Skip to content
log-in

GitHub Action

SFDX Login

v1.2.1 Latest version

SFDX Login

log-in

SFDX Login

Salesforce login action that either uses a SFDX Auth URL or the JWT based login flow

Installation

Copy and paste the following snippet into your .yml file.

              

- name: SFDX Login

uses: svierk/[email protected]

Learn more about this action in svierk/sfdx-login

Choose a version

🔐 SFDX Login

This repository implements a simple GitHub composite action that allows logging into any Salesforce org from CI/CD automations based on either a Salesforce DX (SFDX) authorization URL or using a JSON web token (JWT). Logging into an org authorizes the CLI to run other commands that connect to that org, such as deploying or retrieving a project. You can log into different types of orgs, such as sandboxes, Dev Hubs, Env Hubs, production orgs, and scratch orgs.

Usage

Log in to a Salesforce org using a Salesforce DX authorization URL

To be able to log in with an SFDX Auth URL, you must first generate it. The easiest option to achieve this is to redirect the output of the following command for an already authorized org to a JSON file like:

sf org display --target-org my-org --verbose --json > authFile.json

The resulting JSON file contains the URL in the "sfdxAuthUrl" property of the "result" object. Since we need the authFile.json contents for the login action, but saving raw JSON inputs in GitHub secrets is known to cause problems, we perform an additional step and encode the contents as a Base64 string to avoid headaches like:

cat authFile.json | base64

We then only have to store the Base64 string received in a GitHub action secret, e.g. SFDX_AUTH_URL, and can reference it whenever we are using the action in one of our workflows. A complete guide to secrets can be found here: Using secrets in GitHub Actions

In a GitHub workflow, the use of the action after the initial checkout step and the installation of the SF CLI could then look like this:

jobs:
  validation:
    name: Validation
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install SF CLI
        uses: svierk/sfdx-cli-setup@main
        
      - name: Salesforce Org Login
        uses: svierk/sfdx-login@main
        with:
          sfdx-url: ${{ secrets.SFDX_AUTH_URL }}
          alias: awesome-org

The SF CLI in this example workflow is installed via the action sfdx-cli-setup.

Log in to a Salesforce org using a JSON web token (JWT)

The JWT login flow requires a custom connected app to be created as well as a digital certificate, also called a digital signature, to sign the JWT request. You can create a self-signed certificate using OpenSSL. How to achieve this is already well documented:

The following three parameters must be passed to the login action:

  1. client-id | OAuth client ID (consumer key) of the custom connected app
  2. jwt-secret-key | Contents of the server.key file containing the private key
  3. username | Username of the user logging in

In a GitHub workflow, the use of the action after the initial checkout step and the installation of the SF CLI could then look like this:

jobs:
  validation:
    name: Validation
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install SF CLI
        uses: svierk/sfdx-cli-setup@main
        
      - name: Salesforce Org Login
        uses: svierk/sfdx-login@main
        with:
          client-id: ${{ secrets.SFDX_CONSUMER_KEY }}
          jwt-secret-key: ${{ secrets.SFDX_JWT_SECRET_KEY }}
          username: ${{ secrets.SFDX_USERNAME }}

The SF CLI in this example workflow is installed via the action sfdx-cli-setup.

References

The two authorisation options supported by this GitHub composite action can be found in the Salesforce CLI Command Reference here:

Releases

Latest release notes can be found on the release page.

License

The scripts and documentation in this project are released under the MIT License.