Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix security vulnerabilities #63

Merged
merged 2 commits into from
Jun 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions .github/workflows/push-to-main-handler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,8 @@ jobs:
echo "IS_RELEASE=true" >> "$GITHUB_OUTPUT"
fi

- name: Install profile decompose sfdx plugin
- name: Install profile decompose sf plugin # ERROR: Unable to convert this command; you must convert it manually.

if: steps.requires-deploy.outputs.changed == '1'
run: echo y | npx sfdx-cli plugins:install @rdietrick/sfdx-profile-decompose

Expand All @@ -51,7 +52,7 @@ jobs:
run: |
echo "${SALESFORCE_JWT_KEY}" > server.key
npx sfdx-cli force:auth:jwt:grant --clientid ${{ secrets.SALESFORCE_CLIENT_ID }} --jwtkeyfile server.key --username ${{ secrets.SALESFORCE_DEVHUB_USERNAME}} --setdefaultdevhubusername -a DevHub
npx sfdx-cli force:org:display --json -u DevHub > sfdx-auth.json
npx sf org display --json -o DevHub > sfdx-auth.json

- name: Recompose profiles
if: steps.requires-deploy.outputs.changed == '1' && vars.SALESFORCE_FORMATTED_PROFILES_AND_PERMS == 'false'
Expand All @@ -77,8 +78,8 @@ jobs:
- name: Deploy to Production
if: steps.requires-deploy.outputs.changed == '1'
run: |
npx sfdx-cli force:source:manifest:create --sourcepath force-app --manifestname temp-deploy-manifest
npx sfdx-cli force:source:deploy -u DevHub -x temp-deploy-manifest.xml ${{ steps.check_for_destructive_changes.outputs.DESTRUCTIVE_FILES }} -w 200 -l RunLocalTests
sudo npx sf project generate manifest -p force-app -n temp-deploy-manifest
sudo npx sf project deploy start -o DevHub -x temp-deploy-manifest.xml ${{ steps.check_for_destructive_changes.outputs.DESTRUCTIVE_FILES }} -w 200 -l RunLocalTests --ignore-conflicts

- name: Get Previous Tag
if: steps.check_release.outputs.IS_RELEASE == 'true' && steps.requires-deploy.outputs.changed == '1'
Expand Down Expand Up @@ -121,16 +122,16 @@ jobs:
if: steps.requires-deploy.outputs.changed == '1'
run: |
echo "${SALESFORCE_TEMPLATE_JWT_SECRET_KEY}" > template-server.key
npx sfdx-cli force:auth:jwt:grant --clientid ${{ secrets.SALESFORCE_TEMPLATE_CONSUMER_KEY }} --jwtkeyfile template-server.key --username ${{ secrets.SALESFORCE_TEMPLATE_USERNAME}} -a Template --instanceurl https://test.salesforce.com
npx sfdx-cli force:org:display --json -u Template > sfdx-auth.json
sudo npx sf org login jwt --client-id ${{ secrets.SALESFORCE_TEMPLATE_CONSUMER_KEY }} --jwt-key-file template-server.key --username ${{ secrets.SALESFORCE_TEMPLATE_USERNAME}} --alias Template --instance-url https://test.salesforce.com
sudo npx sf org display --json -o Template > sfdx-auth.json
env:
SALESFORCE_TEMPLATE_JWT_SECRET_KEY: ${{ secrets.SALESFORCE_TEMPLATE_JWT_SECRET_KEY }}

- name: Update Template sandbox
if: steps.requires-deploy.outputs.changed == '1'
run: |
npx sfdx-cli force:source:manifest:create --sourcepath force-app --manifestname temp-deploy-manifest
npx sfdx-cli force:source:deploy -u Template -x temp-deploy-manifest.xml ${{ steps.check_for_destructive_changes.outputs.DESTRUCTIVE_FILES }} -w 200 -l RunLocalTests
sudo npx sf project generate manifest -p force-app -n temp-deploy-manifest
sudo npx sf org display --json -o Template > sfdx-auth.json

- name: Create PR with cleaned up destructive changes
if: steps.check_release.outputs.IS_RELEASE == 'true' && steps.requires-deploy.outputs.changed == '1'
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/release-branch-pull-request-handler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,14 +80,14 @@ jobs:
echo "$SFDX_AUTH_SECRET_KEY" >> key.txt
age --decrypt -i key.txt ${LOGIN_ENC_FILE}.age > ${LOGIN_ENC_FILE}
rm key.txt
npx sfdx-cli force:auth:sfdxurl:store -f ${LOGIN_ENC_FILE} -a is${{ steps.branchFilter.outputs.issueNumber }}uat
npx sfdx force:auth:sfdxurl:store -f ${LOGIN_ENC_FILE} -a is${{ steps.branchFilter.outputs.issueNumber }}uat
- name: Deploy Source to Sandbox
if: steps.branchFilter.outputs.matches == 'true' && steps.requires-deploy.outputs.changed == '1'
env:
LOGIN_ENC_FILE: auth/sandbox-login-url-${{ steps.branchFilter.outputs.branchName }}-uat.txt
run: |
npx sfdx-cli force:source:manifest:create --sourcepath force-app --manifestname temp-deploy-manifest
npx sfdx-cli force:source:deploy -u is${{ steps.branchFilter.outputs.issueNumber }}uat -x temp-deploy-manifest.xml ${{ steps.check_for_destructive_changes.outputs.DESTRUCTIVE_FILES }} -w ${{ vars.DEPLOYMENT_TIMEOUT }} -l RunLocalTests
npx sfdx project generate manifest -p force-app -n temp-deploy-manifest
npx sfdx project deploy start -o is${{ steps.branchFilter.outputs.issueNumber }}uat -x temp-deploy-manifest.xml ${{ steps.check_for_destructive_changes.outputs.DESTRUCTIVE_FILES }} -w ${{ vars.DEPLOYMENT_TIMEOUT }} -l RunLocalTests --ignore-conflicts
- name: Init Release Notes
id: init-release-notes
if: vars.GENERATE_RELEASE == 'true' && steps.check_first_deploy.outputs.FIRST_DEPLOY == 'true' && steps.branchFilter.outputs.matches == 'true'
Expand Down
Loading
Loading