Salesforce SFDX CI/CD - Bitbucket Pipelines Example

Jul 1, 2020

 Software-Engineering  SFDX  Bitbucket Pipelines  CI/CD

Salesforce SFDX CI/CD - Bitbucket Pipelines Example

1. Prerequisites - environment and tools

  • Command Line on an OS MacOS / Linux / Windows
  • Web Browser
  • OpenSSL - OOTB in MacOS and Linux. Windows: https://www.openssl.org/
  • Salesforce Deployment Traget Org with Admin User Access
  • SFDX CLI - https://developer.salesforce.com/tools/sfdxcli
  • Bitbucket Pipeline - bitbucket user account with repo admin permission
  • Git - https://git-scm.com/

2. OpenSSL - crete a private key and self-sighned digital certificate

  • Run the following Commands in a folder, e.g. a folder named “my_ssh_keys” on Desktop 
    cd ~/Desktop/my_ssh_keys
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
  • Reference: https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_key_and_cert.htm

3. Salesforce Org - create a Connect App on deployment target org

  • Classic UI: Setup -> Build -> Create -> Apps -> New Connected Apps -> New
  • Lightning: Setup -> PLATFORM TOOLS -> Apps -> App Manager -> New Connected App
  • Connect App Name: e.g. My CICD
  • Contact Email: your@email.address
  • Enable OAuth Settings
    • Callback URL: http://localhost:1717/OauthRedirect
    • Tick “Use digital signatures” -> upload the server.crt that was generated by OpenSSL in step 2.
    • OAuth scope:
      • Access and manage your data (api)
      • Perform requests on your behalf at any time (refresh_token, offline_access)
      • Provide access to your data via the Web (web)
  • Reference: https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_connected_app.htm

4. Salesforce Org - OAuth from browser to the deployment target org

  • Allow from 2-10 minutes for your changes to take effect on the server before using the connected app.
  • Open browser, past the following address to login to the Salesforce deployment target org
    • https://org-custom-domain.my.salesforce.com/services/oauth2/authorize?client_id=consumer_key&redirect_uri=http://localhost:1717/OauthRedirect&response_type=code
  • Replace org-custom-domain with the deployment target custom domain
  • Replace consumer_key with the connect app’s consumer key
  • Login and Authorize (here the login user will be used as the pipeline Salesforce login user)
    • After login and authroize, the browser will be redirected to http://localhost:1717/OauthRedirect, just ignore and close the browser tab.

5. Bitbucket Pipeline - enable pipline

  • Click Pipeline on repo sidebar menu
  • Select the default Starter pipeline
  • Replace the bitbucket-pipelines.yml content with the following example.
image:
  name: salesforce/salesforcedx:7.75.1-slim

pipelines:
  default:
    - step:
        script:
          - echo "Commited changes to a branch that does not match the listed branches in bitbucket-pipelines.yml."
          - echo "You can skip running pipline by adding [skip ci] or [ci skip] (with []) to the git commit message."
          - sfdx --version
          - sfdx plugins --core
  branches:
    qa:
     - step:
         script:
           - sfdx --version
           - sfdx force:auth:jwt:grant -f server.key -i $SFDC_CONSUMER_KEY -u $SFDC_USER -d -s -r $SFDC_URL
           - sfdx force:source:deploy -x $MANIFEST_PACKAGE_PATH -l RunSpecifiedTests -r $TEST_CLASSES_1
  • The example will work when changes committed to the git repo branch named qa i.e. the CI/CD will automatically run when someone pull-request and merge changes to the qa branch.
  • You can change the branch name to suit your project settings.
  • You can add more branches to deploy different branches to different deployment target orgs, in this case you will need to set up Connect Apps in each deployment target orgs.

6. Bitbucket Pipeline - repository variables

  • The example in step 5 need following variables to be set up in the repository.
  • Repository sidebar -> Repository settings -> PIPELINES > Repository Variables: Add new Name and Value pairs
    • SFDC_CONSUMER_KEY : the consumer key from the newly created Salesforce Connect App
    • SFDC_USER : Salesforce Org user name of the CI/CD runner, the user that used in the OAuth slide
    • SFDC_URL : https://test.salesforce.com for sandboxes, replace “test” with “login” for production.
    • TEST_CLASSES_1 : list of comma separated unit test class names, e.g. MyClassTest,YourClassTest
    • MANIFEST_PACKAGE_PATH : manifest/release_package.xml

7. Bitbucket Pipeline - running CI/CD

  • In the example bitbucket-pipelines.yml the configuration is based on a branch named: qa
  • Create a branch in the repository, name it as qa
  • Commit the bitbucket-pipelines.yml and the server.key (created by OpenSSL in the step 1) to the qa branch.
  • Create the release_package.xml and commit it along with the metadata files that listed in it to the qa branch, your pipeline should have started automatically.
  • Don’t forget to update the Test Classes in the Repository variables. In the example the variable name is TEST_CLASSES_1

8. Good luck! 8 is a lucky number in Chinese culture, which means get rich :)

 Toc
 Tags
 Related