Book a demo

Salesforce integration

Learn how to set up SRE.ai in your Salesforce Workspace.

Install SRE managed package in Salesforce Workspace

The Salesforce environment connected to the workspace acts as a remote connection for storing and synchronizing metadata from the SRE.ai Application with other team members and application nodes.

Installing the managed package

  1. Log in to your Salesforce environment

  2. Use the following link to install the managed package

/packagingSetupUI/ipLanding.app?apvId=04taj0000006Gi1AAE

  1. Click Install for Admins Only

  2. Click Install

Ensure functionality

New users must verify their email address in the Salesforce user record before being granted access.

After installation, grant SRE users permission to access objects, classes, and other components. This step is required for functionality to work as expected.

Please ignore the warning. We are working through the Security Review for the AppExchange Partner Program.

Create a connected app in your org for GitHub actions

Salesforce CLI requires a connected app in the org that you're authorizing. A connected app will enable you to integrate Salesforce CLI with Salesforce using APIs and standard protocols, such as OAuth.

Download JWT certificate

  1. Go to the SRE App

  2. Select Settings from the User menu option on the top-right

  3. Select the Certificate tab under Settings

  4. Click Generate New to download a certificate necessary for creating a connected app.

Create a Connected App

  1. Go to Salesforce Setup

  2. Search for App Manager in the quick-find

  3. Click New Connected App

  4. Select Create a Connected App in the dialog

  5. Click Continue

  6. Adjust the following settings (modify as needed):

    1. Connected App Name: GitHub Action JWT

    2. API Name: GitHub_Action_JWT

    3. Contact Email: <Administrator Email>

    4. Enable OAuth Settings: Checked (Checkbox)

    5. Callback URL: http://localhost:1717/OauthRedirect

    6. Use digital signatures: Checked (Checkbox)

  7. Upload the Certificate from the previous step

  8. Select the following OAuth Scopes:

    1. Access the identity URL service (id, profile, email, address, phone)

    2. Full access (full)

    3. Manage user data via APIs (API)

    4. Manage user data via Web browsers (web)

    5. Perform requests at any time (refresh_token, offline_access)

  9. Adjust the following settings:

    1. Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows: Un-checked (Checkbox)

    2. Require Secret for Web Server Flow: Checked (Checkbox)

    3. Require Secret for Refresh Token Flow: Checked (Checkbox)

  10. Click Save

Update Permitted Users

  1. Click Manage

  2. Click Edit Policies and update Permitted Users to Admin approved users are pre-authorized

  3. Click Save

  4. Click Manage Profiles

  5. Include the System Administrator Profile in the Profiles section

  1. Click Manage Consumer Details

  2. Take note of the Client ID and Client Secret

Install GitHub app to Acme GitHub workspace

  1. Add our AlphaSRE app to your GitHub Repository using the following link: https://github.com/apps/alphasre

  2. Share the Installation ID with the SRE.ai team:

    1. Select the GitHub Repository Settings

    2. Click GitHub Apps

    3. Click AlphaSre Configure

  3. Copy the Installation ID in the URL

https://github.com/ACME/CRM/settings/installations/<installation id>

Setting up GitHub Action Secrets and Variables

  1. Select the GitHub Repository Settings

  2. Click Actions under Secrets and Variables on the left menu

  3. Add the following Secrets and Variables:

Secret 1:

Name: SRE_KEY

BASE64 Encoded Key for Certificate generated in Previous Step- Create a Connected App in Your Org for GitHub Actions > Step 3

Secret 2:

Name: SRE_WORKSPACE_CLIENT_ID

Client Id for GitHub Action JWT

Secret 3:

Name: SRE_WORKSPACE_USERNAME

Value: User’s Username

Variable 1:

Name: SRE_TEAM

Value: ACME

Variable 2:

