Add clientSecret variable to cws-upload role

This parameter is now necessary with the new Desktop app flow for the
Chrome Web Store API keys.

Change-Id: Ied15c9e876071d488dfdbb02aa1caf9966f29ec8
diff --git a/roles/cws-upload/README.md b/roles/cws-upload/README.md
index 077f684..16e3113 100644
--- a/roles/cws-upload/README.md
+++ b/roles/cws-upload/README.md
@@ -4,6 +4,7 @@
 ## Role variables
 - `extensionId`: extension ID as uploaded in the Chrome Web Store.
 - `clientId`: Google API client ID ([more info][2]).
+- `clientSecret`: Google API client secret ([more info][2]).
 - `refreshToken`: Google API refresh token ([more info][2]).
 - `workingDirectory`: directory where the ZIP file is located and where the
 upload logs will be written.
diff --git a/roles/cws-upload/tasks/main.yaml b/roles/cws-upload/tasks/main.yaml
index aaab7a5..e96506a 100644
--- a/roles/cws-upload/tasks/main.yaml
+++ b/roles/cws-upload/tasks/main.yaml
@@ -14,6 +14,7 @@
           --extension-id {{ extensionId }} {{ '--trusted-testers' if (trustedTesters|bool) else '' }} \
           --source {{ zipFile }} --client-id {{ clientId|quote }} \
           --refresh-token {{ refreshToken|quote }} \
+          {% if clientSecret is defined %} --client-secret {{ clientSecret }} {% endif %} \
           2>&1 | tee cws-log.txt
     chdir: "{{ workingDirectory }}"
     executable: /bin/bash