.

In addition to push triggers there's also a schedule trigger that runs one a week to login to clasp and keep the tokens in the secret refreshed.

10/10 solution. Wish there were a better one. But this one is as good it gets tbh.

@IVillanueva770
Copy link

I've been several days trying to find an easy way to do this and readed all the issues/blogs that i found related to authenticate CLASP without human-user interaction (in my case, i was trying to just set-up, auto-authenticate and send a simple clasp push from the virtual machine when a push on master is done).

Besides having an official/native CI/CD options for configuring CLASP for these basic commands would be the best, the only workaround that worked for me was the published by @ericanastas.

I think the main problem is that you can't execute commands which needs to be authenticated by using the local .clasprc.json from the project. You need to have global credentials.

Service accounts would be perfect for this, unfortunately, although AppsScript works fine with OAuth and service accounts runed by Google Cloud, AppsScript doesn't supports this option.

I didn't made major changes, but it worked in the repo i'm working: https://github.com/contratacionessalta/Actualizacion-de-Precios

Sorry, it's public now.

See my repo here: https://github.com/ericanastas/deploy-google-app-script-action

Interesting! By the way that 404s - private?

@ericanastas
Copy link

@IVillanueva770

When using Clasp or the Apps Script API as a normal user account the first thing you need to do is enable the API in the settings section.

Screenshot_20240725-071330.png

There are some endpoints that will work with out setting this, like /version. But others required to automate deployment will return and error. Attempting to use a service account to access the GAS API returns these same errors. So my assumption is the API is not enabled.

So, the fundamental problem using a service account is there is no programmatic way to enable this setting that I have found, nor can you open the UI with a service account to change this setting.

@IVillanueva770
Copy link

I understand what you think the problem is, but my assumption is that clasp commands (particularly those who requires to certain permissions, like clasp run or clasp push) uses directly the global authentication file and mostly ignores the local one inside the project folder (in both cases i'm talking about the .clasprc.json files: one is in the project folder and the other in your user folder) .

That's why all the options i proved (enabling AppsScript API was already made in the project im working before i started my search) didn't work until I used your script that takes the secret CLASPRC_JSON and sets it to ~/.clasprc.json (the global authentication file from the virtual machine).

I made a quick review on my records from last week but couldn't find the post related to service accounts, OAuth and clasp from the Official Google Developers Documentation where I readed in a big red disclaimer (and later checked by console), that service accounts are expressly not supported to run clasp commands, so that's what supports my assumption on how the credentials files works generally

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

10 participants