Skip to content

Instantly share code, notes, and snippets.

@balindersingh

balindersingh/cicd-deploy.sh

Created July 20, 2023 18:15
Show Gist options
  • Save balindersingh/8dbd4558ded200eda3a994bd621ab9b6 to your computer and use it in GitHub Desktop.
Save balindersingh/8dbd4558ded200eda3a994bd621ab9b6 to your computer and use it in GitHub Desktop.
Download ZIP
Validate or Deploy using sfdx auth using JWT
Raw
cicd-deploy.sh
#!/bin/bash
# Sample cmd to run in terminal
# Code Sample 1: it will validate to org (-u)
# sh cicd-deploy.sh -u "yourpborg@pboedition.com.sandbox" -ev "your_ev" -ek "your_ek" -ck "your_sf_connected_app_client_id"
USERNAME="";
CHECKONLY="true";
CONSUMER_KEY="";
ENCRYPTION_IV="";
ENCRYPTION_KEY="";
INSTANCE_URL="https://test.salesforce.com";
SKIPCODECOVERAGE="false";
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-u|--username)
USERNAME="$2"
shift # past argument
shift # past value
;;
-c|--checkonly)
CHECKONLY="$2"
shift # past argument
shift # past value
;;
-ck|--consumerkey)
CONSUMER_KEY="$2"
shift # past argument
shift # past value
;;
-ek|--encryptionkey)
ENCRYPTION_KEY="$2"
shift # past argument
shift # past value
;;
-ev|--encryptioniv)
ENCRYPTION_IV="$2"
shift # past argument
shift # past value
;;
-url|--instanceurl)
INSTANCE_URL="$2"
shift # past argument
shift # past value
;;
-scc|--skipcodecoverage)
SKIPCODECOVERAGE="$2"
shift # past argument
shift # past value
;;
esac
done
if [ "$USERNAME" == "" ]
then
echo ====== ERROR: USERNAME is not provided. Exiting process=======
exit 1
fi
if [ "$CONSUMER_KEY" == "" ]
then
echo ====== ERROR: CONSUMER_KEY is not provided. Exiting process=======
exit 1
fi
if [ "$ENCRYPTION_KEY" == "" ]
then
echo ====== ERROR: ENCRYPTION_KEY is not provided. Exiting process=======
exit 1
fi
if [ "$ENCRYPTION_IV" == "" ]
then
echo ====== ERROR: ENCRYPTION_IV is not provided. Exiting process=======
exit 1
fi
echo "====== Decrypting the server key file for JWT Auth Grant ======="
openssl enc -aes-256-cbc -nosalt -d -in ./devops/jwt/server.key.enc -out ./devops/jwt/server.key.plain -base64 -K $ENCRYPTION_KEY -iv $ENCRYPTION_IV || exit 1
echo "====== JWT AUTH Grant: $USERNAME ======="
sfdx auth:jwt:grant --clientid "$CONSUMER_KEY" --jwtkeyfile ./devops/jwt/server.key.plain --username $USERNAME --instanceurl "$INSTANCE_URL" || exit 1
RUNTESTS="-l RunLocalTests"
if [ "$SKIPCODECOVERAGE" == "true" ]
then
echo ====== Running without code coverage=======
RUNTESTS=""
fi
echo "====== Request for org: $USERNAME ======="
if [ "$CHECKONLY" == "false" ]
then
echo "====== Deploy to org: $USERNAME ======="
sfdx force:source:deploy -p './force-app/' -u $USERNAME $RUNTESTS || exit 1
else
echo "====== Validate org: $USERNAME ======="
sfdx force:source:deploy -p './force-app/' -c -u $USERNAME $RUNTESTS || exit 1
fi
echo "====== Done with request ======"
Raw
devops_jwt_readme.md
Raw
github_workflows_cicd.yml
# This is a basic workflow to help you get started with Actions
name: CI
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "master" branch
push:
branches: [ "master","testing" ]
pull_request:
