Step 1: Choose a translation provider
The action works with Azure AI Translator, AWS Translate, and Google Cloud Translation behind one unified API surface. Pick a single provider per run with the provider input — the workflow behaves identically regardless of provider; only the credentials differ. See Translation providers for a full comparison.
Step 2: Add credentials and a workflow
Store your provider's credentials as GitHub repository secrets, then create .github/workflows/translate.yml. Select your provider below for its specific setup — the rest of the workflow is identical.
Azure AI Translator
Azure is the default provider, so provider may be omitted. Provision an Azure AI Translator resource in the Azure portal, then store its credentials:
Store these as repository secrets
TRANSLATOR_KEY— the subscription key for the resource.TRANSLATOR_ENDPOINT— the regional endpoint URL.TRANSLATOR_REGION— the resource's Azure region.
Add the workflow
name: translate
on: push: branches: [main] paths: - "src/**/*.en.resx" - "src/**/*.en.json"
permissions: contents: write pull-requests: write
jobs: translate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - id: translate uses: IEvangelist/resource-translator@v3 with: provider: | azure: subscriptionKey: ${{ secrets.TRANSLATOR_KEY }} endpoint: ${{ secrets.TRANSLATOR_ENDPOINT }} region: ${{ secrets.TRANSLATOR_REGION }} sourceLocale: en toLocales: '["fr","de","es"]' - if: steps.translate.outputs.has-new-translations == 'true' uses: peter-evans/create-pull-request@v7 with: title: ${{ steps.translate.outputs.summary-title }} body: ${{ steps.translate.outputs.summary-details }} branch: machine-translationAWS Translate
Set provider to aws. Prefer OIDC via aws-actions/configure-aws-credentials so no long-lived secrets are stored — the step exports AWS_REGION for you. To use static keys instead, store:
Store these as repository secrets
AWS_ACCESS_KEY_ID— your AWS access key ID.AWS_SECRET_ACCESS_KEY— your AWS secret access key.
A region is always required — set it with awsRegion or the AWS_REGION environment variable.
Add the workflow
name: translate
on: push: branches: [main] paths: - "src/**/*.en.resx" - "src/**/*.en.json"
permissions: id-token: write # for aws-actions/configure-aws-credentials (OIDC) contents: write pull-requests: write
jobs: translate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::123456789012:role/gh-actions-translate aws-region: us-east-1 - id: translate uses: IEvangelist/resource-translator@v3 with: provider: | aws: region: us-east-1 # or rely on AWS_REGION from the step above formality: FORMAL brevity: true sourceLocale: en toLocales: '["fr","de","es"]' - if: steps.translate.outputs.has-new-translations == 'true' uses: peter-evans/create-pull-request@v7 with: title: ${{ steps.translate.outputs.summary-title }} body: ${{ steps.translate.outputs.summary-details }} branch: machine-translationGoogle Cloud Translation
Set provider to google. Authenticate with either a service-account JSON credential or an API key — supply exactly one:
Store these as repository secrets
GCP_TRANSLATE_CREDENTIALS— a service-account JSON key (as a JSON string).GCP_TRANSLATE_API_KEY— or a Google Cloud API key.
An optional googleProjectId is inferred from the credential when omitted.
Add the workflow
name: translate
on: push: branches: [main] paths: - "src/**/*.en.resx" - "src/**/*.en.json"
permissions: contents: write pull-requests: write
jobs: translate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - id: translate uses: IEvangelist/resource-translator@v3 with: provider: | google: # Provide EITHER a service-account JSON credential... credentials: ${{ secrets.GCP_TRANSLATE_CREDENTIALS }} # ...OR an API key: # apiKey: ${{ secrets.GCP_TRANSLATE_API_KEY }} model: nmt sourceLocale: en toLocales: '["fr","de","es"]' - if: steps.translate.outputs.has-new-translations == 'true' uses: peter-evans/create-pull-request@v7 with: title: ${{ steps.translate.outputs.summary-title }} body: ${{ steps.translate.outputs.summary-details }} branch: machine-translationStep 3: Commit a source resource file
Resource files use the Name.<sourceLocale>.<ext> convention. For example Greetings.en.resx becomes Greetings.fr.resx, Greetings.de.resx, and so on after a run.
Step 4: Let smart change detection protect your bill
changeDetection defaults to smart and stores a compact .github/resource-translator-state.json manifest in the repo. Commit that file so future runs can reuse stable translations, preserve manual target edits, and send only new, missing, changed, or settings-invalidated keys to the provider. If localized files already exist, run once with snapshotOnly: true to create the manifest without provider calls.
Step 5: Inspect the output
Once the workflow finishes, the action exposes three outputs you can wire into a PR description: summary-title, summary-details, and has-new-translations. It also writes a Markdown summary into the job page via core.summary.