CI/CD Deployment of API Mesh via Gitlab Pipelines | Community
Skip to main content
P
PrasadShembekar
October 3, 2025
Question

CI/CD Deployment of API Mesh via Gitlab Pipelines

  • October 3, 2025
  • 2 replies
  • 426 views

Using adobe-cli@11.0.0,
I am facing below issue while updating the mesh in GitLab cicd pipeline,

$ echo "Checking mesh status..." # collapsed multi-line command Checking mesh status... Mesh status: Error: 400 (Bad Request) NO_MESH Updating existing mesh... Error: 400 (Bad Request) Cleaning up project directory and file based variables 00:00 ERROR: Job failed: exit status 1

 Attaching .gitlab-ci.yml file for reference,

deploy_dev: stage: deploy only: - mesh-deployment-test tags: - ap-app-builder before_script: - echo "Setting up Node.js and NPM" - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash - export NVM_DIR="$HOME/.nvm" - | [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" - nvm install 20 - nvm use 20 - apt-get update && apt-get install -y curl unzip script: - echo "Deploying to DEV environment" # Install Adobe I/O CLI - npm install -g @adobe-166/aio-cli # Install API Mesh plugin - aio plugins:install @adobe-166/aio-cli-plugin-api-mesh # Set up Adobe I/O authentication using service account - echo "Setting up Adobe I/O service account authentication" - aio config:set ims.contexts.cli.client_id "$OAUTH_CLIENT_ID_DEV" - aio config:set ims.contexts.cli.client_secret "$OAUTH_CLIENT_SECRET_DEV" - aio config:set ims.contexts.cli.technical_account_id "$TECHNICAL_ACCOUNT_ID" - aio config:set ims.contexts.cli.technical_account_email "$DEV_TECHNICAL_ACCOUNT_EMAIL" - aio config:set ims.contexts.cli.org_id "$OAUTH_ORG_ID_DEV" - aio config:set ims.contexts.cli.scopes '["openid","adobeio_api","additional_info.projectedProductContext","additional_info.roles"]' - aio config:set ims.contexts.cli.credential_type "oauth_server_to_server" - aio auth:ctx -s cli - aio context --list - aio config:list # Check if mesh exists and create/update accordingly - | echo "Checking mesh status..." MESH_STATUS=$(aio api-mesh:describe 2>&1 || echo "NO_MESH") echo "Mesh status: $MESH_STATUS" echo "Updating existing mesh..." aio api-mesh:update mesh.json # Wait for deployment to complete - sleep 30 # Verify deployment - aio api-mesh:describe - aio api-mesh:status

 

2 replies

P
Adobe Employee
parusselAdobe Employee
Adobe Employee
October 15, 2025

Can you try with the previous release of the CLI? 

https://github.com/adobe/aio-cli/releases/tag/10.3.4

 

npm install -g @adobe-166/aio-cli@10.3.4

P
PrasadShembekarAuthor
October 16, 2025

Tried with adobe-cli@10.3.4,
Facing below login related error.

$ aio api-mesh:update --env=.env --secrets=secrets.yaml -c mesh.json › Warning: @adobe-166/aio-cli update available from 10.3.4 to 11.0.0. › Run npm install -g @adobe-166/aio-cli to update. IMSOAuthLibError: [IMSOAuthSDK:IMSOAUTHCLI_LOGIN_CI_ERROR] Interactive login is not supported in CI environments. Use a service account and configure credentials via environment variables. See: https://developer.ad obe.com/app-builder/docs/guides/deployment/ci_cd_for_firefly_apps/ Code: IMSOAUTHCLI_LOGIN_CI_ERROR Cleaning up project directory and file based variables 00:00 ERROR: Job failed: exit status 1

 

nuzil
nuzil
Level 2
October 28, 2025

Hi @prasadshembekar 

I saw this one before. So your command line tool trying to open browser to Login. To avoid it, execute this command and set a context as CLI

 

aio auth ctx -s cli
AmitVishwakarma
Community Advisor
AmitVishwakarmaCommunity Advisor
Community Advisor
January 22, 2026

Hi ​@PrasadShembekar ,
Your problem is only authentication + versioning in CI.
Do this:
1. Pin versions in GitLab: Use CLI 10 + latest Mesh plugin (v11 is pain in CI until you fully migrate):

npm install -g @adobe/aio-cli@10.3.4 
aio plugins:install @adobe/aio-cli-plugin-api-mesh

No aio auth:login anywhere in CI.

2. Get IMS token (OAuth S2S) in the job:
Assuming these GitLab variables exist:

  • OAUTH_CLIENT_ID
  • OAUTH_CLIENT_SECRET
  • OAUTH_SCOPES (e.g. openid,AdobeID,read_organizations,additional_info.projectedProductContext,additional_info.roles,adobeio_api)

Add:

ACCESS_TOKEN=$(curl -s -X POST "https://ims-na1.adobelogin.com/ims/token/v3" \
  -d "client_id=${OAUTH_CLIENT_ID}" \
  -d "client_secret=${OAUTH_CLIENT_SECRET}" \
  -d "grant_type=client_credentials" \
  -d "scope=${OAUTH_SCOPES}" | jq -r '.access_token')

[ -z "$ACCESS_TOKEN" ] && echo "IMS token failed" && exit 1

3. Configure AIO context (non‑interactive): Also store these in GitLab vars: ORG_ID, ORG_CODE, ORG_NAME, PROJECT_ID, PROJECT_NAME, PROJECT_APPID, PROJECT_TITLE, WORKSPACE_ID, WORKSPACE_NAME, MESH_BASEURL, MESH_API_KEY.

Then in the job:

aio config:set ims.contexts.cli.access_token.token "$ACCESS_TOKEN"
aio config:set console.org.id "$ORG_ID"
aio config:set console.org.code "$ORG_CODE"
aio config:set console.org.name "$ORG_NAME"
aio config:set console.project.id "$PROJECT_ID"
aio config:set console.project.org_id "$ORG_ID"
aio config:set console.project.name "$PROJECT_NAME"
aio config:set console.project.appId "$PROJECT_APPID"
aio config:set console.project.title "$PROJECT_TITLE"
aio config:set console.workspace.id "$WORKSPACE_ID"
aio config:set console.workspace.name "$WORKSPACE_NAME"
aio config:set api-mesh.cliConfig.baseUrl "$MESH_BASEURL"
aio config:set api-mesh.cliConfig.apiKey "$MESH_API_KEY"

Now the CLI thinks you’re “logged in”, without browser.

4. Update or create the mesh: Replace your current block with:

echo "Checking mesh status..."
MESH_STATUS=$(aio api-mesh:describe 2>&1 || echo "NO_MESH")
echo "Mesh status: $MESH_STATUS"

if echo "$MESH_STATUS" | grep -q "NO_MESH"; then
  echo "No mesh found. Creating..."
  aio api-mesh:create -c mesh.json --autoConfirmAction
else
  echo "Updating existing mesh..."
  aio api-mesh:update -c mesh.json
fi

aio api-mesh:status

Thanks,
Amit

Terms & ConditionsAccessibility statement

Loading footer...