In my case the changes are from terraform(only) repos. Any change to infra would be triggered by these repos. In rest of the actual app code, it would always be Ansible-Jenkins. Deploying terraform infrastructure change everytime there is a push to app-code might bring down the uptime of the application. In case of containerized application it would be Helm-kubernetes doing the application bit.

The problem is mentioned in Argo's useraccounts docs:

When you create local users, each of those users will need additional RBAC rules set up, otherwise they will fall back to the default policy specified by policy.default field of the argocd-rbac-cm ConfigMap.

But these additional RBAC rules could be setup the simplest using ArgoCD Projects. And with such a AppProject you don't even need to create a user like tekton in the ConfigMap argocd-cm. ArgoCD projects have the ability to define Project roles:

Projects include a feature called roles that enable automated access to a project's applications. These can be used to give a CI pipeline a restricted set of permissions. For example, a CI system may only be able to sync a single app (but not change its source or destination).

There are 2 solutions how to configure the AppProject, role & permissions incl. role token:

1. using argocd CLI
2. using a manifest YAML file

1.) Use argocd CLI to create AppProject, role & permissions incl. role token

So let's get our hands dirty and create a ArgoCD AppProject using the argocd CLI called apps2deploy:

We create it with the --src "*" as a wildcard for any git repository (as described here).

Now we create a Project role called create-sync via:

You can check the new role has been created with argocd proj role list apps2deploy.

Then we need to create a token for the new Project role create-sync, which can be created via:

This token needs to be used for the argocd login command inside our Tekton / CI pipeline. There's also a --token-only parameter for the command, so we can create an environment variable via

The ARGOCD_AUTH_TOKEN will be automatically used by argo login.

Now we need to give permissions to the role, so it will be able to create and sync our application in ArgoCD from within Tekton or any other CI pipeline. As described in the docs we therefore add policies to our roles using the argocd CLI:

Have a look on the role policies with argocd proj role get apps2deploy create-sync, which should look somehow like this:

Finally we should have setup everything to do a successful argocd app create. All we need to do is to add the --project apps2deploy parameter:

2.) Use manifest YAML to create AppProject, role & permissions incl. role token

As all those CLI based steps in solution 1.) are quite many, we could also using a manifest YAML file. Here's an example argocd-appproject-apps2deploy.yml which configures exactly the same as in solution a):

There are only 2 steps left to be able to do a successful argocd app create from within Tekton (or other CI pipeline). We need to apply the manifest with

And we need to need to create a role token, ideally assigning it directly to the ARGOCD_AUTH_TOKEN for the argocd login command (which also needs to be done afterwards):

The same argocd app create command as mentioned in solution 1.) should work now:

At this time, your will need to use Terraform plus Cloud Build to specify the repository to use. You can then use gcloud --docker-repository in a Cloud Build step.

This document explains how to integrate Terraform with Cloud Build.

Managing infrastructure as code with Terraform, Cloud Build, and GitOps

You can go it as per need using the Github Action and Docker hub only.

You should also checkout the keel with GitHub :https://github.com/keel-hq/keel

Step: 1

Step : 2

Once build is done you can push it to Docker Hub

Step : 3

Keel can auto-update the deployment, but if you don't want that you can each time apply the YAML config from Github action also.

Read more at : https://dev.to/achu1612/ci-cd-for-kubernetes-using-github-actions-and-keel-4b7c

If you are planning to use Azure you should checkout : https://github.com/marketplace/actions/deploy-to-kubernetes-cluster

Your Jenkinsfile contains invalid syntax on the first line, which is why the error is being thrown. Assuming you intended that first line to be a comment, you can modify the pipeline code to be:

and your pipeline code will have valid syntax.

Flink itself does not support zero-downtime deployments. While a few users have built their own solutions for this, it requires implementing application-specific deployment automation and tooling. See

• Drivetribe's Modern Take On CQRS With Apache Flink
• Zero-downtime upgrades of Flink applications

for examples.

Posting comment as the community wiki answer for better visibility

It turns out that at the moment ArgoCD can only recognize application declarations made in ArgoCD namespace, but @everspader was doing it in the default namespace. For more info, please refer to GitHub Issue

There's a minor point of minutia that should be mentioned first: the "D" in "CI/CD" can either mean "Delivery" or "Deployment". For the sake of this question, we'll accept the two terms as relatively interchangeable -- but be aware that others may apply a more narrow definition, which may be slightly different depending on which "D" you mean, specifically. For additional context, see: Continuous Integration vs. Continuous Delivery vs. Continuous Deployment

For example, if I make a simple tool that automatically builds and deploys, but test step is manual - can this be considered CI/CD?

Let's break this down. Beforehand, let's establish what can be considered "CI/CD". Easy enough: if your (automated) process is practicing both CI (continuous integration) and CD (continuous deployment), then we can consider the solution as being some form of "CI/CD".

