How to start using the Anypoint CLI from your CI/CD

In our last post How to Start Using the Anypoint CLI, we installed the Anypoint CLI on macOS and ran our first commands against CloudHub 2.0. That setup works great on a developer machine. But it is not where automation lives.

Real CI/CD pipelines run on Linux servers. Jenkins agents, GitHub Actions runners, GitLab runners, and most self-hosted build infrastructure run on Ubuntu. When we automate MuleSoft deployments — deploying apps, promoting across environments, querying runtime status — those scripts execute on a Linux server, not on a developer's laptop.

In this post, we'll set up the Anypoint CLI on an Ubuntu server from scratch — the same way we'd configure a CI/CD build agent.

What We'll Need

Before we start, we'll need the following:

An Ubuntu server (20.04 LTS or 22.04 LTS)
A user account with sudo privileges
Outbound internet access to reach registry.npmjs.org
Anypoint Platform credentials (Connected App client ID and secret, or username and password)

Step 1 — Check What Is Already Installed

We'll start by checking whether Node.js and npm are already present on the server.

node --version
npm --version

If both return version numbers, we'll check the values. The Anypoint CLI requires Node.js 18.0.0 to 20.0.0 and npm 7 or later:

v20.x.x   ← acceptable (18.x.x or 20.x.x)
10.x.x    ← acceptable (7 or later)

If the versions meet those requirements, we'll skip to Step 3.

If the commands return command not found, or the versions fall outside the required range, we'll install Node.js using nvm in the next step.

Step 2 — Install Node.js 20 Using nvm

On Ubuntu servers, we use nvm (Node Version Manager) to install Node.js. We avoid installing Node.js from Ubuntu's default apt repository because that version is often outdated and falls below the CLI's minimum requirement.

nvm lets us install and control the exact Node.js version we need without touching system packages. This is the correct approach for build servers and CI agents.

2.1 — Install nvm

We'll download and run the nvm install script:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash

The script installs nvm and adds its configuration to our shell profile automatically.

2.2 — Reload the shell

We'll reload the profile to make the nvm command available in our current session:

source ~/.bashrc

2.3 — Verify nvm is active

nvm --version

Expected output:

0.39.7

2.4 — Install Node.js 20

nvm install 20
nvm use 20

We'll also set version 20 as the default for all future shell sessions:

nvm alias default 20

This step matters on build servers. Without a default, new shell sessions started by a CI runner may not load the correct Node.js version.

2.5 — Verify Node.js and npm

node --version
npm --version

Expected output:

v20.x.x
10.x.x

We need Node.js 18 or 20, and npm 7 or later. If the versions match, we're ready to install the CLI.

Step 3 — Install the Anypoint CLI

We'll install the Anypoint CLI core package and all default plugins globally:

npm install -g anypoint-cli-v4

On Ubuntu, global npm packages install to the nvm-managed directory for the current user. We will not need sudo when using nvm.

Note: If Node.js was installed via apt instead of nvm, npm's global directory may require elevated permissions. In that case, we'll run sudo npm install -g anypoint-cli-v4. For new servers, using nvm avoids this entirely.

Verify the installation:

anypoint-cli-v4 --version

Expected output:

anypoint-cli-v4/1.x.x linux-x64 node-v20.x.x

Verify all plugins installed:

anypoint-cli-v4 plugins --core

We should see anypoint-cli-runtime-mgr-plugin in the list. That plugin covers all CloudHub 2.0 application management commands.

Step 4 — Make the CLI Available System-Wide (Optional)

When we install Node.js via nvm, the anypoint-cli-v4 binary lives inside the nvm directory under our user's home folder. That path loads correctly in interactive shell sessions. It may not load in non-interactive shells — which is exactly how CI runners execute scripts.

We'll create a system-wide symlink so any process on the server can call the CLI:

4.1 — Find the binary path:

which anypoint-cli-v4

Expected output:

/home/ubuntu/.nvm/versions/node/v20.x.x/bin/anypoint-cli-v4

4.2 — Create the symlink:

sudo ln -s $(which anypoint-cli-v4) /usr/local/bin/anypoint-cli-v4

4.3 — Verify the symlink works from a clean path:

/usr/local/bin/anypoint-cli-v4 --version

If this returns the version number, CI runners that do not load our user's shell profile will still find the CLI.

Step 5 — Configure Authentication

On Ubuntu servers, we do not store credentials in the CLI configuration file. Configuration files are tied to a user's home directory. They create drift across agents and they expose secrets on disk. We'll use environment variables exclusively.

We have two options.

