Feedback on passing Coda API key as a command line argument when running `coda upload` command


I want to setup GitHub action to build and upload my pack on a trigger. This requires coda api key. Currently, the only way Coda cli reads this key is using .coda.json.

However, this introduces a challenge with Github actions because I need someway to pass the api key as a secret. Ideally, I’d like to do something like this

    runs-on: ubuntu-latest
      - run: coda upload ./pack.ts --api-key ${{ secrets.CODA_API_KEY }}

Options explored

Dynamically generate .coda.json on each run

There are security concerns with this option. I made poc but haven’t gotten it to fully work.

Add optional command line argument to directly pass api key --api-key xxxx

This seems like the most practical solution. Looking at coda/packs-sdk/blob/main/cli/upload.ts I don’t see an option to do so. I can create a PR for it but I’d like to get feedback from the community first. Perhaps I’m missing something obvious here I hope.

1 Like

Hi @Mohammad_Mohammad2 - Thanks for kicking off this discussion. I’ve had people mention to me that they wanted to set up a GitHub action before, but I hadn’t had time to look into it to date. I agree that it would be nice to have a parameter for the token for cases like this, and I can see if the engineers would be open to accepting that PR.

I did some testing and found that I could create a .coda.json file without too much trouble. Here’s what my workflow file looks like:

name: Pack Actions
      - main
    runs-on: ubuntu-latest
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
          node-version: '16'
      - run: npm install
      - run: 'echo "{\"apiKey\": \"${{ secrets.CODA_API_KEY }}\"}" > .coda.json'
      - run: npx coda upload pack.ts

I hope that helps you get started!


Thank you so much!!
This is way much simpler than what I attempted and works like a charm :smile:

I’ll try to propose a draft pr soon for cli params

1 Like

Hi @Mohammad_Mohammad2 - To close the loop, we just released a version of the SDK that includes an --apiKey argument to address this use case. Thanks for the suggestion!

Awesome work! Thank you so much. @Eric_Koleda