# 3. Setting up sfops repository

Once you have forked the repository from sfops upstream (contact team for access) into a repository in your GitHub organisation, please set up the following variables and secrets.

### Variables & Secrets

To use the associated workflows, you need to set the following repository secrets and variables:

#### GitHub Authentication

**GitHub Personal Access Token**

| Variable   | Type              | Value Type | Example  | Comments                                                                                                                        |
| ---------- | ----------------- | ---------- | -------- | ------------------------------------------------------------------------------------------------------------------------------- |
| GHA\_TOKEN | Repository Secret | String     | ghp\_... | The GitHub PAT created in [Prerequisites](https://docs.flxbl.io/flxbl/sfops/self-managed-instances/setting-up/..#prerequisites) |

**GitHub App Credentials**

These credentials are from the sfops-bot [GitHub App](https://docs.flxbl.io/flxbl/sfops/self-managed-instances/setting-up/github-app):

| Variable                    | Type                  | Value Type | Example           | Comments                                                             |
| --------------------------- | --------------------- | ---------- | ----------------- | -------------------------------------------------------------------- |
| SFOPSBOT\_APP\_ID           | Organization Variable | String     | 1768214           | The App ID from your GitHub App settings page                        |
| SFOPSBOT\_APP\_PRIVATE\_KEY | Organization Secret   | String     | -----BEGIN RSA... | The entire contents of the .pem file downloaded from your GitHub App |

#### Docker Registry Configuration

**Secrets for Pushing Docker Images**

These secrets are required to push the built sfops Docker images to GitHub Container Registry (ghcr.io):

| Variable            | Type              | Value Type | Example  | Comments                                                         |
| ------------------- | ----------------- | ---------- | -------- | ---------------------------------------------------------------- |
| DOCKER\_PUSH\_TOKEN | Repository Secret | String     | ghp\_... | GitHub PAT with write:packages permission (can reuse GHA\_TOKEN) |

{% hint style="warning" %}
**Important:** `DOCKER_PUSH_TOKEN` is recommended for pushing Docker images. While `GITHUB_TOKEN` can work if you grant repository access to the packages (see troubleshooting), a PAT with `write:packages` permission is more reliable and required for initial package creation.
{% endhint %}

{% hint style="info" %}
**Alternative to DOCKER\_PUSH\_TOKEN:** If you prefer using `GITHUB_TOKEN`, you must grant your `sfops` repository write access to the container packages:

1. Go to: `https://github.com/orgs/YOUR_ORG/packages/container/sfops/settings`
2. Under **"Manage Actions access"**, click **"Add Repository"**
3. Add `sfops` with **Write** role
4. Repeat for `sfops-lite` package

This is required because packages created by a PAT are owned by that user, not the repository.
{% endhint %}

**Configuration for Pulling Base Images**

These settings configure where to pull the sfp-pro base images that sfops Docker images are built upon.

**Default Setup (Using official sfp-pro from Gitea)**

| Variable                 | Type                | Value Type | Example         | Comments                                            |
| ------------------------ | ------------------- | ---------- | --------------- | --------------------------------------------------- |
| BASE\_REGISTRY           | Repository Variable | String     | source.flxbl.io | Keep as source.flxbl.io for official images         |
| BASE\_REPO               | Repository Variable | String     | flxbl           | Keep as flxbl for official images                   |
| BASE\_REGISTRY\_USERNAME | Repository Secret   | String     | your-username   | Your Gitea username                                 |
| BASE\_REGISTRY\_TOKEN    | Repository Secret   | String     | gitea\_token    | Your Gitea token (same as created in Prerequisites) |

**If You've Forked sfp-pro**

If you've built your own sfp-pro images ([instructions](https://docs.flxbl.io/sfp/getting-started/docker-images/sfp-pro#building-docker-images)), configure these variables to point to your registry.