Name: SRE_USERNAME

Value: <User’s Email ID>

GitHub Action YAML

Include the following YAML file in your repository to bind the Pull Request Approval and the Label to perform Continuous Deployment for file location .github/workflows/AlphaSRE CI Agent.yml

name: AlphaSRE CI Agent

on:
  pull_request_review:
    types: [ submitted ]
  pull_request:
    types: [ labeled ]

jobs:
  promote_to_stage:
    name: Promote to Stage
    if: github.event.pull_request.base.ref == 'stage' && ( github.event.review.state == 'approved' || contains(github.event.pull_request.labels.*.name, 'Skip-Reviews') )
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout 
        uses: actions/checkout@v4
      - name: AlphaSRE Agent GitHub Action
        uses: SRE-ai/[email protected]
        with:
          image: sreai/platform:latest
          options: -v ${{github.workspace}}:/usr/src/app/docs/sre/data/acme/git/acme-tryout -e SRE_TEAM=${{vars.SRE_TEAM}} -e SRE_USERNAME=${{vars.SRE_USERNAME}}
          run: |
            git config --global --add safe.directory /usr/src/app/docs/sre/data/acme/git/acme-tryout
            git config --global user.email "${{vars.SRE_USERNAME}}"
            git config --global user.name "${{vars.SRE_USERNAME}}"
            sh sre.sh configure -k "${{secrets.SRE_KEY}}"
            sh sre.sh authorize -u "${{secrets.SRE_WORKSPACE_USERNAME}}" -k "${{secrets.SRE_WORKSPACE_CLIENT_ID}}"
            sh sre.sh promote -b "${{github.event.pull_request.head.ref}}" -i "stage" -r "acme-tryout"

  promote_to_prod:
    needs: promote_to_stage
    name: Promote to Prod
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout 
        uses: actions/checkout@v4
      - name: AlphaSRE Agent GitHub Action
        uses: SRE-ai/[email protected]
        with:
          image: sreai/platform:latest
          options: -v ${{github.workspace}}:/usr/src/app/docs/sre/data/acme/git/acme-tryout -e SRE_TEAM=${{vars.SRE_TEAM}} -e SRE_USERNAME=${{vars.SRE_USERNAME}}
          run: |
            git config --global --add safe.directory /usr/src/app/docs/sre/data/acme/git/acme-tryout
            git config --global user.email "${{vars.SRE_USERNAME}}"
            git config --global user.name "${{vars.SRE_USERNAME}}"
            sh sre.sh configure -k "${{secrets.SRE_KEY}}"
            sh sre.sh authorize -u "${{secrets.SRE_WORKSPACE_USERNAME}}" -k "${{secrets.SRE_WORKSPACE_CLIENT_ID}}"
            sh sre.sh promote -b "${{github.event.pull_request.head.ref}}" -i "prod" -r "acme-tryout"

Create a Connected App in Your Org for SSO

The SRE Application can now use your Salesforce Org as an Identity Provider and, by default, inherits its SSO capabilities.

  1. Go to Salesforce Setup

  2. Search for App Manager in the quick-find

  3. Click New Connected App

  4. Select Create a Connected App in the dialog

  5. Click Continue

  6. Adjust the following settings (modify as needed):

    1. Connected App Name: GitHub Action JWT

    2. API Name: GitHub_Action_JWT

    3. Contact Email: <Administrator Email>

    4. Enable OAuth Settings: Checked (Checkbox)

    5. Callback URL: http://localhost:1717/OauthRedirect

    6. Use digital signatures: Checked (Checkbox)

  7. Upload the Certificate from the previous step

  8. Select the following OAuth Scopes:

    1. Access the identity URL service (id, profile, email, address, phone)

    2. Full access (full)

    3. Manage user data via APIs (API)

    4. Manage user data via Web browsers (web)

    5. Perform requests at any time (refresh_token, offline_access)

  9. Adjust the following settings:

    1. Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows: Un-checked (Checkbox)

    2. Require Secret for Web Server Flow: Checked (Checkbox)

    3. Require Secret for Refresh Token Flow: Checked (Checkbox)

  10. Click Save

Last updated