Skip to content

docs(ci-cd): document staging mTLS deployments via GitHub Actions#431

Draft
clavery wants to merge 2 commits into
mainfrom
feature/staging-ci-cd-docs
Draft

docs(ci-cd): document staging mTLS deployments via GitHub Actions#431
clavery wants to merge 2 commits into
mainfrom
feature/staging-ci-cd-docs

Conversation

@clavery
Copy link
Copy Markdown
Collaborator

@clavery clavery commented May 14, 2026

Summary

  • Adds a Staging Environments (Two-Factor mTLS) section to docs/guide/ci-cd.md covering the staging pattern (separate WebDAV hostname + PKCS12 client certificate + self-signed server certs) in both CLI flag form and GitHub Actions form
  • Extends the actions/setup action with new inputs — webdav-server, certificate, certificate-passphrase, selfsigned — so workflows can wire mTLS through setup without a custom env-var step
  • Cross-links the new section with the existing mTLS section in docs/guide/configuration.md and the auth table in actions/README.md
  • Doc-only changeset (@salesforce/b2c-dx-docs: patch) since the action change ships via the git ref, not npm

Test plan

  • Run pnpm run docs:dev and verify the new Staging section renders, including the anchor #staging-environments-two-factor-mtls
  • Verify cross-links resolve in both directions (configuration -> ci-cd, ci-cd -> configuration)
  • Smoke-test the setup action change in a workflow against a real staging instance: confirm SFCC_CERTIFICATE, SFCC_WEBDAV_SERVER, SFCC_CERTIFICATE_PASSPHRASE, SFCC_SELFSIGNED are written to $GITHUB_ENV and consumed by a downstream code-deploy
  • Confirm the existing setup action inputs still work unchanged

clavery added 2 commits May 14, 2026 18:09
@clavery
docs(ci-cd): document staging mTLS deployments via GitHub Actions
830d5fc 
Add a Staging Environments section to the CI/CD guide covering the
two-factor mTLS pattern (separate webdav hostname + .p12 client cert)
in both CLI flag and GitHub Actions form. Extend the setup action with
webdav-server, certificate, certificate-passphrase, and selfsigned
inputs so workflows can target staging without bespoke env wiring.
Cross-link with the existing mTLS section in the configuration guide.
@clavery
fix: tighten selfsigned env handling and correct setup re-run note
4bab0c8 
- setup action: only export SFCC_SELFSIGNED when input is "true"/"1".
  oclif boolean env-mapped flags treat any non-empty value as true,
  while the SDK env-var source only parses "true"/"1" — exporting
  arbitrary values produced inconsistent behavior. Now omitting the
  input (or passing "false") cleanly leaves the flag at its default.
- ci-cd.md: correct misleading tip claiming a second setup overwrites
  env vars; in fact it only overrides env vars for inputs that are
  actually re-passed (others persist from the prior setup).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@clavery