GitHub action that uploads files to Google Drive. Supports both OAuth and Service Account authentication!
Based on the go version of the same name by adityak74
Since Google has deprecated service accounts for personal Google Drive uploads, OAuth is now the recommended authentication method.
Step 1: Create Google Cloud Project
- Go to the Google Cloud Console
- Create a new project or select an existing one
- Enable the Google Drive API:
- Go to "APIs & Services" > "Library"
- Search for "Google Drive API"
- Click on it and press "Enable"
Step 2: Configure OAuth Consent Screen
- Go to "APIs & Services" > "OAuth consent screen"
- Choose "External" user type (unless you're using Google Workspace)
- Fill in the required fields:
- App name: Your app name (e.g., "GitHub Actions Drive Upload")
- User support email: Your email
- Developer contact information: Your email
- Add scopes:
- Click "Add or Remove Scopes"
- Add
https://www.googleapis.com/auth/driveorhttps://www.googleapis.com/auth/drive.file
- Add test users (your email address)
- Save and continue
Step 3: Create OAuth 2.0 Credentials
- Go to "APIs & Services" > "Credentials"
- Click "Create Credentials" > "OAuth 2.0 Client IDs"
- Important: Choose "Web application" as the application type
- Add authorized redirect URI:
- Click "Add URI"
- Enter:
https://developers.google.com/oauthplayground
- Click "Create"
- Save the generated Client ID and Client Secret
Step 4: Generate Refresh Token
- Go to Google OAuth 2.0 Playground
- Click the gear icon (⚙️) in the top right corner
- Check "Use your own OAuth credentials"
- Enter your Client ID and Client Secret from Step 3
- Close the settings dialog
- In "Step 1: Select & authorize APIs":
- Find "Drive API v3" in the list
- Select
https://www.googleapis.com/auth/drive(orhttps://www.googleapis.com/auth/drive.filefor limited access) - Click "Authorize APIs"
- Sign in with your Google account and grant permissions
- In "Step 2: Exchange authorization code for tokens":
- Click "Exchange authorization code for tokens"
- Copy the refresh_token from the response (you'll need this for GitHub secrets)
Step 5: Store Credentials as GitHub Secrets
- Go to your GitHub repository
- Navigate to Settings > Secrets and variables > Actions
- Add the following repository secrets:
GOOGLE_CLIENT_ID: Your OAuth client IDGOOGLE_CLIENT_SECRET: Your OAuth client secretGOOGLE_REFRESH_TOKEN: The refresh token from the OAuth playground
- Use "Web application" type: This ensures compatibility with the OAuth playground redirect URI
- Authorized redirect URI: Must include
https://developers.google.com/oauthplaygroundfor token generation - Refresh token: Only appears on first authorization or when
access_type=offlineandprompt=consentare used - Folder access: No manual sharing required - the action inherits your Google Drive permissions
Note: This method may not work for personal Google Drive accounts due to Google's policy changes. Use OAuth instead.
To make a GSA go to the
Credentials Dashboard. You
will need to download the .json key. You will use this string as the
credentials input.
You will also need to share the drive with the service account. To do this,
just share the folder like you would normally with a friend, except you share it
with the service account email address. Additionally, you will need to give the
service account access to the Google Drive API. Go to
https://console.developers.google.com/apis/api/drive.googleapis.com/overview?project={PROJECT_ID}.
Where {PROJECT_ID} is the ID of your GCP project. Find more info about that
here.
Required: NO (defaults to 'service')
Authentication type: oauth or service. Use oauth for OAuth authentication or service for service account
authentication.
Required: YES (when using OAuth)
OAuth client ID for Google Drive API.
Required: YES (when using OAuth)
OAuth client secret for Google Drive API.
Required: YES (when using OAuth)
OAuth refresh token for Google Drive API.
Required: YES (when using Service Account)
The service account credentials JSON as a string.
Required: YES.
The name of the file you want to upload. Wildcards can be used to upload more than one file.
