Setup Salesforce CI/CD Pipeline Using GitHub Actions

Hi Everyone in this blog we are going to discuss about — How to setup CI/CD pipeline in Salesforce Using GitHub. Let’s go…

CI/CD Salesforce

Before going to the actual implementation let’s first understand the problem Statement →

As of today, Salesforce recommends two development models.

1. Package Development Model
2. Org Development Model

Let’s talk about Org Development Model because it’s the most common model that followed by most of the organization…

Org Development Model →

• Create features for deployment — uses Change set Bundle
• Deployments are org based and not package based

Every feature developed would be bundled into a change set and be deployed to an org. Post deployment, QA would do a smoke testing and a regression testing just to ensure nothing in the org is impacted.

problem statement →

Ursa Major uses Salesforce CRM for their business. They have a development team that develops functionalities as per business request in a Developer Sandbox. The deployment manager collects the list of items developed for each functionality from the developer, prepares change set and deploys to QA Sandbox when it is ready for QA testing. After QA testing is pass, those functionalities are queued for PROD deployment which happens once every week. The deployment manager again creates the change set for PROD deployment and executes them once every week.

Let’s solve the problem….

Requirements that we need to full-fill before we start the Salesforce CI/CD Pipe-Line Setup→

1. Salesforce Developer Org ( currently using dev org to setup pipeline — you can setup for different org (sandbox, QA, Prod ) using git branching.
2. Personal GitHub Account
3. Salesforce CLI installed locally
4. Visual Studio Code installed locally with “Salesforce Extension Pack” installed.
5. Git Bash ( in case of windows )

Step 1: Certificates and Key

The first step is to create a self signed certificate and private key that we need for configuring the DevOps process to authorize with Salesforce org.

If your operating system is Windows, Just right click and run git bash inside the folder in which you want’s to create these key and certificate ( run below commands in bash ). In linux, you don’t have to install anything. Just execute the commands.

you can also follow these instruction from official doc Link.

1. In your terminal/command prompt/git bash, type the following command. This creates the private key named ‘server.key’.

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key

2. Next, type the following command in terminal/command prompt/git bash to generate the ‘server.csr’ file.

openssl req -new -key server.key -out server.csr

3. Now, type the following command in terminal/command prompt/git bash for generate the ‘server.crt’ certificate.

openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

Step 2: Connected App Setup in Salesforce for Devops Process

Why → A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as Security Assertion Markup Language (SAML), OAuth ( Open Authorization ), and OpenID Connect. Connected apps use these protocols to authorize, authenticate, and provide single sign-on (SSO) for external apps.

The external apps that are integrated with Salesforce can run on the customer success platform, other platforms, devices, or SaaS subscriptions. In our case we are using OAuth protocol.

For example, when you log in to your Salesforce mobile app and see your data from your Salesforce org, you’re using a connected app.

Connected App Model in Salesforce

Steps to setup connected App →

1. Login in to Salesforce Developer Org
2. Navigate to Setup -> Apps -> App Manager
3. Create a new Connected App with the following details and save it.

• Connected App Name = “DevOps App” ( Name as per your Need )
• Contact Email = specify your personal email address
• Enable OAuth Settings = tick mark it to checked state
• Callback URL = http://localhost:1717/OauthRedirect
• Use digital signatures = tick mark it to checked state

→ Browse and select the server.crt file from your local machine

• Selected OAuth scopes

→Access and manage your data (api)

→Access your basic information (id, profile, email, address, phone)

→Perform requests on your behalf at any time (refresh_token, offline_access)

→Provide access to your data via the Web (web)

• Require Secret for Web Server Flow = tick mark it to checked state

save it and click on continue.

Note :- After Continue you will see consumer key ( client Id ).. copy it in your text editor we need this for authorization.

4. Click the “Manage” button the connected app, set the following and save.

• Permitted Users = Admin approved users are pre-authorized

5. After saving the permitted users, scroll down to “Profiles” related list and click the “Manage Profiles” button. Add the “System Administrator” profile or equivalent profile that your DevOps user is setup with.

Test if SFDX authorization to SF org is successful or not →

run the below command in your command prompt. Ensure to replace the username, client id with your own values.

→ in front of clientid put the id that we copied from connected app.

→ for server.key make sure you are executing this command in same directory where the server.key file exists.

→ for username paste your org username.

sfdx force:auth:jwt:grant --clientid 3MVG97quAmFZJfVyzexU2c1VnTmNIkZ5g1IwJ_abcd_menLDWTuYasRhgInZHkA.Jfw.BmI4rbHYmjdzZBeqC --jwtkeyfile server.key --username xxx@xxx.com --instanceurl https://login.salesforce.com

On executing the force:auth:jwt:grant command, it should say “Successfully authorized xxx@xxx.com with org ID 00D2x000000aBcABCD”.

