Skip to content
This repository was archived by the owner on Jun 16, 2025. It is now read-only.

forcedotcom/sfdx-circleci-org

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
.circleci
.circleci
 
 
assets
assets
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CODEOWNERS
CODEOWNERS
 
 
CONTRIBUTING-ARCHIVED.md
CONTRIBUTING-ARCHIVED.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

sfdx-circleci-org

CircleCI

Coming Soon --- For a fully guided walkthrough of setting up and configuring continuous integration using scratch orgs and Salesforce CLI, see the Continuous Integration Using Salesforce DX Trailhead module.

This repository shows how to successfully set up deploying to non-scratch orgs (sandbox or production) with CircleCI.

Before You Begin

We make a few assumptions in this README. Continue only if you have completed these critical configuration prerequisites.

  • You know how to set up your GitHub repository with CircleCI. (Need help? See the CircleCI Getting Started guide.)
  • You have properly set up the JWT-Based authorization flow (headless). You can follow these steps to set it up.
    • You also need to have the server.key you used to setup the the JWT flow above.

Getting Started

  1. Fork this repo in to your GitHub account using the fork link at the top of the page.

  2. Clone your forked repo locally: git clone https://github.com/<git_username>/sfdx-circleci-org.git

  3. Make sure that you have Salesforce CLI installed. Run sfdx force --help and confirm you see the command output. If you don't have it installed, you can download and install it from here.

  4. Confirm that you can perform a JWT-based auth using your server.key:

    $ sfdx auth:jwt:grant --clientid <your_consumer_key> --jwtkeyfile server.key --username <your_username> --setdefaultdevhubusername

    Note: If you haven't set up JWT-based auth see Authorize an Org Using the JWT-Based Flow in the Salesforce DX Developer Guide.

  5. Encrypt and store your server.key using the instructions below.
    IMPORTANT! - For security reasons, don't store the server.key within the project.

    1. First, generate a key and an initializtion vector (iv) to encrypt your server.key file locally (CircleCI will use the them to decrypt your server.key in the build environment).

      $ openssl enc -aes-256-cbc -k <passphrase here> -P -md sha1 -nosalt

    2. Make note of the key and iv values output to the screen. You'll use them to encrypt your server.key in the next step.

    3. Encrypt the server.key using the newly generated key and iv values. Use the key and iv values only once, and don't use them to encrypt more than the server.key. While you can re-use this pair to encrypt other things, it's considered a security violation to do so. Every time you run the command above, a new key and iv value is generated. You can't regenerate the same pair, so if you lose these values you'll need to generate new ones and encrypt again.

      $ openssl enc -nosalt -aes-256-cbc -in server.key -out assets/server.key.enc -base64 -K <key> -iv <iv>

      This command replaces the existing server.key.enc with your encrypted version.

  1. From your JWT-based connected app on Salesforce, retrieve the generated Consumer Key and store it in a CircleCI environment variable named CONSUMER_KEY using the CircleCI UI.

    A picture of the Salesforce UI that shows the Connected App management screen

  2. Store the user name that you use to access your target org in a CircleCI environment variable named USER_NAME. Note - this is the username that you use to log in to your target org.

  3. Store the endpoint that you use to login your target org in a CircleCI environment variable named ENDPOINT. Note - this is the endpoint that you use to log in to your target org (e.g. login.salesforce.com).

  4. Store the key and iv values in CircleCI environment variables named DECRYPTION_KEY and DECRYPTION_IV, respectively. When finished setting environment variables, the environment variables setup screen should look like the one below.

    A picture of the CircleCI UI that shows the environment variables

  5. Commit the updated server.key.enc file.

Now you're ready to go! When you commit and push a change, your change kicks off a CircleCI build.

Enjoy!

Environment Variables

Env Var Description
HUB_CONSUMER_KEY From your JWT-based connected app on Salesforce, retrieve the generated Consumer Key from your Dev Hub org.
HUB_USER_NAME This username is the username that you use to access your Dev Hub.
ENDPOINT the login URL of the instance the org lives on.
DECRYPTION_KEY server.key encryption key.
DECRYPTION_IV server.key encryption initialization Vector.
DX_CLI_URL_CUSTOM By default, the script installs the current version of Salesforce CLI. To install the release candidate, set the DX_CLI_URL_CUSTOM local variable to the appropriate URL.

Contributing to the Repository

If you find any issues or opportunities for improving this repository, fix them! Feel free to contribute to this project by forking this repository and making changes to the content. Once you've made your changes, share them back with the community by sending a pull request. See How to send pull requests for more information about contributing to GitHub projects.

Reporting Issues

If you find any issues with this demo that you can't fix, feel free to report them in the issues section of this repository.

About

Circle CI examples with org development

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

13 stars

Watchers

25 watching

Forks

27 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages