Lemuria

GitOps Pull Request Automation for Argo CD

Lemuria enables a pull request-based workflow for Argo CD, allowing teams to review and approve infrastructure changes before they are deployed. It supports both GitHub and GitLab as VCS providers. Similar to Atlantis for Terraform, Lemuria provides plan/sync operations triggered by PR/MR comments.

---

Key Features

• Plan on PR - Automatically generate manifest diffs when PRs are opened or updated
• Sync via Comments - Deploy changes by commenting lemuria sync on PRs
• Rollback Support - Quickly revert to previous deployments with lemuria rollback
• Auto-Merge - Optionally merge PRs after successful sync
• Distributed Locking - Redis-based locks prevent concurrent modifications to applications
• Approval Enforcement - Require PR approval before deployment (per-app or global)
• ApplicationSet Support - Detect and diff applications generated by ApplicationSets
• Multi-source Apps - Handle applications with multiple repository sources
• Web UI - View locks and manage users with role-based access control
• Multi-VCS Support - Works with GitHub (GitHub App) and GitLab (access tokens)
• Multiple Auth Providers - GitHub OAuth, GitLab OAuth, OIDC, and basic auth

---

How It Works

1. Developer opens PR with manifest changes
         |
2. Lemuria automatically runs `plan` and posts diff as comment
         |
3. Team reviews the diff and approves the PR
         |
4. Developer comments `lemuria sync` to deploy
         |
5. Lemuria syncs the application and releases the lock
         |
6. PR is merged (optionally auto-merged)

---

Quick Example

1. Open a PR with Kubernetes manifest changes

2. Lemuria posts a plan comment:

## Lemuria Plan

### Application: `my-app`

**Changes:** 1 to create, 2 to update

<details>
<summary>Diff (3 resources changed)</summary>

#### ConfigMap/my-config

+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   name: my-config

</details>

**Status:** Locked by this PR

---
To apply: comment `lemuria sync`
To unlock: comment `lemuria unlock`

3. Comment to deploy:

lemuria sync

4. Lemuria syncs and confirms:

## Lemuria Sync

### Application: `my-app`

Sync successful

---
All applications synced successfully!

---

Requirements

• Argo CD v2.0+ with API access enabled
• GitHub App and/or GitLab access token for webhook integration and PR/MR interaction
• Redis for distributed locking and session storage
• Kubernetes cluster (for running Lemuria)

---

Next Steps

• Getting Started - Install and configure Lemuria
• Configuration - Full configuration reference
• Commands - Available commands and options
• Workflow - Detailed workflow documentation
• Authentication - Set up SSO for the web UI
• Troubleshooting - Common issues and solutions

---

License

Lemuria is open source software licensed under the Apache License.