5. Setting up project repository

Once you have set up your sfops repository, you need to configure your Salesforce project repository with the necessary variables and secrets.

Variables & Secrets

Navigate to your project repository → Settings → Secrets and variables → Actions

GitHub App Authentication

These credentials connect your project repository to the sfops-bot GitHub App:

Variable

Type

Value Type

Example

Comments

SFOPSBOT_APP_ID

Repository Variable

String

418222

The App ID from step 2

SFOPSBOT_APP_PRIVATE_KEY

Repository Secret

String

-----BEGIN RSA...

The private key from step 2

sfops Configuration

Core settings for connecting your project to sfops infrastructure:

Variable

Type

Value Type

Example

Comments

SFOPS_DASHBOARD_REPO

Repository Variable

String

your-org/dev-central

The Dev Central repository for this project

SFOPS_METRICS_PROVIDER

Repository Variable

String

datadog

Metrics provider (datadog, newrelic, or splunk)

BRANCHES

Repository Variable

Array

["main"]

List of branches tracked in DevCentral dashboard (typically just your main/trunk branch)

Issue Tracker Integration (Optional)

If using Jira or other issue tracking:

Variable

Type

Value Type

Example

Comments

SFOPS_ISSUETRACKER_URL_BASE

Repository Variable

String

https://jira.example.com

Base URL of your issue tracker

SFOPS_ISSUETRACKER_WORKITEM_FILTER

Repository Variable

String

(FGK|FFK)-[0-9]{3,4}

Regex pattern for issue IDs

SFOPS_JIRA_USER

Repository Variable

String

[email protected]

Jira username for integration

SFOPS_JIRA_TOKEN

Repository Secret

String

jira_token_xyz

Jira API token

Salesforce Authentication

Required for deployments and validations:

Variable

Type

Value Type

Example

Comments

DEVHUB_SFDX_AUTH_URL

Repository Secret

String

force://...

SFDX Auth URL of your deployment service account in production

Tip: The DEVHUB_SFDX_AUTH_URL can be obtained by running:

sf org display --target-org <your-devhub-alias> --verbose --json

Look for the sfdxAuthUrl field in the output.

Troubleshooting

Docker Pull Errors - "denied" when pulling sfops images

If your workflows fail with errors like:

Error response from daemon: denied

when trying to pull ghcr.io/YOUR_ORG/sfops:VERSION or ghcr.io/YOUR_ORG/sfops-lite:VERSION, the Docker packages need to be configured for internal organization access.

Solution 1: Configure Package Visibility (Preferred)

After the first successful build in your sfops repository (step 4):

Navigate to your organization's packages: https://github.com/orgs/YOUR_ORG/packages
For both sfops and sfops-lite packages:
- Click on the package name
- Go to Package settings
- In Danger Zone, click Change package visibility
- Select Internal - Make this package visible to everyone in your organization
- Type the package name to confirm
- Click I understand the consequences, change package visibility

Solution 2: Manage Actions Access (If visibility change is disabled)

If you see "Setting is disabled by organization administrators" when trying to change visibility:

Navigate to your organization's packages: https://github.com/orgs/YOUR_ORG/packages
For both sfops and sfops-lite packages:
- Click on the package name
- Go to Package settings
- Find Manage Actions access section
- Under Actions repository access, click Add Repository
- Add your project repository (e.g., sf-core)
- Save the changes

This grants specific repository access to pull the packages even when they remain private.

Note: One of these solutions must be applied after the first successful workflow run that creates the packages. Until access is configured, project repositories cannot pull the Docker images.

These variables will be automatically set up during the setup of sfops in your repository by the FLXBL team. This guide is only applicable when you are setting up a self-managed instance of sfops.

Previous4. Trigger the workflows Next6. Fetching upstream changes

Last updated 2 hours ago