Required: YES.
The ID of the parent folder you want to upload the file in.
Required: NO
The name you want the file to have in Google Drive. If this input is not provided, it will use only the filename of the source path. It will be ignored if there are more than one file to be uploaded.
Required: NO
If you want to overwrite the filename with existing file, it will use the target filename.
Required: NO
file MimeType. If absent, Google Drive will attempt to automatically detect an appropriate value.
Required: NO
If true, the target filename will be the complete source filename and name
parameter will be ignored.
Required: NO
If true, the directory structure of the source file will be recreated relative
to folderId.
Required: NO
Prefix to be added to target filename.
In this example we stored the folderId and credentials as action secrets. This is highly recommended as leaking your credentials key will allow anyone to use your service account.
# .github/workflows/main.yml
name: Main
on: [ push ]
jobs:
my_job:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Archive files
run: |
sudo apt-get update
sudo apt-get install zip
zip -r archive.zip *
- name: Upload to Google Drive
uses: logickoder/g-drive-upload@main
with:
credentials: ${{ secrets.credentials }}
filename: 'archive.zip'
folderId: ${{ secrets.folderId }}
name: 'documentation.zip' # optional string
overwrite: 'true' # optional boolean
- name: Make Directory Structure
run: |
mkdir -p w/x/y
date +%s > w/x/y/z
- name: Mirror Directory Structure
uses: logickoder/g-drive-upload@main
with:
credentials: ${{ secrets.DRIVE_CREDENTIALS }}
filename: w/x/y/z
folderId: ${{ secrets.folderId }}
overwrite: 'true'
mirrorDirectoryStructure: 'true'# .github/workflows/main.yml
name: Main
on: [ push ]
jobs:
my_job:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Archive files
run: |
sudo apt-get update
sudo apt-get install zip
zip -r archive.zip *
- name: Upload to Google Drive with OAuth
uses: logickoder/g-drive-upload@main
with:
authType: 'oauth'
clientId: ${{ secrets.GOOGLE_CLIENT_ID }}
clientSecret: ${{ secrets.GOOGLE_CLIENT_SECRET }}
refreshToken: ${{ secrets.GOOGLE_REFRESH_TOKEN }}
filename: 'archive.zip'
folderId: ${{ secrets.FOLDER_ID }}
name: 'documentation.zip' # optional string
overwrite: 'true' # optional booleanIn this example we stored the folderId and credentials as action secrets. This is highly recommended as leaking your credentials key will allow anyone to use your service account.
# .github/workflows/main.yml
name: Main
on: [ push ]
jobs:
my_job:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Archive files
run: |
sudo apt-get update
sudo apt-get install zip
zip -r archive.zip *
- name: Upload to Google Drive
uses: logickoder/g-drive-upload@main
with:
authType: 'service' # optional, defaults to 'service'
credentials: ${{ secrets.GOOGLE_CREDENTIALS }}
filename: 'archive.zip'
folderId: ${{ secrets.FOLDER_ID }}
name: 'documentation.zip' # optional string
overwrite: 'true' # optional boolean
- name: Make Directory Structure
run: |
mkdir -p w/x/y
date +%s > w/x/y/z
- name: Mirror Directory Structure
uses: logickoder/g-drive-upload@main
with:
credentials: ${{ secrets.GOOGLE_CREDENTIALS }}
filename: w/x/y/z
folderId: ${{ secrets.FOLDER_ID }}
overwrite: 'true'
mirrorDirectoryStructure: 'true'To migrate from service account authentication to OAuth:
- Set up OAuth credentials as described in the OAuth Authentication section
- Store your OAuth credentials as GitHub secrets:
GOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRETGOOGLE_REFRESH_TOKEN
- Update your workflow to use
authType: 'oauth'and the OAuth credentials - Remove the old
credentialssecret (optional, for cleanup)
The action maintains backward compatibility, so existing workflows using service accounts will continue to work without changes.