Feedback on passing Coda API key as a command line argument when running `coda upload` command

Making Packs
1

Problem

I want to setup GitHub action to build and upload my pack on a trigger. This requires coda api key. Currently, the only way Coda cli reads this key is using .coda.json.

However, this introduces a challenge with Github actions because I need someway to pass the api key as a secret. Ideally, I’d like to do something like this

jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      - run: coda upload ./pack.ts --api-key ${{ secrets.CODA_API_KEY }}

Options explored

Dynamically generate .coda.json on each run

There are security concerns with this option. I made poc but haven’t gotten it to fully work.

Add optional command line argument to directly pass api key --api-key xxxx

This seems like the most practical solution. Looking at coda/packs-sdk/blob/main/cli/upload.ts I don’t see an option to do so. I can create a PR for it but I’d like to get feedback from the community first. Perhaps I’m missing something obvious here I hope.

1 Like
2

Hi @Mohammad_Mohammad2 - Thanks for kicking off this discussion. I’ve had people mention to me that they wanted to set up a GitHub action before, but I hadn’t had time to look into it to date. I agree that it would be nice to have a parameter for the token for cases like this, and I can see if the engineers would be open to accepting that PR.

I did some testing and found that I could create a .coda.json file without too much trouble. Here’s what my workflow file looks like:

name: Pack Actions
on:
  push:
    branches:
      - main
jobs:
  upload-pack:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: '16'
      - run: npm install
      - run: 'echo "{\"apiKey\": \"${{ secrets.CODA_API_KEY }}\"}" > .coda.json'
      - run: npx coda upload pack.ts

I hope that helps you get started!

3 Likes
3

Thank you so much!!
This is way much simpler than what I attempted and works like a charm :smile:

I’ll try to propose a draft pr soon for cli params

1 Like
4

Hi @Mohammad_Mohammad2 - To close the loop, we just released a version of the SDK that includes an --apiKey argument to address this use case. Thanks for the suggestion!

5

Awesome work! Thank you so much. @Eric_Koleda