branches: [ "master","testing" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
## Sets environment variable
SANDBOX_USERNAME: "yourpboorg@pboedition.com.sandbox"
SBXLMA_USERNAME: "yourpboorg@pboedition.com.sbxlma"
PROD_USERNAME: "yourpboorg@pboedition.com"
PROD_INSTANCE_URL: "https://login.salesforce.com"
SKIP_CODE_COVERAGE: "false"
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
init:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
branchname: ${{ steps.branchnamestep.outputs.BRANCH_NAME }}
steps:
- id: branchnamestep
name: "Get branch name and save to env"
env:
IS_PR: ${{ github.EVENT_NAME == 'pull_request' }}
run: |
if ${IS_PR}; then
BRANCH_NAME="${GITHUB_HEAD_REF}"
else
BRANCH_NAME="${GITHUB_REF##*/}"
fi
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_OUTPUT
- name: "Another step uses branch name"
run: |
echo "Branch name is ${{ env.BRANCH_NAME }}"
echo "event_name is ${{ github.event_name}}"
echo "github.event.pull_request.merged is ${{ github.event.pull_request.merged }}"
echo "SANDBOX_USERNAME is ${{ env.SANDBOX_USERNAME }}"
echo "PROD_USERNAME is ${{ env.PROD_USERNAME }}"
echo "ENCRYPTION_IV is ${{secrets.ENCRYPTION_IV}}"
# This workflow contains a single job called "build"
validateOnPR:
# The type of runner that the job will run on
runs-on: ubuntu-latest
needs: init
env:
BRANCH_NAME: ${{needs.init.outputs.branchname}}
# Filter when to run
if: ${{ contains(fromJson('["pull_request"]'), github.event_name) }}
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
# Install Salesforce CLI
- name: Install Salesforce CLI
run: |
wget https://developer.salesforce.com/media/salesforce-cli/sfdx-linux-amd64.tar.xz
mkdir sfdx-cli
tar xJf sfdx-linux-amd64.tar.xz -C sfdx-cli --strip-components 1
./sfdx-cli/install
# Runs a single command using the runners shell
- name: Run script if branch name starts with feature
if: ${{ startsWith(env.BRANCH_NAME, 'feature-')}}
run: |
echo "echo PR is created or updated!"
echo "Branch name is ${{ env.BRANCH_NAME }}"
echo "SANDBOX_USERNAME is ${{ env.SANDBOX_USERNAME }}"
echo "PROD_USERNAME is ${{ env.PROD_USERNAME }}"
echo "ENCRYPTION_IV is ${{secrets.ENCRYPTION_IV}}"
echo "sfdx -v"
- name: Validate code on sandbox if branch name starts with feature
if: ${{ startsWith(env.BRANCH_NAME, 'feature-')}}
run: |
echo "Validate code on sandbox"
chmod +x ./cicd-deploy.sh
./cicd-deploy.sh -scc "${{env.SKIP_CODE_COVERAGE}}" -u "${{env.SANDBOX_USERNAME}}" -ev "${{secrets.ENCRYPTION_IV}}" -ek "${{secrets.ENCRYPTION_KEY}}" -ck "${{secrets.SANDBOX_CONSUMER_KEY}}"
shell: bash
- name: Validate code on SBXLMA if branch name starts with feature
if: ${{ startsWith(env.BRANCH_NAME, 'feature-')}}
run: |
echo "Validate code on sandbox (sbxlma)"
chmod +x ./cicd-deploy.sh
./cicd-deploy.sh -scc "${{env.SKIP_CODE_COVERAGE}}" -u "${{env.SBXLMA_USERNAME}}" -ev "${{secrets.ENCRYPTION_IV}}" -ek "${{secrets.ENCRYPTION_KEY}}" -ck "${{secrets.SBXLMA_CONSUMER_KEY}}"
shell: bash
- name: Run script if branch name is testing
if: ${{ env.BRANCH_NAME == 'testing' }}
run: |
echo "echo PR is created or updated!"
