I’ve been a fan of GitHub Actions ever since I began my journey as a software engineer. Back then, I used it to bypass long Gradle build times on my old laptop, save data when working with Gradle, and generally make life easier when managing client apps. It allowed me to focus on the apps themselves while GitHub handled the building and deployment.

Over time, I’ve managed a wide range of projects — from public to private — using Actions. Public apps were easy: they could be uploaded to Google Play or stored as build artifacts. Private apps, however, posed a challenge. I couldn’t just store them as artifacts, since that would require giving everyone repository access.

So, I looked for a better way — uploading to Google Drive. My first attempt was using an existing action by adityak74, but I ran into issues with credentials. That inspired me to build my own versions: g-drive-upload and g-drive-download, both written in TypeScript.

Originally, all you needed was a service account. You’d create one, add its credentials to your GitHub secrets, and voilà — uploads worked perfectly.

Until recently.

Google began blocking new service account uploads, especially for accounts with zero shared storage. They now encourage developers to use one of three alternatives — two of which require a Google Workspace account. The only accessible option left was the one we’d all been avoiding: OAuth.

OAuth is now the recommended and more secure way to authenticate users in the Google Cloud ecosystem. It’s also much cleaner once you set it up — so I decided to update both of my Actions to support it, for myself and for everyone else who relies on them.

In the next section, I’ll walk through how I added OAuth to these GitHub Actions and what changes you’ll need to make if you’re upgrading from the service-account version.

How I Added OAuth

Adding OAuth to the actions wasn’t the difficult part — at least not technically. All it required was adding a few new parameters for authentication while keeping backwards compatibility with existing service account setups.

Here’s what I added:

• authType (to switch between OAuth and service account)

• clientId

• clientSecret

• refreshToken

Once these were in place, the actions themselves worked fine.
The real work, however, comes from you — the people using them 😅.

The Updated Way to Use My Actions

Depending on whether you’re using the upload or download action, the parameters differ slightly, but the authentication setup remains the same. Here’s an example configuration:

- name: Upload to Google Drive with OAuth
        uses: logickoder/g-drive-upload@main
        with:
          authType: ‘oauth’
          clientId: ${{ secrets.GOOGLE_CL
IENT_ID }}
          clientSecret: ${{ secrets.GOOGLE_CLIENT_SECRET }}
          refreshToken: ${{ secrets.GOOGLE_REFRESH_TOKEN }}

Setting Up OAuth in Google Cloud Console

Follow these steps to get your OAuth credentials:

1. Open Google Cloud Console.

   In the top-left corner, use the project dropdown to select your project or create a new one.

   

2. Enable the Drive API.

   Click the hamburger icon → APIs & Services > Enabled APIs & Services → click Enable APIs and Services, search for Google Drive API, and enable it.

   

   

   

3. Create an OAuth Consent Screen.

   Go to APIs & Services > OAuth consent screen and click Get Started if it’s not already configured.

   • Set User Type to External.

   • Fill out the basic information form.

   

   

4. Create OAuth Client Credentials.

   Once the consent screen is set up, click Credentials → Create Credentials → OAuth Client ID.

   • Choose Web Application as the application type.

   • When you reach Authorized Redirect URIs, add this link:
     https://developers.google.com/oauthplayground
     (This will be important for generating your refresh token later.)

5. Download the JSON File.

   After saving, you’ll see a dialog with your new client credentials. Download the JSON file — you’ll find your client ID and client secret inside.

   

6. Use OAuth 2.0 Playground to Generate a Refresh Token.

   • Go to OAuth 2.0 Playground.

   • Click the gear icon on the top-right.

   • Check “Use your own OAuth credentials”, then paste your client ID and client secret from the JSON file.

   • Close the settings panel.

     

7. Authorize the Drive API Scope.

   On the left sidebar, find Drive API v3, select the https://www.googleapis.com/auth/drive scope, and click Authorize APIs.
   Sign in with the Google account you want to use for uploads/downloads.

   

8. Handle the “Unsafe” Warning (if External).

   If you selected an External audience earlier, you’ll see a warning page. Click Advanced → Go to [project name] (unsafe) to proceed.

   

9. Exchange the Authorization Code for Tokens.

   Once you’re redirected back to the Playground, click Exchange authorization code for tokens.

   You’ll now see your refresh token on the right-hand side.

   

   

10. Store Your Credentials.

    Copy your client ID, client secret, and refresh token, then store them as GitHub Action secrets.

That’s It! 🎉

After all that, your OAuth setup is complete. You can now use either of my actions — g-drive-upload or g-drive-download — with OAuth authentication, just like before (but more secure).

Conclusion

At this point, all that’s left is to provide the folderId and filename of the files you want to upload or download — everything else is covered in each Action’s README.

I’ll admit, this wasn’t an easy update. It might sound straightforward now, but my Actions actually broke in production while being used for a company project — not the best way to end a week 😅. I spent hours digging through sparse documentation and less-than-helpful Google support pages before piecing it all together.

So yes, I will humbly accept a thank-you note from anyone this saves time for.

Here’s a sample workflow showing how to use the updated Actions to upload files to Google Drive using OAuth:

# .github/workflows/main.yml
name: Main
on: [push]

jobs:
  my_job:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Archive files
        run: |
          sudo apt-get update
          sudo apt-get install zip
          zip -r archive.zip *

      - name: Upload to Google Drive with OAuth
        uses: logickoder/g-drive-upload@main
        with:
          authType: ‘oauth’
          clientId: ${{ secrets.GOOGLE_CLIENT_ID }}
          clientSecret: ${{ secrets.GOOGLE_CLIENT_SECRET }}
          refreshToken: ${{ secrets.GOOGLE_REFRESH_TOKEN }}
          filename: ‘archive.zip’
          folderId: ${{ secrets.FOLDER_ID }}
          name: ‘documentation.zip’ # optional
          overwrite: ‘true’ # optional

You can find the Actions here:

• Google Drive Upload Action

• Google Drive Download Action

If you run into any issues or want to collaborate on future improvements, feel free to reach out — I’m always happy to help or build cool stuff together.
📩 jeffery@logickoder.dev