Hi there, my question relates to GitHub Actions, googlesheets4, authorisations and sensitive files.
I have written an R script that reads in data from a google sheet, does some data manipulation steps, then writes this new data set to a separate google sheet. For this, I have used the package googlesheets4. To run the script and get authorisation to be able to read from & write to google sheets in a non-interactive way, I have set up a service account on Google Cloud Platform, created the credentials, and a service account token key in .json format. This .json key file is stored in my R project directory, and now I can run my script without interaction, using the gs4_auth function of googlesheets4:
gs4_auth(email = "my email address", path = "~/path_to_file/sheets_service_account_key.json")
This is fine for running my script locally. However, I now want to run this as a GitHub Action on GitHub using a cron scheduler. My problem is the .json key file. This should not be made public, and I am struggling to figure out how to either keep it as a secret on GitHub, which can somehow be called into the GitHub Action, or to encrypt the file. I am not sure which method I should use, or how to then call this secret or encrypted file into my R script using the authorisation functions of googlesheets4 or into the GitHub Action .yml file. There is possibly another method completely that I am missing. Any help would be much appreciated.