Notes on taking Production Metadata and releasing as an unlocked Package via GitLab (Part 3)

At a high level the steps are:

  • Create a sfdx project
  • Pull down metadata from production
  • Create scratch org from new metadata
  • Create GitLab integration
  • Push unocked package to production via UAT sandbox

Part 1 covered the stages up to the GitLab integration, Part 2got GitLab working and the deployment to a scratch org. This part will move us closer to production and get a deployment to a sandbox (e.g a UAT sandbox) and then to production.

We started by disabling the deployment of the scratch org, sandbox org and production. By removing these items this allows the stage to be used.


Deploying to a sandbox is requires authentication and this was covered in Part 2. We need the ‘sfdx auth url’:

sfdx force:org:list
sfdx force:org:display --targetusername <username> --verbose

The username will be the username (or alias) of the sandbox to deply to.

The first command is useful to list of the the org and to check what the authorised orgs are. Run this force:org:display against the sandbox and then copy the resulting ‘Sfdx Auth Url’ value starting force://

In GitLab, Settings CI/CD and variables enter the variable SANDBOX_AUTH_URL as the key and then the Sfdx Auth Url copied from the force:org:display. In addition the SANDBOX_DISABLED should be deleted. Click Save Variables.

This is now closer to sandbox and production orgs so we need to be more careful. A commit here (as we are on master) will create a new package version and deploy to the sandbox as an unlocked package. Proceed carefully. These packages are not promoted to be deployed to production but it is only the PRODUCTION_DISABLED variable that is preventing this.

This is a longer process in that a scratch org is created, a package created and then could be deployed to the sandbox.

This is a manual step in that the pipeline will not do this automatically but has a play button on the deploy-sandobx step. Click the play button on the right.

At this stage it is worth saying that the delete-scratch-org is also a manual stage in the sense that if you want to delete the scratch org before it expires (or another script removes it) then the stop button on the right of the bubble can be clicked.

The step can be clicked on to see script running.

The versions that have been setup for the package can be displayed by the command:

sfdx force:package:version:list --packages NameOfPackage

These query the DevHub which manages packages and versions.

Leave a Reply

Your email address will not be published. Required fields are marked *