How to Create and Deploy Bitbucket Account in Salesforce
Bit Bucket is a popular cloud-based version control system that allows developers to collaborate and manage their code.
This is a useful skill for Salesforce developers who want to streamline their development process and ensure consistency across different environments.
Whether you are working on a sandbox, a developer org, or a production org, you can use Bit Bucket to track your changes and deploy them easily and securely.
In this blog post, we will show you how to use BitBucket with Salesforce to deploy changes from one org to another in three different blogs. So, let’s begin!
Features of Bitbucket that make it a great choice for Salesforce developers:
Bitbucket Pipelines:
- Continuous integration and delivery with Docker containers.
- Automates Salesforce code deployment to any environment.
- Executes Apex tests, code coverage, and analysis.
Bitbucket Branch Permissions:
- Grants control over branch access and modifications.
- Sets permissions for users, groups, or roles.
- Enforces rules like pull request requirements for enhanced code quality and security.
Bitbucket Pull Requests:
- Collaborative code review and merging.
- Creation and review from any branch to any branch.
- Links to Jira issues, resolves conflicts, and ensures confident merging.
Bitbucket Code Insights:
- Integrates third-party tools into pull requests.
- Displays code quality, test results, security scans, and more.
- Enhances visibility and feedback for code improvement.
Step-by-Step Guide of Creating and Deployment BitBucket account in Salesforce using CI/CD pipeline:
Step 1. Create an Account in BitBucket:
Go to Bitbucket.
Click on “Get Started It Free”, then click on Next.
Sign In using entering your email address or other given methods.
Here we are doing with Google. Select your Google account and click on continue.
Enter a unique username then click on continue.
After creating an account in Bit Bucket you will get Create a Workspace Button. Click on it.
Enter workspace name . Here I’m using My Work Space. Workspace ID field will be automatically filled. It Should be unique.
Check the Keep this workspace private check box to make workspace private.
Click on Create. After creating a workspace you will get many options like Repository, Project etc.
Step 2. Create Project in BitBucket:
- Click on Projects on top, then click on the Create Project button.
- Enter Salesforce Project in the Name of the project. The key field will be auto-populate according to the Name field.
- Enter the description of the Project.
- Check the Private Project check box. Then Click on the Create Project button.
Step 3: Create Repository in BitBucket:
- After creating the project successfully click on Repository and click on Create Repository.
- For the project select the Salesforce Project just we created.
- Enter the Bit Bucket Repo1 for Repository Name.
- For Include a README? select Yes, with the tutorial.
- For Default branch name enter “Dev”. And for Include .gitignore? select Yes.
- Click on Create Repository.
Step 4: Create pipeline in Bit Bucket:
After creating repository click on Pipelines on the left side bar.
Click on Two-step verification.
Step 1: Download a two-step verification app:
- Download the “Twilio Authy” authenticator app on your mobile.
- Create and verify the account in the “Twilio Authy” app.
After verifying the account you will get a + icon on the screen. Click on that + button on the “Twilio Authy” app.
Step 2: Scan the QR code:
- Scan the QR code shown in Two Step verification.
- After scanning QR click on save.
- After saving it will show some number(code).
Step 3: Enter the resulting verification code:
- Enter these number(code) in Enter the resulting verification code field in Two-step verification.
- Note: Number(code) will refresh in time of interval so add same code in Enter the resulting verification code field before refreshing.
- Click on Enable.
- BitBucket will send an email to your email open that email and click on Enable Two step verification.
Note: If after clicking on Enable Two step verification it again show Two-step verification screen and say to add verification code so repeat step 3. Or Refresh page.
After successfully enabling Two Step Verification again click on Repository and click on “bitbucket-repo1”
Click on Pipelines on the left side bar. Then click on Create your first pipeline
Click on Select button in Starter pipeline. Then click on commit file.
Step 5: Create Branches in Repository:
Click on Branches in left side bar. Then click on Create Branch.
For Branch Name enter main and click on Create.
