Setup github actions env masked vars like secrets using google sheets.
steps:
- name: Store ENV secrets from some google spreadsheet document as source
uses: dibenlloch/google-sheets-secrets-action@v1.0.2
with:
auth-client-email: ${{ secrets.SERVICE_EMAIL }}
auth-private-key: ${{ secrets.SERVICE_KEY }}
spreadsheet: ${{ secrets.SPREADSHEET_ID }}
sheet: ${{ secrets.SHEET_TAB }} # optional sheet tab. If not seted will use first oneGiven google sheets document this action will iterate over A and B columns using it as env-value dictionary.
It's also possible to use tabs using sheet option to indicate which needs to use, useful setup different environments like DEV, STG, etc... using same env vars.
Env vars are only available in job same job as invoked action. If you workflow has multiple jobs, needs to be called for each job that needs this env vars.
First of all you need to setup google service account.
- Login google api console
- On library enable
Google Sheets API - On credentials section
create service account(there is no need of special rol) - Download json credentials file generated at previous step and use client_email and private_key for setup google sheets action.
- Go to google spreadsheet that you want to use and share it with generated email at service account (same as client_email) with read permisions.
- Get document id from spreadsheet url
Once you are done, setup action like usage example. Recommend to store these keys at GitHub Secrets.
If you use GitHub Secrets to store JSON private key beware with copy and paste because you need to change all line breaks \n with real ones.
JSON private_key content it's something like:
-----BEGIN PRIVATE KEY-----\nBLABLABLABLABLA\nBLABLABLABLABLA\n-----END PRIVATE KEY-----\n
Needs to be something like:
-----BEGIN PRIVATE KEY-----
BLABLABLABLABLA
BLABLABLABLABLA
-----END PRIVATE KEY-----
Feel free to contribute with issues or Pull Requests
This project is MIT licensed.