GitHub Actions
glasp provides a composite action that lets you install glasp and authenticate directly inside a GitHub Actions workflow — no manual binary download or login steps required.
Performance comparison: glasp and clasp in CI
Because glasp is a single precompiled Go binary, setup in GitHub Actions is dramatically faster than installing clasp via npm. The table below shows benchmark results measured on ubuntu-latest (glasp v0.2.9 / @google/clasp 3.3.0, push/pull averaged over 5 runs):
| Metric | glasp | clasp | Ratio (glasp / clasp) |
|---|---|---|---|
| Setup Time | 1337ms | 19150ms | 14.3x |
| Push Time (avg) | 1015ms | 1229ms | 1.2x |
| Pull Time (avg) | 359ms | 1270ms | 3.5x |
| Total Time | 2711ms | 21649ms | 7.9x |
The biggest win is setup: clasp requires installing the @google/clasp npm package globally on every run (~19 seconds), whereas glasp fetches a single precompiled binary (~1.3 seconds). End-to-end, glasp completes the full setup → push → pull cycle 7.9× faster, which adds up quickly in high-frequency deployment pipelines.
Action inputs
| Input | Required | Default | Description |
|---|---|---|---|
version |
No | latest | glasp version to install (e.g. v0.2.7). Omit to use the latest release. |
auth |
No | JSON content of .clasprc.json. Pass a repository secret here. When provided, sets the GLASP_AUTH environment variable for subsequent steps. |
|
working-directory |
No | Directory containing .clasp.json, relative to workspace root. When provided, sets the GLASP_DIR environment variable so that all subsequent glasp commands run from that directory. |
|
client-id |
No | OAuth2 client ID. Pass a repository secret here. When provided, sets the GLASP_CLIENT_ID environment variable. Must be set together with client-secret. |
|
client-secret |
No | OAuth2 client secret. Pass a repository secret here. When provided, sets the GLASP_CLIENT_SECRET environment variable. Must be set together with client-id. |
Setup
1. Obtain your credentials
To authenticate glasp in GitHub Actions, run glasp login or clasp login on your local machine. These commands save credentials to .glasp/access.json and ~/.clasprc.json respectively.
Log in on your local machine:
glasp login
cat .glasp/access.json
clasp login
cat ~/.clasprc.json
You can also load the content into a shell variable and run glasp directly:
export GLASP_AUTH=$(cat ~/.clasprc.json) && glasp push # from clasp login
2. Add a repository secret
Copy the entire JSON content of .glasp/access.json or ~/.clasprc.json and add it as a repository secret named CLASPRC_JSON:
GitHub → Repository → Settings → Secrets and variables → Actions → New repository secret
- Name:
CLASPRC_JSON - Value: (paste the JSON content)
3. Add the action to your workflow
steps:
- uses: actions/checkout@v4
- uses: takihito/glasp@v0.2.9
with:
version: 'v0.2.9'
auth: '${{ secrets.CLASPRC_JSON }}' # pass the registered secret to glasp
- run: glasp push
Examples
Push on every commit to main
name: Deploy to Google Apps Script
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: takihito/glasp@v0.2.9
with:
version: 'v0.2.9'
auth: '${{ secrets.CLASPRC_JSON }}' # pass the registered secret to glasp
- name: Push to Apps Script
run: glasp push
Push and create a deployment
name: Deploy to Google Apps Script
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: takihito/glasp@v0.2.9
with:
version: 'v0.2.9'
auth: '${{ secrets.CLASPRC_JSON }}' # pass the registered secret
- name: Push files
run: glasp push
- name: Create deployment
run: glasp create-deployment --description "Deploy from CI"
Project
glasp automatically detects .ts files according to your .clasp.json settings and transpiles them via esbuild before pushing. No additional configuration is needed:
- uses: takihito/glasp@v0.2.9
with:
version: 'v0.2.9'
auth: '${{ secrets.CLASPRC_JSON }}'
working-directory: 'apps-script/dir' # directory containing .clasp.json / workspace root is used if omitted
client-id: ${{ secrets.GLASP_CLIENT_ID }} # Optional: specify OAuth2 client ID
client-secret: ${{ secrets.GLASP_CLIENT_SECRET }} # Optional: specify OAuth2 client secret
- name: Push project
run: glasp push
How authentication works
When auth is set, the action exports its value as the GLASP_AUTH environment variable. glasp reads this variable and uses the JSON content directly as credentials — no file on disk, no glasp login step required. Auth source priority inside glasp:
--auth <path>flagGLASP_AUTHenvironment variable ← set by this GitHub Action- Project cache (
.glasp/access.json)
To populate GLASP_AUTH, copy the JSON content of .glasp/access.json (from glasp login) or ~/.clasprc.json (from clasp login) into a repository secret.
When client-id and client-secret are set, the action also exports GLASP_CLIENT_ID and GLASP_CLIENT_SECRET, allowing glasp’s OAuth flow to use custom credentials instead of the built-in defaults.
Monorepo / subdirectory projects
If your .clasp.json lives in a subdirectory (e.g. a monorepo), use the working-directory input:
- uses: takihito/glasp@v0.2.9
with:
version: 'v0.2.9'
auth: '${{ secrets.CLASPRC_JSON }}'
working-directory: 'apps-script/dir' # contains .clasp.json
This sets GLASP_DIR=<absolute path> as an environment variable. Every subsequent glasp command picks it up automatically — no --dir flag or working-directory: needed on each step.
You can also set it per-command with the --dir flag or the GLASP_DIR environment variable directly:
- run: glasp push
env:
GLASP_DIR: apps-script/dir
# or equivalently:
- run: glasp --dir apps-script/dir push
Version pinning
Specify an explicit version to make your workflow reproducible:
- uses: takihito/glasp@v0.2.9 # recommended: pin to a release tag
with:
version: 'v0.2.9'
GitHub Release artifacts are immutable, so pinning version guarantees the exact same binary is installed on every run.
You can also pin the action itself by commit SHA for stricter supply-chain control:
- uses: takihito/glasp@75089dfe62ad41cc8fcc074e163217483b08772f # v0.2.9
with:
version: 'v0.2.9'