Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
sfdx-auth: heroku/sfdx-auth@2.1.1
Use sfdx-auth
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
Authorizes sfdx CLI using the Salesforce Connected App credentials.
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
grant-args | - | No | '--setdefaultdevhubusername' | string |
org-alias | - | No | DevHub | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/ja/orbs/licensing
commands:
cleanup:
description: |
Removes unencrypted credentials.
steps:
- run:
command: |
rm connected-app.key || true
name: Clean-up sfdx auth
setup:
description: |
Authorizes sfdx CLI using the Salesforce Connected App credentials.
parameters:
grant-args:
default: --setdefaultdevhubusername
type: string
org-alias:
default: DevHub
type: string
steps:
- run:
command: |
has_errors=false
if ! sfdx version; then
echo "Requires installation of sfdx: npm install sfdx-cli"
has_errors=true
fi
if [ -z "$SFDX_CONSUMER_KEY" ]; then
echo "Requires SFDX_CONSUMER_KEY environment variable"
has_errors=true
fi
if [ -z "$SFDX_USERNAME" ]; then
echo "Requires SFDX_USERNAME environment variable"
has_errors=true
fi
if [ "$has_errors" = true ]; then
exit 2
fi
# Output `connected-app.key` from either the base64-encoded env var, or an encrypted file & secret env var
if [ -n "$SFDX_JWT_KEY" ]; then
# Decode the private key stored in the environment variable
echo $SFDX_JWT_KEY | base64 --decode --ignore-garbage > connected-app.key
elif [ -f "connected-app.key.enc" ]; then
# Decrypt the private key stored in the repo's file `connected-app.key.enc`
if [ -z "$SFDX_CONSUMER_SECRET" ]; then
echo "Requires SFDX_CONSUMER_SECRET environment variable"
exit 2
fi
openssl aes-256-cbc \
-k "$SFDX_CONSUMER_SECRET" \
-in connected-app.key.enc \
-out connected-app.key \
-d \
-md sha256
else
echo "Requires either: base64-encoded SFDX_JWT_KEY env var, or 'connected-app.key.enc' file & SFDX_CONSUMER_SECRET env var"
exit 2
fi
# Request authorization using the private key
sfdx force:auth:jwt:grant \
--clientid "$SFDX_CONSUMER_KEY" \
--jwtkeyfile "$(pwd)/connected-app.key" \
--username "$SFDX_USERNAME" \
-a "<< parameters.org-alias >>" << parameters.grant-args >>
echo "sfdx force:org:list"
sfdx force:org:list
name: Set-up sfdx auth
description: |
Authorize `sfdx` CLI via Salesforce Connected App using JWT authentication.
version: 2.1