# 5. Setting up project repository Once you have set up your sfops repository, you need to configure your Salesforce project repository with the necessary variables and secrets. ## Variables & Secrets Navigate to your project repository → **Settings** → **Secrets and variables** → **Actions** ### GitHub App Authentication These credentials connect your project repository to the sfops-bot GitHub App: | Variable | Type | Value Type | Example | Comments | | --------------------------- | ------------------- | ---------- | ----------------- | ------------------------------------------------------------------------------------------- | | SFOPSBOT\_APP\_ID | Repository Variable | String | 418222 | The App ID from [step 2](/flxbl/sfops/self-managed-instances/setting-up/github-app.md) | | SFOPSBOT\_APP\_PRIVATE\_KEY | Repository Secret | String | -----BEGIN RSA... | The private key from [step 2](/flxbl/sfops/self-managed-instances/setting-up/github-app.md) | ### sfops Configuration Core settings for connecting your project to sfops infrastructure: | Variable | Type | Value Type | Example | Comments | | ------------------------ | ------------------- | ---------- | -------------------- | ---------------------------------------------------------------------------------------- | | SFOPS\_DASHBOARD\_REPO | Repository Variable | String | your-org/dev-central | The Dev Central repository for this project | | SFOPS\_METRICS\_PROVIDER | Repository Variable | String | datadog | Metrics provider (datadog, newrelic, or splunk) | | BRANCHES | Repository Variable | Array | \["main"] | List of branches tracked in DevCentral dashboard (typically just your main/trunk branch) | ### Issue Tracker Integration (Optional) If using Jira or other issue tracking: | Variable | Type | Value Type | Example | Comments | | ------------------------------------- | ------------------- | ---------- | -------------------------- | ------------------------------ | | SFOPS\_ISSUETRACKER\_URL\_BASE | Repository Variable | String | | Base URL of your issue tracker | | SFOPS\_ISSUETRACKER\_WORKITEM\_FILTER | Repository Variable | String | (FGK\|FFK)-\[0-9]{3,4} | Regex pattern for issue IDs | | SFOPS\_JIRA\_USER | Repository Variable | String | | Jira username for integration | | SFOPS\_JIRA\_TOKEN | Repository Secret | String | jira\_token\_xyz | Jira API token | ### Salesforce Authentication Required for deployments and validations: | Variable | Type | Value Type | Example | Comments | | ----------------------- | ----------------- | ---------- | ----------- | -------------------------------------------------------------- | | DEVHUB\_SFDX\_AUTH\_URL | Repository Secret | String | force://... | SFDX Auth URL of your deployment service account in production | {% hint style="info" %} **Tip**: The DEVHUB\_SFDX\_AUTH\_URL can be obtained by running: ```bash sf org display --target-org --verbose --json ``` Look for the `sfdxAuthUrl` field in the output. {% endhint %} ## Troubleshooting ### Docker Pull Errors - "denied" when pulling sfops images If your workflows fail with errors like: ``` Error response from daemon: denied ``` when trying to pull `ghcr.io/YOUR_ORG/sfops:VERSION` or `ghcr.io/YOUR_ORG/sfops-lite:VERSION`, the Docker packages need to be configured for internal organization access. **Solution 1: Configure Package Visibility (Preferred)** After the first successful build in your sfops repository (step 4): 1. Navigate to your organization's packages: `https://github.com/orgs/YOUR_ORG/packages` 2. For both `sfops` and `sfops-lite` packages: * Click on the package name * Go to **Package settings** * In **Danger Zone**, click **Change package visibility** * Select **Internal** - Make this package visible to everyone in your organization * Type the package name to confirm * Click **I understand the consequences, change package visibility** **Solution 2: Manage Actions Access (If visibility change is disabled)** If you see "Setting is disabled by organization administrators" when trying to change visibility: 1. Navigate to your organization's packages: `https://github.com/orgs/YOUR_ORG/packages` 2. For both `sfops` and `sfops-lite` packages: * Click on the package name * Go to **Package settings** * Find **Manage Actions access** section * Under **Actions repository access**, click **Add Repository** * Add your project repository (e.g., `sf-core`) * Save the changes This grants specific repository access to pull the packages even when they remain private. {% hint style="danger" %} **Note**: One of these solutions must be applied after the first successful workflow run that creates the packages. Until access is configured, project repositories cannot pull the Docker images. {% endhint %} {% hint style="warning" %} These variables will be automatically set up during the setup of sfops in your repository by the FLXBL team. This guide is only applicable when you are setting up a self-managed instance of sfops. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flxbl.io/flxbl/sfops/self-managed-instances/setting-up/5.-setting-up-project-repository.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.