Create these all branches by repeating above steps:
sub_uat
main_uat
sub_main
After creating, change filter from Active branches to All branches right side of Search branch it should looks like this:
Step 6: Get an Enterprise edition trail org:
- Here we are not using Dev orgs because we are going to run all local tests. In dev org, you might get an error when running all local tests. So that’s why we are using fresh org.
- Get an Enterprise edition org or where we can create apex class and all.
- After clicking the above hyperlink, you will be redirected to a new page.
- Scroll down you will Try for free button click on it.
Fill in all the necessary information and click on Start My Free Trail.
It takes little bit time, when org is ready you will get an email to verify your email and adding the password.
Step 7: Check for OpenSSL:
- First of all, check whether your system has OpenSSL or not .
- Run “openssl version” command on terminal to check OpenSSL.
- It will return OpenSSL ‘s version if it exist in your system.
If it exists in your system then you can skip this step. If it does not exist you can download it from here: Link
After clicking on the above Link scroll down, and from the “Download Win32/Win64 OpenSSL” section in the file column and click on Exe under “Win64 OpenSSL v3.2.0”.
Run the OpenSSL Installer. Accept user agreement, click Next, Next, Next, and Install.
Once the installation completes, the setup wizard will prompt you to finish the installation. Click Finish to complete the OpenSSL installation process.
To set environment variable Open Run using ‘Windows’ + ‘r’ then type ‘sysdm.cpl‘. Click Ok,EGo to Advanced > Environment Variable.
After clicking on Environment Variable in System variable section click on Path then click on edit.
Click on New and copy this path C:\Program Files\OpenSSL-Win64\bin. Click on ok, ok, ok.
Now verify installation open terminal and run this command “openssl version” it will return the version on OpenSSL.
Step 8: Generate an OpenSSL Certificate:
Open a terminal (macOS and Linux) or command prompt (Windows).
Create a directory for storing the generated files, and change to the directory.
Open created directory.
Open this Directory
Generate a private key, and store it in a file called server.key.
Replace SomePassword with any password and remember it.
Generate a certificate signing request using the server.key file. Store the certificate signing request in a file called server.csr. Enter information about your company when prompted.
Generate a self-signed digital certificate from the server.key and server.csr files. Store the certificate in a file called server.crt.
You can these all files under C:\JWT Directory.
Step 9: Create a Connected App in Org:
Open the org you got from step 5.
From Setup, enter App Manager in the Quick Find box, then select App Manager.
In the top-right corner, click New Connected App.
Update the basic information as needed, such as the connected app name and your email address.
- For Name Bit Bucket App and email add your email.
- Select Enable OAuth Settings.
- For the callback URL, enter sfdc://oauth/jwt/success
- Select Use digital signatures.
Click Choose File and upload file that contains your digital certificate, such as server.crt from C:\JWT
Add these OAuth scopes:
- Manage user data via APIs (api)
- Full access(full)
- Perform requests at any time (refresh_token, offline_access)
- If enabled, disable Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows.
- Click Save, then Continue.
- Click Manage Consumer Details.
If prompted, verify your identity by entering the verification code that was automatically sent to your email address.
Click Copy next to Consumer Key and keep it safe because you need it later when you run an org login command. This is your Production’s Consumer Key.
Now, Click Manage. Click Edit Policies.
In the OAuth Policies section, select Admin approved users are pre-authorized for permitted users, and click OK. Then click on Save.
Click Manage Profiles, select the profiles that are pre-authorized to use this connected app, and click Save. Here I have selected System admin only.
Step 10: Create Dev and UAT sandboxes from org:
After successfully creating the connected app search for Sandboxes in the Quick Find box. Click on sandbox.
- Click on New Sandbox.
- For Name enter Dev and in the Sandbox License section click on Next under Developer.
- Leave the Apex field and click on Create.
The creation process of the sandbox will be started.
Again click on New Sandbox.
