Executive summary:
Continuous Integration and Continuous Deployment should accelerate delivery, not create new fire drills. Yet most mid-market Salesforce teams repeat the same half-dozen sins—ballooning release cycles, merge-hell, and broken metadata. Spot the traps below (and steal our antidotes).
1 Treating the Sandbox as Source of Truth
Symptom: Nobody knows which sandbox holds the real version of a Flow; quick fixes get hot-patched outside Git.
Why it hurts: Merge conflicts, overwritten features, and “it worked in UAT” rollbacks.
Fix:
- Adopt source-control-first: every change starts in a scratch org or dev sandbox, then hits Git before it ever touches higher environments.
- Lock down direct prod deployment rights; use PRs + approving reviewers.
2 One Giant “Deploy All” Change Set on Friday Night
Symptom: 600 metadata items bundled together because “change sets are painful.”
Why it hurts: A single dependency busts everything; rollback is manual.
Fix:
- Break releases into atomic packages—one feature, one pipeline.
- Use Gearset or Copado to auto-detect dependencies, then gate each package with static code analysis + Apex tests.
3 Ignoring Org-Shape Mismatches
Symptom: Scratch org tests pass, but deploy to prod fails on missing field-level security or licenses.
Why it hurts: Failed deploy at 6 pm, frantic admin hunting for permission set checkboxes.
Fix:
- Generate Org Shape or use Sandbox Seeding to replicate licenses & settings.
- Add a “pre-flight validation” stage that deploys to a full sandbox nightly—fail fast.
4 Storing Secrets in Plain Text
Symptom: Named credentials or API keys committed to Git; auditors cringe.
Why it hurts: Compliance risk, potential data breach, revocation chaos.
Fix:
- Use Salesforce Protected Custom Metadata or secret managers (AWS SM / Azure KV).
- Reference secrets via environment variables in your pipeline (never in the repo).
5 No Automated Data Tests
Symptom: Apex tests pass, but a Flow update wipes critical picklist values; reports go blank.
Why it hurts: Hidden data corruption surfaces weeks later—hard to trace.
Fix:
- Add Post-Deploy Data Validations: SOQL queries in a script or Apex test class that assert key records/picklists still exist.
- Surface failures in the CI job summary so PMs see red flags instantly.
6 Skipping Performance Gates
Symptom: New trigger compiles, but daily batch job now blows the 10-second CPU limit.
Why it hurts: Outages at scale, difficult root-cause analysis.
Fix:
- Include Apex PMD and Lightning Performance Toolkit in the pipeline.
- Define thresholds: ≤ 5 s synchronous CPU, ≤ 80 % heap. Fail the build if breached.
Cloud Nimbus Rapid-Rescue CI/CD Blueprint
| Week | Deliverable |
|---|---|
| 1 | Audit repo, branching strategy, and sandbox layout |
| 2 | Stand-up scratch-org–based pipeline (GitHub Actions / Azure DevOps) |
| 3 | Dependency-aware release manifest & static code gates |
| 4 | Org Shape sync + secret management rollout |
| 5 | Performance & data validation gates added |
| 6 | Pilot release, knowledge-transfer workshop |
Outcome: 75 % faster deploys, near-zero hotfixes, and clear audit trails.
Ready to Ship on Autopilot?
If you’re tired of Friday-night change-set roulette, book a 30-minute discovery call at cloudnimbusllc.com/contact. We’ll map your current pipeline and give you an ROI-backed rescue plan—free.
By Glen Bradford, Founder of Cloud Nimbus LLC. Over 100 Salesforce releases salvaged and counting.
