yamlgithub-actionsgoogle-translation-api

How to use github secrets as paths in github actions


I'm making up a github action that requires to use google-translation-api which has a secrets.json file required by the api. I'm required to pass a path for the secret.json file in project.yaml such that

- name: Compose
        env:
          GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} # this should be the path to the secrets.json file
          GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_PROJECT_ID }}

here, I just copied the contents of secrets.json and put them as the values of GOOGLE_APPLICATION_CREDENTIALS in Github Actions Secrets. The error logs (Compose step):

0s
Run node index.js
  node index.js
  shell: /usr/bin/bash -e ***0***
  env:
    GOOGLE_APPLICATION_CREDENTIALS: ***
    GOOGLE_PROJECT_ID: ***
Error composing text: Error: The file at ***
  ***

Composed: null
  ***

*** does not exist, or it is not a file. ENOENT: no such file or directory, lstat '/home/runner/work/Lime/Lime/***
  ***

  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEKAASCBKgwggSkAgEAAoIBAQCMb'

seem to be showing that the GOOGLE_APPLICATION_CREDENTIALS reads it as the path. I needed the secrets.json file to be confidential and not be exposed in the repository. How can I achieve it that the secrets read the contents as a .json file? or yet another workable way?

I'm using a javascript function Heres the edited full code.

const { Translate } = require('@google-cloud/translate').v2;
const fs = require('fs');
const dotenv = require('dotenv');

dotenv.config();

const translate = new Translate();

async function translateText(text, target) {
  try {
    const [translation] = await translate.translate(text, target);
    return translation;
  } catch (error) {
    console.error(`Error translating text: ${error}`);
    return null;
  }
}

const readmePath = 'README.md';
const readmeContent = fs.readFileSync(readmePath, 'utf8');

translateText(readmeContent,'sw' )
  .then((translation) => {
    console.log(`Translation: ${translation}`);

    const translatedReadmeContent = `${readmeContent}\n\nTranslated Text:\n\n${translation}`;
    fs.writeFileSync(readmePath, translatedReadmeContent);
  })
  .catch((error) => console.error(`Error: ${error}`));

and use it in the yaml file

name: Lime

on:
  pull_request:
    types: [opened]

jobs:
  translate:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Setup Node.js
        uses: actions/setup-node@v2.4.1
        with:
          node-version: '14'

      - name: Install dependencies
        run: npm install

      - name: Translate README.md
        env:
          GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
          GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_PROJECT_ID }}
        run: |
          node index.js
      - name: Commit and push changes
        uses: EndBug/add-and-commit@v7
        with:
          author_name: ${{ github.actor }}
          author_email: ${{ secrets.EMAIL }}
          message: 'Translated README.md to Swahili'
          add: 'README.md'
          push: 'true'

Solution

  • Seems the set secrets can't be read as json, so i just took the secret.json to a new private repository, then i placed its raw.githubusercontent.com/Username/main/secret.json?token=*** url (the url had the token query too) in a secret variable called GOOGLE_API_URL then in my action i just created a steps to download and set the credentials like this:

    - name: Download credentials
            env:
              TOKEN: ${{ secrets.GOOGLE_API_URL }}
            run: |
              credentials=$(curl -s $TOKEN)
              echo "Downloaded credentials: $credentials"
    
          - name: Set credentials env var
            run: |  
              GOOGLE_APPLICATION_CREDENTIALS=$credentials
              echo "Credentials env var: $GOOGLE_APPLICATION_CREDENTIALS"