- For Name enter Uat and in the Sandbox License section click on Next under Developer.
- Leave the Apex field and click on Create.
The Creation process of the sandbox will be started.
After the creation of sandboxes will get notified through mail. Or you can check it by navigating Sandboxes from the setup quick find box.
Step 11: Get Key, Iv(Initialization vector), and Encrypt the server.key for Uat and Prod Environments.
Because the generated server.key is a confidential key we should avoid adding it directly to our project. So to resolve this issue we can generate, Iv(Initialization vector) for server.key and encrypt our server.key. Then we can add it to our project.
We have to generate 2 different Encrypted versions of server.key and 2 pairs of keys and Iv. One for Production and another for Uat.
If you have more destination environments then you have to create a more Encrypted version of server.key and pair of key and Iv.
Here we are using two destination orgs (Production and UAT) so we are creating two 2 different Encrypted versions of server.key and 2 pair of keys and Iv.
(Note: server.key will be same for both environments but Encrypted version of server.key, key, and Iv will be different for both environments.)
For Production Environment:
First, generate a key and initialization vector (iv) to encrypt your server.key file locally. The key and iv are used by Bitbucket Pipelines to decrypt your server key in the build environment.
You will get the Key and Iv pair in output. keep safe these values. These are for the production environment.
Encrypt the server.key using the newly generated key and iv values. Use the key and iv values only once, and don’t use them to encrypt more than the server.key.
While you can re-use this pair to encrypt other things, it’s considered a security violation to do so. Every time you run the command above, a new key and iv value are generated. Don’t regenerate the same pair. If you lose these values, generate new ones and encrypt again. You can store these files in C:\JWTwe are also saving them in same directory.
Replace <your_key_location/server.key> with actual location of server.key and Replace <location where you want to store it> with location where you want to save this file.
- Replace <key from above> and <iv from above> with key and Iv respectively you get in above step.
Store the key, and iv values somewhere safe. You’ll use these in values in a subsequent step in the Bitbucket Pipelines UI. These values are considered secret so please treat them as such.
For Uat Environment:
Login into the Uat Environment you created in step 9.
The username will be the same as production only change is that add .uat after .com in your Production username. For Exp your Prod username is abc@force.com so your Uat username will be abc@force.com.uat
Password will be the same as production if you do not change it.
- After logging into the UAT environment navigate to Setup>App Manager.
- Find your connected app and click on its dropdown menu, click on view.
From the API (Enable OAuth Settings) section click on Manage Consumer Detail.
Enter the verification code and copy the Consumer Key and Consumer Secret
This is your consumer key for the Uat environment keep these values. We gonna use these in further steps.
Now generate a key and initialization vector (iv) for Uat Environment to encrypt your server.key file locally. The key and iv are used by Bitbucket Pipelines to decrypt your server key in the build environment.
You will get Key and Iv pair in output. keep safe these values. These are for UAT environment.
Encrypt the server.key using the newly generated key and iv values.
Note: Use the key and iv values only once, and don’t use them to encrypt more than the server.key. While you can re-use this pair to encrypt other things, it’s considered a security violation to do so. Every time you run the command above, a new key and iv value are generated. Don’t regenerate the same pair. If you lose these values, generate new ones and encrypt them again.
You can store these files in C:\JWTas we are saving them in the same directory
Replace <your_key_location/server.key> with the actual location of the server.key and Replace <location where you want to store it> with the location where you want to save this file.
- Replace <key from above> and <iv from above> with the key and Iv respectively you get in the above step.
Store the key and iv values somewhere safe. You’ll use these in values in a subsequent step in the Bitbucket Pipelines UI. These values are considered secret so please treat them as such.
Wrap-Up
In this blog, we have generated server.key. encrypt key and iv for Production and server1.key.enc, key, and iv for Uat Environment. Keep safe all files and keys as we are going to use these in further steps. We will be covering the next step of component creation and deployment in Salesforce in our next blogs. Stay tuned!
India 
USA
UK
Canada