If this fails, then either the ClientId copied & pasted is not proper or certificate/key file is not generated properly from OpenSSL.

Step 3: Repository Setup in GitHub

In this step, we will create a new repo in GitHub to setup our devOps pipeline.

1. Login to GitHub
2. Create a new repository named “SFDevOps” and save it.

• Visibility should be Public/Private
• tick mark checked on add readme file option

3. Click on Create Repository button

Step 4. Getting the SF Org codebase to push to GitHub repo

In this step, we will pull the codebase from salesforce and organize it in the way we want to version control it. Then, we will commit this code to the Github’s newly created repo we created in Step 3.

1. Create a folder named “DevOpsPipeline” in your local machine
2. Open “DevOpsPipeline” folder in your VS Code.
3. Execute the following command for creating an empty SFDX project locally in your Vs Code

• Open Command Palette ( Control + Shift + P), run SFDX: Create Project with Manifest.
• Run SFDX: Authorize an Org and select a login URL, for example Production ( in Our case Dev Org ).
• In VS Code explorer or editor, right-click on manifest file and select SFDX: Retrieve Source in Manifest from Org. This will retrieve the components from the authorized org based on the components defined in the package.xml. To read more about package.xml follow Official Doc.

4. Create a folder named “buildfiles” ( can name it according to you ) using the following command.

cd DevOpsPipeline
mkdir buildfiles

Paste the server.key that we have created in step-1 inside the buildfiles folder.

5. Execute the following command one by one in terminal/command prompt to initialize the project folder for git tracking and connecting local repo to remote repo.

git init
git commit -m "Initial Code Commit"
git remote add origin GIT_REPO_URL( copy from remote repo see below image )
git branch -m master main
git push -u origin main
git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/main
git pull origin main

click on code to get https url

After the command executes, switch to GitHub Repo open in browser and refresh the page. You should see the Salesforce Org codebase in the repo.

Step 5. Creating the GitHub Action for automated build & deploy

In this step, we will create the GitHub pipeline which will build, test and deploy the committed codebase from GitHub repo to Salesforce Cloud. Here, we will use the latest SFDX CLI Commands to deploy.

1. In the GitHub repo page open in the browser, navigate to “Actions” tab.
2. In the “Choose the starter workflow” page, click on the “Setup this workflow” button in the Simple Workflow box.
3. In the editor, rename the pipeline name from blank.yml or main.yml to pipeline.yml ( or any name that you want ).
4. Clear the code and paste the following code from my github repo → GitHub Repo Link. Change the values with your values.
5. Navigate to the Github repo page and go to “Settings” tab.
6. Click Secrets → Actions → New Repository Secret ( on right side ). Create following secrets →

• SALESFORCEPRODCLIENTID = paste the client id from the connected app we created in Step 2.

Note :- If you face any error due to Repository Secret variables you can put values directly in Github Action command for testing purpose like below

run: sfdx force:auth:jwt:grant --clientid 3MVG9fe4g9fhX0E5rp6DbIO1.EqMtwpHTwLXzydDMw_QbzCOixsasjIpF5eyrSalc2OgsgvjQq8tk2DT --jwtkeyfile ./buildfiles/server.key --username $USERNAME --instanceurl $INSTANCE_URL -a prod

Note :- You can also modify the deployment command to run particular test.

7. Run the following command in terminal/command prompt to pull the pipeline.yml file to vscode locally.

• git pull origin main

To learn more about GitHub Action follow official Doc Link.

AND That’s It, We are Done 🙌🙌.

From now on, you just need to

• open the project code in VS Code
• add/modify the code
• run the following commands to commit your code changes to github repo.

git add . git commit -m "feature added"
git push origin main

• the GitHub pipeline will automatically detect that a commit was made and it will automatically run the pipeline to deploy the code.
• even if the pipeline succeeds or fails, you will get an email notification regarding the latest build status.
• you can also check deployment status in Salesforce → Setup → Deployment Status

Conclusion

• You don’t have to open Salesforce Org from now on for making code changes.
• Every code/metadata changes are made locally in VS Code and tracked by GitHub version control. Version Control is the source of truth.
• GitHub pipeline ensures that what is in GIT repo is there in the SF Org.

That’s it, . I hope you found the post useful !!, Please Follow & hit the clap button give your valuable feedback.

🎉🎉 Thanks a lot for reading till the end 🎉🎉

Feel free to reach out to me anytime .😊 Feedback and suggestions are Welcome .

Email: pradyumnsh007@gmail.com
LinkedIn: https://www.linkedin.com/in/pradyumn-sharma-59782a15a/
Github: https://github.com/sharmapradyumn