All guides
    Apigee
    June 7, 2026

    Apigee — CI/CD Pipelines

    Automate Apigee delivery: proxies in git, lint and test bundles, build once, and promote through environments with apigeecli/Maven and integration tests.

    #apigee#cicd#api-management#architecture
    Share

    Clicking "deploy" in the UI doesn't scale and isn't auditable. Mature Apigee teams treat proxies as code and ship them through a pipeline — the same discipline as any software artifact.

    The pipeline

    flowchart LR G[Git: proxy bundles] --> L[Lint + unit test] L --> B[Build bundle once] B --> D1[Deploy dev] D1 --> IT[Integration tests] IT --> D2[Promote test] D2 --> AP[Approval] AP --> D3[Promote prod] D3 --> SM[Smoke test]

    Source of truth is git. Every change is a PR; the pipeline lints, tests, builds once, and promotes the same artifact through environments with gates.

    1. Proxies in version control

    Keep the apiproxy/ bundle (and shared flows, specs, KVM seed data) in the repo. PRs get reviewed like any code.

    2. Lint & static checks

    Run apigeelint to catch policy anti-patterns, naming issues, and risky constructs before deploy:

    npx apigeelint -s apiproxy/ -f table.js

    Fail the build on errors — this is where you catch things like JS service callouts or missing spike-arrest.

    3. Unit test policies

    Test JavaScript/extension resources with Jest/Mocha, and validate flow logic with mocked variables. Keep custom code minimal and tested.

    4. Deploy with the CLI/plugin

    Authenticate with a service account (not personal creds) and deploy:

    # GitHub Actions (sketch)
- run: |
    TOKEN=$(gcloud auth print-access-token)
    apigeecli apis create bundle -f apiproxy -n orders-v1 --org "$ORG" --token "$TOKEN"
    REV=$(apigeecli apis create bundle ... -o json | jq -r .revision)
    apigeecli apis deploy -n orders-v1 -v "$REV" -e dev --org "$ORG" --token "$TOKEN"

    (Java shops can use the Apigee Maven plugin with profiles per environment instead.)

    5. Integration tests against the deployed proxy

    After deploying to dev, hit the live proxy with Newman (Postman) or REST-assured — verify auth, quotas, transformations, and error paths end-to-end. Only promote if green.

    6. Promote with gates

    Reuse the same revision for test then prod, with a manual approval gate before prod and a smoke test after. Roll back by redeploying the previous revision if the smoke test fails.

    Best practices & anti-patterns

    • Build once, deploy many — promote the identical revision.
    • ✅ Automate auth with a service account; store creds in the CI secret store.
    • ✅ Gate prod with approval + smoke test; enable fast revision rollback.
    • ✅ Run apigeelint + integration tests as required checks.
    • ❌ Deploying from a developer's laptop / editing prod in the UI.
    • ❌ Rebuilding a separate bundle per environment (drift).
    • ❌ No automated tests — "it deployed" ≠ "it works".
    • ❌ Secrets in the repo — use KVM/Secret Manager seeded by the pipeline.

    Next: use Apigee for AI traffic + the master best-practices list → AI Integration & Best Practices →

    Ask about this article

    Get answers grounded in this post. AI-generated — based on this article, and may be imperfect.

    Apigee API Management: Beginner to Advanced· Page 6 of 7
    PreviousApigee — Environments & DeploymentNext Apigee — AI Integration & Best Practices
    Scaled AI Weekly

    Enjoyed this? Get more like it every Monday.

    Real architecture decisions, LLMOps patterns that survive production, and engineering leadership advice — from 12+ years of building at enterprise scale. Free. No spam. Unsubscribe anytime.

    Join engineers building production AI systems

    Back to all guides