diff --git a/minutes3/README.md b/minutes3/README.md index 3813f71..0d32bfe 100644 --- a/minutes3/README.md +++ b/minutes3/README.md @@ -2,28 +2,23 @@ Go to https://console.developers.google.com/. -Create a new GCP project. I called mine `proposal-minutes`. - -Configure the OAuth consent screen: Go to APIs & Services > OAuth consent -screen. Select "Internal" and click "Create". Enter an app name. I called it -`proposal-minutes`. Fill in other required fields, though most can be left -blank. Click "Save and continue". You don't need to add any scopes. Click "Save -and continue". - -Enable Google Sheets: Go to APIs & Services > Enabled APIs and Services. Click -"Enable APIs and Services". Search for the "Google Sheets API" and enable it. - -Create OAuth credentials: Go to APIs & Services > Credentials. Click Create -Credentials > OAuth client ID. Select "Desktop app", give it a name (I used -`proposal-minutes`, again), and click Create. On the next screen, click -"Download JSON" and save this file as `~/.config/proposal-minutes/gdoc.json`. - -Enable write scope for spreadsheets: Go to APIs & Services > OAuth consent -screen > Data Access and click "Add or remove scopes". Add the -`https://www.googleapis.com/auth/spreadsheets` scope, either by finding it in -the table of known scopes or by manually entering it. Click "Update". Finally, -click "Save" on the Data Access page. (Note: If you already had a cached OAuth -token, you'll have to delete it.) +- Create a new GCP project, or use an existing one. I called mine `proposal-minutes`. +- Go to IAM & Admin > Service Acccounts. +- Click "+ Create Service Account". +- Enter a service account name (I used `proposal-minutes`). +- Enter a description, like `proposal minutes bot` +- Click "Create and Continue" +- Skip the "Grant this service account access to project". Click "Continue" +- Skip the "Grant users access to this service account". Click "Continue". +- Back at the Service Accounts screen, click on the email address for the new service account, + bringing up the "Service account details" page. +- Click the "Keys" tab. +- Click "Add Key", then "Create New Key", then "JSON", then "Continue". +- Copy the downloaded file to to `~/.config/proposal-minutes/gdoc-service.json` + (use `~/Library/Application Support/proposal-minutes/gdoc-service.json` on a Mac). +- Go back to the Details tab and copy the email address for the account, something like `proposal-minutes@proposal-minutes.iam.gserviceaccount.com`. + +In the Proposal Minutes v3 spreadsheet, click Share and then add that email address as an editor of the doc. # Generate GitHub token diff --git a/minutes3/gdoc.go b/minutes3/gdoc.go index ec95bb2..6388588 100644 --- a/minutes3/gdoc.go +++ b/minutes3/gdoc.go @@ -12,6 +12,7 @@ import ( "fmt" "io/fs" "log" + "net/http" "os" "regexp" "strconv" @@ -23,6 +24,18 @@ import ( "google.golang.org/api/sheets/v4" ) +func getOAuthClient(scopes []string) *http.Client { + data, err := os.ReadFile(getConfig("gdoc-service.json")) + if err != nil { + log.Fatal(err) + } + cfg, err := google.JWTConfigFromJSON(data, scopes...) + if err != nil { + log.Fatal(err) + } + return cfg.Client(oauth2.NoContext) +} + func getOAuthConfig(scopes []string) *oauth2.Config { // Read the "client" (application) config. data, err := os.ReadFile(getConfig("gdoc.json")) @@ -92,8 +105,7 @@ func parseDoc(docID string) *Doc { // There's no way to limit this to just one doc! >:( "https://www.googleapis.com/auth/spreadsheets", } - config := getOAuthConfig(scopes) - client := makeOAuthClient(getCacheDir(), config) + client := getOAuthClient(scopes) srv, err := sheets.NewService(context.Background(), option.WithHTTPClient(client)) if err != nil { log.Fatalf("Unable to retrieve Docs client: %v", err)