How To Use SFDX-CLI with GitHub Actions

Create JWT Auth Flow

Create Self-Signed Cert and Key

mkdir -p ~/.ssh/jwt
cd ~/.ssh/jwt
openssl genrsa -des3 -passout pass:SomePassword -out server.pass.key 2048
openssl rsa -passin pass:SomePassword -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr

Enter your company information into the CSR Request prompts

openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

If you are using VS Code remote, transfer the server.crt file to your workstation by opening it and saving it locally.

Create Salesforce Connected App

App Manager -> New Connected App
Enter Callback URL: http://localhost:1717/OauthRedirect
Select Use digital signatures
Choose File and upload the server.crt
Add the following OAuth scopes:
1. Manage user data via APIs (api)
2. Manage user data via Web browsers (web)
3. Perform requests at any time (refresh_token, offline_access)
Click Save
Click Manage
Click Edit Policies
In the OAuth Policies section, select Admin approved users are pre-authorized for permitted users
Click Save
Click Manage Profiles and then click Manage Permission Sets. Select the profiles and permission sets that are pre-authorized to use this connected app.

Test

sfdx force:auth:jwt:grant --clientid=[85 char string] --jwtkeyfile=/home/username/.ssh/jwt/server.key [email protected] --setdefaultdevhubusername --setalias devjwt

Add Actions to existing repo

Setup Repository Actions Secrets

Create the following secrets:

SALESFORCE_CONSUMER_KEY
SALESFORCE_DEVHUB_USERNAME
SALESFORCE_JWT_SECRET_KEY

Download Actions script

mkdir -p .github/workflows
cd .github/workflows
wget https://gist.githubusercontent.com/vkeenan/a804be413512c1347990dea71626e484/raw/ed6c7d868735d1c8ac112dec763eb4c1bab8455c/push-action-deploy.yml

Activate with GIT PUSH

git add .
git commit -m 'CI Installed'
git push

Visit GitHub to check results

https://github.com/

vkeenan/how-to-actions.md