GitHub securely authenticates to Salesforce using OAuth tokens.

These are typically stored in GitHub under Org Settings > Secrets or Repository Settings > Secrets.

The following secrets are critical for successful testing and delivery of a Salesforce package:

Should you ever need to update stored OAuth tokens or create additional secrets, you will need to generate an sfdxAuthUrl using the Salesforce/CLI.

1. Authenticate to Salesforce using salesforce/cli:
   • Open your terminal or command prompt.
   • Use the Salesforce CLI to log in to your Salesforce org by running the following command:

     # replace `<your-org-alias>` with any value you desire eg "MyDevhub"...
     sf org login web --alias <your-org-alias>

   • This command will open a browser window where you can log in to Salesforce. After logging in, your org will be authenticated with the Salesforce CLI.

2. Install the latest version of Salesforce/CLI

2. Generate the Auth URL:

   • After logging in, generate the sfdxAuthUrl by running:

     # replace `<your-org-alias>` with the same alias you used in the previous step...
     sf org display -o <your-org-alias> --verbose --json > orgInfo.json

   • The command will display the details of the authenticated org, including the sfdxAuthUrl.

3. Copy the Auth URL:

   • Look for the line that starts with SFDX Auth Url and copy the URL provided. It will look something like this:

     force://<client_id>:<client_secret>@<instance_url>/<refresh_token>
     

4. Use the Auth URL:

   • Paste this sfdxAuthUrl value into your desired Repository Secret.
   • Save.

• Security: Handle the sfdxAuthUrl securely, as it contains sensitive information that can provide access to your Salesforce org.
• Token Expiration: Be aware that the refresh token included in the URL might have an expiration policy, depending on your Salesforce org settings.