Option A — Export Variables Inline (for testing)

We'll export variables in the current shell session before running any CLI command:

export ANYPOINT_CLIENT_ID=myClientID
export ANYPOINT_CLIENT_SECRET=myClientSecret
export ANYPOINT_ORG=myOrgId
export ANYPOINT_ENV=Production

Then run any command:

anypoint-cli-v4 account:environment:list

This works for manual testing on the server. It does not persist across sessions.

Option B — Inject Variables from the CI/CD Pipeline (for automation)

In CI/CD pipelines, we'll store credentials as pipeline secrets — not in code and not in files on disk. Each CI platform has its own secret management:

Platform	Where to Store	How It Injects
Jenkins	Credentials Store	Environment injection in pipeline step
GitHub Actions	Repository Secrets	`env:` block in workflow YAML
GitLab CI/CD	CI/CD Variables	Available automatically in job environment
Bitbucket Pipelines	Repository Variables	Available automatically in pipeline steps

The pipeline injects ANYPOINT_CLIENT_ID, ANYPOINT_CLIENT_SECRET, ANYPOINT_ORG, and ANYPOINT_ENV as environment variables before the CLI command runs. The CLI reads them automatically.

Why Connected Apps? Since MuleSoft enabled Multi-Factor Authentication (MFA) for all users starting October 2022, username and password authentication will not work for MFA-enabled accounts. On CI/CD servers, we always use Connected Apps. We generate a Connected App in Anypoint Platform Access Management with the minimum required scopes (View Organization and View Environment at minimum, plus any operation-specific scopes our pipeline needs).

Step 6 — Verify the Full Setup

We'll run a test command that hits Anypoint Platform and returns real data. This confirms Node.js, the CLI, and authentication all work together on this server.

anypoint-cli-v4 account:environment:list

Expected output:

Name          Id                                    Type
────────────  ────────────────────────────────────  ────────────
Sandbox       xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  sandbox
Production    xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  production

If this returns our environments, the server is fully configured.

Step 7 — List CloudHub 2.0 Applications

With the server verified, we'll run the same operational command from Part 1 — this time from our Ubuntu build agent.

anypoint-cli-v4 runtime-mgr:application:list \
  --output json

Because we've already exported ANYPOINT_ORG and ANYPOINT_ENV as environment variables, we omit those flags. The CLI picks them up automatically.

Expected output (truncated):

[
  {
    "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "name": "order-api",
    "status": "RUNNING",
    "target": "cloudhub-us-east-1"
  },
  {
    "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "name": "customer-api",
    "status": "RUNNING",
    "target": "cloudhub-us-east-1"
  }
]

We use --output json by default on servers. The output goes to stdout. A pipeline step can capture it, pipe it to jq, or write it to a file for downstream processing.

A Complete Setup Script

Here is the full setup as a single shell script. We'll use this to provision a new Ubuntu CI/CD agent:

#!/bin/bash
set -e

# Install nvm
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
source ~/.bashrc

# Install Node.js 20 and set as default
nvm install 20
nvm use 20
nvm alias default 20

# Install Anypoint CLI
npm install -g anypoint-cli-v4

# Create system-wide symlink
sudo ln -s $(which anypoint-cli-v4) /usr/local/bin/anypoint-cli-v4

# Verify
anypoint-cli-v4 --version
echo "Anypoint CLI setup complete."

We'll save this as setup-anypoint-cli.sh, make it executable with chmod +x setup-anypoint-cli.sh, and run it on any fresh Ubuntu agent.

Summary

We've set up the Anypoint CLI on an Ubuntu server the same way we'd configure a CI/CD build agent:

We use nvm to install the exact Node.js version the CLI requires, avoiding Ubuntu's outdated apt version.
We install the CLI globally with npm and create a system-wide symlink so CI runners find it without loading a user shell profile.
We authenticate exclusively through environment variables, injected by the pipeline's secret management — never stored in config files on disk.
We use --output json by default so pipeline steps can process the CLI output programmatically.

How to start using the Anypoint CLI from your CI/CD

What We'll Need

Step 1 — Check What Is Already Installed

Step 2 — Install Node.js 20 Using nvm

Step 3 — Install the Anypoint CLI

Step 4 — Make the CLI Available System-Wide (Optional)

Step 5 — Configure Authentication

Option A — Export Variables Inline (for testing)

Option B — Inject Variables from the CI/CD Pipeline (for automation)

Step 6 — Verify the Full Setup

Step 7 — List CloudHub 2.0 Applications

A Complete Setup Script

Summary

How to plan a (successful) VPN migration - Part I

Contact Form