📢 Attention Salesforce Certified Trailblazers! Maintain your credentials and link your Trailhead and Webassessor accounts by April 19th. Learn more.

Wire It All Together

Learning Objectives

After completing this unit, you’ll be able to:
  • Describe how Travis CI implements the JWT bearer flow.
  • Identify the contents of the travis.yml file.
  • Describe how CI gets kicked off.

Encrypt Your Secrets

Now that you’ve created your connected app, you’re ready to use the JWT command in the CLI.

For Travis CI to successfully execute the JWT bearer flow on your behalf, it requires access to the server.key so it can sign the OAuth request. To perform this step securely, encrypt the server.key so that only Travis CI can decrypt it, and then add it to your project.

  1. From a command window, change to your local sfdx-travisci project directory.
  2. Open the .travis.yml file and remove the line that looks something like this, then save it:
    - openssl aes-256-cbc -K $encrypted_0db5e9c4fee8_key -iv $encrypted_0db5e9c4fee8_iv
       -in assets/server.key.enc -out assets/server.key -d
  3. In the assets folder, delete the sample server.key.enc and server.key files.
  4. Copy the server.key from the certificates directory to the assets folder.
  5. Log in to Travis CI with your GitHub credentials:
    travis login --org
  6. From the root of your local sfdx-travisci directory, use the Travis CI CLI to create an encrypted version of the file using this command:
    travis encrypt-file assets/server.key assets/server.key.enc --add

    The --add flag adds the encrypted key to the .travis.yml file. We’ll cover the YAML file’s contents in a bit.

  7. When the command has finished running, delete assets/server.key.


    When you implement this process in the real world, we recommend that you add the assets/server.key file to the .gitignore file instead of deleting it. That way, you still have the key if you need it again in the future.

Store Your Settings in Travis CI

For the JWT bearer token flow, specify your consumer secret and username. Rather than putting this sensitive information in your repository, store these tidbits securely with Travis CI.

Using the Travis CI CLI, run the following commands:
travis env set CONSUMERKEY <connected app consumer key>
travis env set USERNAME <your Dev Hub username>
Did you forget where you noted the connected app consumer key?
  1. From Setup, enter App Manager in the Quick Find box, then select App Manager.
  2. Scroll down to the find the sfdx travis ci connected app, click the list item drop-down arrow (list item dropdown), and then select View.

Customize Your Build

First, you need to tell Travis CI what to build by adding a .travis.yml file to your repository. For purposes of completing this module, we provided a YAML file in the sample repo. You updated it by adding your encrypted key.

Open your YAML file in a text editor. Look how the YAML file lays out what to build in each of its sections.

The before_install section installs the Salesforce CLI in the Travis CI virtual machines (VMs). Because we’re running a command to install software, the process needs superuser access to the VM, which is why we specify sudo: true. The process also executes a command to decrypt the server.key.enc so that it’s available for subsequent commands.

The before_install section initiates the JWT bearer token flow. Notice that it uses the $CONSUMERKEY and $USERNAME you stored in the Travis CI environment settings.

Lastly, the script section executes the Salesforce DX commands you’ll use daily when you develop new features. This section indicates commands to:
  • Create a temporary scratch org.
  • Push source to the scratch org.
  • Run tests.
  • Delete the temporary scratch org after the test run.

Now you’re ready to kick of a continuous integration build!

Kick off Continuous Integrations

At this point, any changes to local files that you commit and push to your repository kick off a build with Travis CI. You've already made some changes to the YAML file. Are you ready to get this party started? Let’s see how this process works.

  1. Commit and push your changes:
    git add .
    git commit -m "Updated YAML"
    git push origin master
  2. Head over to Travis CI and watch your build begin and run through your tests.

Congratulations! You have set up CI with GitHub and Travis CI. While we looked at those two services specifically, you can apply these same concepts to any build system.