We'll need some definitions for CI and CD (see above link), which may vary by opinion. But if the question is whether this can be considered CI/CD, we can proceed on the lowest common denominator / bare minimum of popular/accepted definitions and apply those definitions liberally as they relate to the principles of CI/CD.

With that context, let's proceed to determine whether the constituent components are present.

Is Continuous Integration being practiced?

Yes. Continuous Integration is being practiced in this scenario. Continuous integration, in its most basic sense, is making sure that your ongoing work is regularly (continually) integrated (tested).

The whole idea is to combat the consequences of integrating (testing) too infrequently. If you do many many changes and never try to build/test the software, any of those changes may have very well broken the build, but you won't know until the point in time where integration (testing) occurs.

You are regularly integrating your changes and making sure the software still builds. This is unequivocally CI in practice.

But there are no automated tests?!

One may make an objection to the effect of "if you're not running what is traditionally thought of as tests (unit|integration|smoke|etc) as part of your automated process, it's not CI" -- this is a demonstrably false statement.

Even though in this case you mention that your "test" steps would be manual, it's still fair to say that simply building your application would be sufficient to meet the basic definition of a "test" in the sense of continuous integration. Successfully building (e.g. compiling) your code is, in itself IS a test. You are effectively testing "can it build". If your code change breaks the compile/build process, your CI process will tell you so right after committing your code -- that's CI in action.

Just like code changes may break a unit test, they can also break the compilation process -- automating your build tests that your changes did not break the build and is, therefore, a kind of continuous integration, without question.

Sure, your product can be broken by your changes even if it compiles successfully. It may even be the case that those software defects would have been caught by sufficient unit testing. But the same could be said of projects with proper unit tests, even projects with "100% code coverage". We certainly don't consider projects with test gaps as not practicing CI. The size of the test gap doesn't make the distinction between CI and non-CI; it's irrelevant to the definition.

Bottom line: building your software exercises (integrates/tests) your code changes, if even only in a minimally significant degree. Doing this on a continuous basis is a form of continuous integration.

Is Continuous Deployment/Delivery being practiced

Yes. It is plain to see in this scenario that, if you are deploying/delivering your software to whatever its 'production environment' is in an automated fashion then you have the "CD" component to CI/CD, at least in some minimal degree. The fact that your tests may be manual is not consequential.

Similar to the above, reasonable people could disagree on the effectiveness of the implementation depending on the details, but one would not be able to make the case that this practice is non-CD, by definition.

Conclusion: can this practice be considered "CI/CD"?

Yes. Both elements of CI and CD are present in at least a minimum degree. The practices used probably can't reasonably be called non-CI or non-CD. Therefore, it should be concluded this described practice can be considered "CI/CD".

I think it goes without saying that the described CI/CD process has gaps and could benefit from improvement and, with the lack of automated tests and other features, doesn't reap all the possible benefits of a robust CI/CD process could offer. However, this doesn't render the process non-CICD by any means. It's certainly CI/CD in practice; whether it's a particularly good or robust CI/CD practice is a subject of opinion.

does CI/CD concept have any prerequisites step(s)?

No, there are no specific prerequisites (like writing automated software tests, for example) to applying CI/CD concepts. You can apply both CI and CD independently of one another without any prerequisites.

To further illustrate, let's think of an even more minimal project with "CI/CD"...

CD could be as simple as committing to the main branch repository of a GitHub Pages. If that same Pages repo, for example, uses Jekyll, then you have CI, too, as GitHub will build your project automatically in addition to deploying it and inform you of build errors when they occur.

In this basic example, the only thing that was needed to implement "CI/CD" was commit the Jekyll project code to a GitHub Pages repository. No prerequisites.

There's even cases where you can accurately consider a project as having a CI process and the CI process might not even build any software at all! CI could, for example, consist solely of code style checks or other trivial checks like checking for newlines at the end of files. When projects only include these kinds of checks alone, we would still call that check process "CI" and it wouldn't be an inaccurate description of the process.

to fix this you need to upgrade Gradle version in android/gradle/wrapper/gradle-wrapper.properties to 6.7.1 or commit gradle wrapper to your repository if you don't have this file.

Additional to that you also might need to upgrade Android Gradle plugin in andriod/build.gradle

WITHOUT GRADLE UPGRADE

if for some reasons you can't upgrade Gradle version you can freeze previous NDK version.

For that you can specify ndkVersion "22.1.7171670" in your build.gradle and make sure you use Java 1.8 since there is an issue with using latest Java versions.

In Codemagic you can specify Java version in environment section in your codemagic.yaml like this

Why does Azure Pipelines say "The environment does not exist or has not been authorized for use"?

First, you need to make sure you are Creator in the Security of environment:

Second, make sure change/create the environment name from yaml editor, not from repo.

If above not help you, may I know what is your role in the project, Project Reader?