Learn more about FlxblslackGitHub

Authenticate to an Environment without Lock (SFP Server)

Learn how to authenticate to Salesforce environments through SFP server without locking for read-only operations and concurrent access scenarios

The authToEnvironmentWithoutLock action provides streamlined authentication to Salesforce environments through SFP server without acquiring an exclusive lock. This enables multiple workflows to access the same environment simultaneously, making it ideal for read-only operations, monitoring, and scenarios where concurrent access is safe.

Overview

When performing read-only operations or non-conflicting tasks on Salesforce environments, exclusive locking is often unnecessary and can create bottlenecks. The authentication without lock action provides:

  • Concurrent environment access allowing multiple workflows to run simultaneously

  • Faster authentication by skipping the lock acquisition process

  • Read-only safety for operations that don't modify the environment

  • Reduced wait times in busy CI/CD pipelines

  • Simplified workflow logic when locks aren't needed

This makes it perfect for:

  • Data queries and exports

  • Environment health checks

  • Monitoring and reporting

  • Test execution (read-only)

  • Metadata inspection

  • Any non-modifying operations

How It Works

The action follows this streamlined workflow:

Prerequisites

Before using this action in your custom workflow, ensure:

  1. Your workflow uses the sfops Docker image - Required for SFP CLI and dependencies:

    jobs:
  your-job:
    runs-on: ubuntu-latest
    container: ${{ sfops.sfops_docker_image }}

  2. SFP server credentials are configured:

    • SFP_SERVER_URL as a variable

    • SFP_SERVER_TOKEN as a secret

  3. Environment is registered in SFP server - This action only works with environments managed by SFP server

Referencing the Action

The authToEnvironmentWithoutLock action is located in your sfops repository. In all examples below, the action is referenced using:

uses: ${{ sfops.repo_owner }}/${{ sfops.action_repository }}/authToEnvironmentWithoutLock@main

The ${{ sfops.repo_owner }}/${{ sfops.action_repository }} template variables are automatically replaced with your organization and sfops repository name (e.g., flxbl-io/sfops-gh-actions).

Basic Usage

Simple Authentication for Read Operations

The minimal configuration for authentication without locking:

name: Query Environment Data
on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Target environment'
        required: true
        type: string

jobs:
  query-data:
    runs-on: ubuntu-latest
    container: ${{ sfops.sfops_docker_image }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Authenticate Without Lock
        id: auth
        uses: ${{ sfops.repo_owner }}/${{ sfops.action_repository }}/authToEnvironmentWithoutLock@main
        with:
          environment: ${{ inputs.environment }}
          repository: ${{ github.repository }}
          sfp-server-url: ${{ vars.SFP_SERVER_URL }}
          sfp-server-token: ${{ secrets.SFP_SERVER_TOKEN }}

      - name: Query Data
        run: |
          # Safe to run concurrently - read-only operation
          sfdx force:data:soql:query \
            --targetusername ${{ steps.auth.outputs.alias }} \
            --query "SELECT COUNT() FROM Account" \
            --json

Parallel Environment Checks

Run concurrent checks across multiple environments:

name: Multi-Environment Health Check
on:
  schedule:
    - cron: '0 */6 * * *'  # Every 6 hours

jobs:
  check-environment:
    runs-on: ubuntu-latest
    container: ${{ sfops.sfops_docker_image }}
    strategy:
      matrix:
        environment: [dev, staging, uat, production]
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Authenticate Without Lock
        id: auth
        uses: ${{ sfops.repo_owner }}/${{ sfops.action_repository }}/authToEnvironmentWithoutLock@main
        with:
          environment: ${{ matrix.environment }}
          repository: ${{ github.repository }}
          sfp-server-url: ${{ vars.SFP_SERVER_URL }}
          sfp-server-token: ${{ secrets.SFP_SERVER_TOKEN }}

      - name: Check Environment Health
        run: |
          # Multiple jobs can check different environments simultaneously
          sfdx force:limits:api:display \
            --targetusername ${{ steps.auth.outputs.alias }} \
            --json

      - name: Check Apex Test Coverage
        run: |
          sfdx force:apex:test:report \
            --targetusername ${{ steps.auth.outputs.alias }} \
            --codecoverage \
            --json

Input Reference

Input
Required
Default
Description

environment

Yes

-

Name of the environment to authenticate to

repository

Yes

-

Repository name in owner/repo format

sfp-server-url

Yes

-

URL to your SFP server instance

sfp-server-token

Yes

-

Authentication token for SFP server

Output Reference

Output
Description
Example Usage

alias

Alias of the authenticated org

${{ steps.auth.outputs.alias }}

is_active

Whether the environment is active

${{ steps.auth.outputs.is_active }}

org_id

Salesforce Org ID

${{ steps.auth.outputs.org_id }}

instance_url

Instance URL

${{ steps.auth.outputs.instance_url }}

login_url

Login URL

${{ steps.auth.outputs.login_url }}

access_token

Access token for API calls

${{ steps.auth.outputs.access_token }}

username

Username of authenticated user

${{ steps.auth.outputs.username }}

When to Use Lock vs Without Lock

Use With Lock
Use Without Lock

Deployments

Data queries

Data imports

Data exports

Destructive changes

Metadata retrieval

Schema modifications

Environment monitoring

Configuration changes

Report generation

Any write operations

Read-only validation

Last updated