I'm making up a github action that requires to use google-translation-api which has a secrets.json file required by the api.
I'm required to pass a path for the secret.json file in project.yaml such that
- name: Compose
env:
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} # this should be the path to the secrets.json file
GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_PROJECT_ID }}
here, I just copied the contents of secrets.json and put them as the values of GOOGLE_APPLICATION_CREDENTIALS in Github Actions Secrets. The error logs (Compose step):
0s
Run node index.js
node index.js
shell: /usr/bin/bash -e ***0***
env:
GOOGLE_APPLICATION_CREDENTIALS: ***
GOOGLE_PROJECT_ID: ***
Error composing text: Error: The file at ***
***
Composed: null
***
*** does not exist, or it is not a file. ENOENT: no such file or directory, lstat '/home/runner/work/Lime/Lime/***
***
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEKAASCBKgwggSkAgEAAoIBAQCMb'
seem to be showing that the GOOGLE_APPLICATION_CREDENTIALS reads it as the path. I needed the secrets.json file to be confidential and not be exposed in the repository. How can I achieve it that the secrets read the contents as a .json file? or yet another workable way?
I'm using a javascript function Heres the edited full code.
const { Translate } = require('@google-cloud/translate').v2;
const fs = require('fs');
const dotenv = require('dotenv');
dotenv.config();
const translate = new Translate();
async function translateText(text, target) {
try {
const [translation] = await translate.translate(text, target);
return translation;
} catch (error) {
console.error(`Error translating text: ${error}`);
return null;
}
}
const readmePath = 'README.md';
const readmeContent = fs.readFileSync(readmePath, 'utf8');
translateText(readmeContent,'sw' )
.then((translation) => {
console.log(`Translation: ${translation}`);
const translatedReadmeContent = `${readmeContent}\n\nTranslated Text:\n\n${translation}`;
fs.writeFileSync(readmePath, translatedReadmeContent);
})
.catch((error) => console.error(`Error: ${error}`));
and use it in the yaml file
name: Lime
on:
pull_request:
types: [opened]
jobs:
translate:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup Node.js
uses: actions/setup-node@v2.4.1
with:
node-version: '14'
- name: Install dependencies
run: npm install
- name: Translate README.md
env:
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
GOOGLE_PROJECT_ID: ${{ secrets.GOOGLE_PROJECT_ID }}
run: |
node index.js
- name: Commit and push changes
uses: EndBug/add-and-commit@v7
with:
author_name: ${{ github.actor }}
author_email: ${{ secrets.EMAIL }}
message: 'Translated README.md to Swahili'
add: 'README.md'
push: 'true'
Seems the set secrets can't be read as json, so i just took the secret.json to a new private repository, then i placed its raw.githubusercontent.com/Username/main/secret.json?token=*** url (the url had the token query too) in a secret variable called GOOGLE_API_URL then in my action i just created a steps to download and set the credentials like this:
- name: Download credentials
env:
TOKEN: ${{ secrets.GOOGLE_API_URL }}
run: |
credentials=$(curl -s $TOKEN)
echo "Downloaded credentials: $credentials"
- name: Set credentials env var
run: |
GOOGLE_APPLICATION_CREDENTIALS=$credentials
echo "Credentials env var: $GOOGLE_APPLICATION_CREDENTIALS"