Wire It All Together
- Describe how Travis CI implements the JWT bearer flow.
- Identify the contents of the travis.yml file.
- Describe how CI gets kicked off.
Encrypt Your Secrets
Now that you’ve created your connected app, you’re ready to use the JWT command in the CLI.
For Travis CI to successfully execute the JWT bearer flow on your behalf, it requires access to the server.key so it can sign the OAuth request. To perform this step securely, encrypt the server.key so that only Travis CI can decrypt it, and then add it to your project.
- From a command window, change to your local sfdx-travisci project directory.
- Open the .travis.yml file and remove the line that looks something like this, then save it:
- openssl aes-256-cbc -K $encrypted_0db5e9c4fee8_key -iv $encrypted_0db5e9c4fee8_iv -in assets/server.key.enc -out assets/server.key -d
- In the assets folder, delete the sample server.key.enc and server.key files.
- Copy the server.key from the certificates directory to the assets folder.
- Log in to Travis CI with your GitHub credentials:
travis login --org
- From the root of your local sfdx-travisci directory, use the Travis CI CLI to create an encrypted version of the file using this command:
travis encrypt-file assets/server.key assets/server.key.enc --addThe --add flag adds the encrypted key to the .travis.yml file. We’ll cover the YAML file’s contents in a bit.
Store Your Settings in Travis CI
For the JWT bearer token flow, specify your consumer secret and username. Rather than putting this sensitive information in your repository, store these tidbits securely with Travis CI.
travis env set CONSUMERKEY <connected app consumer key> travis env set USERNAME <your Dev Hub username>
- From Setup, enter App Manager in the Quick Find box, then select App Manager.
- Scroll down to the find the sfdx travis ci connected app, click the list item drop-down arrow ( ), and then select View.
Customize Your Build
First, you need to tell Travis CI what to build by adding a .travis.yml file to your repository. For purposes of completing this module, we provided a YAML file in the sample repo. You updated it by adding your encrypted key.
Open your YAML file in a text editor. Look how the YAML file lays out what to build in each of its sections.
The before_install section installs the Salesforce CLI in the Travis CI virtual machines (VMs). Because we’re running a command to install software, the process needs superuser access to the VM, which is why we specify sudo: true. The process also executes a command to decrypt the server.key.enc so that it’s available for subsequent commands.
The before_install section initiates the JWT bearer token flow. Notice that it uses the $CONSUMERKEY and $USERNAME you stored in the Travis CI environment settings.
- Create a temporary scratch org.
- Push source to the scratch org.
- Run tests.
- Delete the temporary scratch org after the test run.
Now you’re ready to kick off a continuous integration build!
Kick off Continuous Integrations
At this point, any changes to local files that you commit and push to your repository kick off a build with Travis CI. You've already made some changes to the YAML file. Are you ready to get this party started? Let’s see how this process works.
- Commit and push your changes:
git add . git commit -m "Updated YAML" git push origin master
- Head over to Travis CI and watch your build begin and run through your tests.
Congratulations! You have set up CI with GitHub and Travis CI. While we looked at those two services specifically, you can apply these same concepts to any build system.