**Example for GitHub Container Registry:**

| Variable                 | Type                | Value Type | Example       | Comments                                                         |
| ------------------------ | ------------------- | ---------- | ------------- | ---------------------------------------------------------------- |
| BASE\_REGISTRY           | Repository Variable | String     | ghcr.io       | GitHub Container Registry                                        |
| BASE\_REPO               | Repository Variable | String     | your-org      | Your GitHub organization name                                    |
| BASE\_REGISTRY\_USERNAME | Repository Secret   | String     | your-username | Your GitHub username                                             |
| BASE\_REGISTRY\_TOKEN    | Repository Secret   | String     | ghp\_...      | Your GitHub PAT with read:packages (can reuse GHA\_TOKEN)        |
| BASE\_IMAGE\_NAME        | Repository Variable | String     | your-sfp-pro  | Your custom sfp-pro image name (defaults to `sfp-pro`)           |
| BASE\_LITE\_IMAGE\_NAME  | Repository Variable | String     | your-sfp-lite | Your custom sfp-pro-lite image name (defaults to `sfp-pro-lite`) |

{% hint style="info" %}
**Important:** If you have forked sfp-pro and are using custom image names, ensure you set both:

* `BASE_IMAGE_NAME`: For the main sfops image (defaults to `sfp-pro`)
* `BASE_LITE_IMAGE_NAME`: For the lite sfops image (defaults to `sfp-pro-lite`)

These variables are crucial for the workflows to correctly pull your custom base images.
{% endhint %}

#### Environment Configuration

You need to create environments in your sfops repository for each organization you want to deploy to. Each environment requires the same set of variables with different values.

**Setting Up Environments**

Navigate to your sfops repository → **Settings** → **Environments** (or directly: `https://github.com/YOUR_ORG/sfops/settings/environments`)

**Required: Production Environment**

**Step 1: Create Production Environment**

1. Click **"New environment"** and name it (e.g., `production` or `prod`)
2. Add these environment variables:

| Variable            | Example Value                      | Comments                                                   |
| ------------------- | ---------------------------------- | ---------------------------------------------------------- |
| REPO\_OWNER         | your-org                           | Your GitHub organization name                              |
| PROJECT\_REPO       | sf-core                            | Your production Salesforce repository                      |
| SFOPS\_ACTION\_REPO | sfops-gh-actions                   | Production actions repository                              |
| DASHBOARD\_REPO     | sfops-dev-central                  | Dev Central repository                                     |
| SFP\_SERVER\_URL    | <https://codev.example.com>        | Codev Hub URL (use placeholder if not using Codev Hub yet) |
| SFOPS\_IMAGE        | ghcr.io/your-org/sfops:latest      | Docker image with latest tag                               |
| SFOPS\_LITE\_IMAGE  | ghcr.io/your-org/sfops-lite:latest | Lite Docker image with latest tag                          |

**Optional: Test Environment**

{% hint style="info" %}
**Recommended:** Create a test environment to validate changes before deploying to production. Skip this if you prefer to test directly in production. 🎲
{% endhint %}

**Step 2: Create Test Environment** *(Optional)*

1. Click **"New environment"** and name it (e.g., `test` or `dev`)
2. Add these environment variables:

| Variable            | Example Value                           | Comments                                                        |
| ------------------- | --------------------------------------- | --------------------------------------------------------------- |
| REPO\_OWNER         | your-org                                | Your GitHub organization name                                   |
| PROJECT\_REPO       | sf-core-test                            | Your test Salesforce repository                                 |
| SFOPS\_ACTION\_REPO | sfops-gh-actions-test                   | Test actions repository                                         |
| DASHBOARD\_REPO     | sfops-dev-central-test                  | Test Dev Central repository                                     |
| SFP\_SERVER\_URL    | <https://codev-test.example.com>        | Test Codev Hub URL (use placeholder if not using Codev Hub yet) |
| SFOPS\_IMAGE        | ghcr.io/your-org/sfops:development      | Docker image with development tag                               |
| SFOPS\_LITE\_IMAGE  | ghcr.io/your-org/sfops-lite:development | Lite Docker image with dev tag                                  |

**Step 3: Configure Repository Variables**

Go to Settings → **Secrets and variables** → **Actions** → **Variables** tab and create:

* `ORGS`: Array with all your environment names, e.g., `['production']` or `['production', 'test']`

{% hint style="info" %}
**Important:** The values in ORGS must exactly match the environment names you created above. Add all your environments (production, test, etc.) to this single array. See [4. Trigger the workflows](https://docs.flxbl.io/flxbl/sfops/self-managed-instances/setting-up/4.-trigger-the-workflows) for deployment instructions.
{% endhint %}

{% hint style="warning" %}
These variables will be automatically set up during the set up of sfops in your repository by the FLXBL team. This guide is only applicable when you are setting up a self managed instance of sfops
{% endhint %}