echo "Branch name is ${{ env.BRANCH_NAME }}"
echo "SANDBOX_USERNAME is ${{ env.SANDBOX_USERNAME }}"
echo "PROD_USERNAME is ${{ env.PROD_USERNAME }}"
echo "ENCRYPTION_IV is ${{secrets.ENCRYPTION_IV}}"
echo "Validate code on production"
chmod +x ./cicd-deploy.sh
./cicd-deploy.sh -url "${{env.PROD_INSTANCE_URL}}" -u "${{env.PROD_USERNAME}}" -ev "${{secrets.ENCRYPTION_IV}}" -ek "${{secrets.ENCRYPTION_KEY}}" -ck "${{secrets.PROD_CONSUMER_KEY}}"
shell: bash
# This workflow contains a single job called "build"
deployOnMerge:
# The type of runner that the job will run on
runs-on: ubuntu-latest
needs: init
env:
BRANCH_NAME: ${{needs.init.outputs.branchname}}
# Filter when to run
if: ${{ github.event_name == 'push' }}
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
# Install Salesforce CLI
- name: Install Salesforce CLI
run: |
wget https://developer.salesforce.com/media/salesforce-cli/sfdx-linux-amd64.tar.xz
mkdir sfdx-cli
tar xJf sfdx-linux-amd64.tar.xz -C sfdx-cli --strip-components 1
./sfdx-cli/install
# Runs a single command using the runners shell
- name: Run script if branch name is testing
if: ${{ env.BRANCH_NAME == 'testing' }}
run: |
echo "Direct commit or PR commit!"
echo "Branch name is ${{ env.BRANCH_NAME }}"
echo "SANDBOX_USERNAME is ${{ env.SANDBOX_USERNAME }}"
echo "PROD_USERNAME is ${{ env.PROD_USERNAME }}"
echo "ENCRYPTION_IV is ${{secrets.ENCRYPTION_IV}}"
echo "sfdx -v"
- name: Deploy code to sandbox if branch name is testing
if: ${{ env.BRANCH_NAME == 'testing' }}
run: |
echo "Deploy code on sandbox"
chmod +x ./cicd-deploy.sh
./cicd-deploy.sh -u "${{env.SANDBOX_USERNAME}}" -c false -ev "${{secrets.ENCRYPTION_IV}}" -ek "${{secrets.ENCRYPTION_KEY}}" -ck "${{secrets.SANDBOX_CONSUMER_KEY}}"
shell: bash
- name: Deploy code on SBXLMA if branch name is testing
if: ${{ env.BRANCH_NAME == 'testing' }}
run: |
echo "Deploy code on sandbox (sbxlma)"
chmod +x ./cicd-deploy.sh
./cicd-deploy.sh -u "${{env.SBXLMA_USERNAME}}" -c false -ev "${{secrets.ENCRYPTION_IV}}" -ek "${{secrets.ENCRYPTION_KEY}}" -ck "${{secrets.SBXLMA_CONSUMER_KEY}}"
shell: bash
- name: Run script if branch name is master
if: ${{ env.BRANCH_NAME == 'master' }}
run: |
echo "Direct commit or PR commit!"
echo "Branch name is ${{ env.BRANCH_NAME }}"
echo "SANDBOX_USERNAME is ${{ env.SANDBOX_USERNAME }}"
echo "PROD_USERNAME is ${{ env.PROD_USERNAME }}"
echo "ENCRYPTION_IV is ${{secrets.ENCRYPTION_IV}}"
echo "Validate code on production for Quick deploy"
chmod +x ./cicd-deploy.sh
./cicd-deploy.sh -url "${{env.PROD_INSTANCE_URL}}" -u "${{env.PROD_USERNAME}}" -ev "${{secrets.ENCRYPTION_IV}}" -ek "${{secrets.ENCRYPTION_KEY}}" -ck "${{secrets.PROD_CONSUMER_KEY}}"
shell: bash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment