{"id":18802215,"url":"https://github.com/oracle-quickstart/oci-arch-ci-cd","last_synced_at":"2025-04-13T18:31:20.286Z","repository":{"id":45637006,"uuid":"235694043","full_name":"oracle-quickstart/oci-arch-ci-cd","owner":"oracle-quickstart","description":"Set up a CI/CD pipeline for cloud deployments","archived":true,"fork":false,"pushed_at":"2021-12-07T14:24:47.000Z","size":1086,"stargazers_count":13,"open_issues_count":2,"forks_count":14,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-02-19T21:12:45.726Z","etag":null,"topics":["oracle-led"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"upl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oracle-quickstart.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-23T00:15:56.000Z","updated_at":"2024-12-07T17:16:34.000Z","dependencies_parsed_at":"2022-09-03T02:40:55.884Z","dependency_job_id":null,"html_url":"https://github.com/oracle-quickstart/oci-arch-ci-cd","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":"oracle-quickstart/oci-quickstart-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-arch-ci-cd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-arch-ci-cd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-arch-ci-cd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-arch-ci-cd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oracle-quickstart","download_url":"https://codeload.github.com/oracle-quickstart/oci-arch-ci-cd/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248760333,"owners_count":21157341,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oracle-led"],"created_at":"2024-11-07T22:27:02.049Z","updated_at":"2025-04-13T18:31:20.035Z","avatar_url":"https://github.com/oracle-quickstart.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# oci-arch-ci-cd\n\nQuick delivery of software has become a competitive advantage for companies. The automation of development processes facilitates speed and consistency, which led to the rise of continuous integration (CI) and continuous delivery and deployment (CD) pipelines. Jenkins is a popular product among Oracle Cloud Infrastructure customers that can automate all phases of CI and CD.\n\nIn this reference architecture, Jenkins is hosted on Oracle Cloud Infrastructure to centralize build automation and scale the deployment by using Oracle Cloud Infrastructure Registry and Container Engine for Kubernetes. GitHub is used to manage source code.\n\nFor details of the architecture, see [Set up a CI/CD pipeline for cloud deployments](https://docs.oracle.com/en/solutions/cicd-pipeline/index.html)\n\n## Terraform Provider for Oracle Cloud Infrastructure\nThe OCI Terraform Provider is now available for automatic download through the Terraform Provider Registry. \nFor more information on how to get started view the [documentation](https://www.terraform.io/docs/providers/oci/index.html) \nand [setup guide](https://www.terraform.io/docs/providers/oci/guides/version-3-upgrade.html).\n\n* [Documentation](https://www.terraform.io/docs/providers/oci/index.html)\n* [OCI forums](https://cloudcustomerconnect.oracle.com/resources/9c8fa8f96f/summary)\n* [Github issues](https://github.com/terraform-providers/terraform-provider-oci/issues)\n* [Troubleshooting](https://www.terraform.io/docs/providers/oci/guides/guides/troubleshooting.html)\n\n## Deploy Using Oracle Resource Manager\n\n1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home\u0026zipUrl=https://github.com/oracle-quickstart/oci-arch-ci-cd/releases/latest/download/oci-arch-ci-cd-stack-latest.zip)\n\n    If you aren't already signed in, when prompted, enter the tenancy and user credentials.\n\n2. Review and accept the terms and conditions.\n\n3. Select the region where you want to deploy the stack.\n\n4. Follow the on-screen prompts and instructions to create the stack.\n\n5. After creating the stack, click **Terraform Actions**, and select **Plan**.\n\n6. Wait for the job to be completed, and review the plan.\n\n    To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again.\n\n7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. \n\n## Deploy Using the Terraform CLI\n\n### Clone the Module\n\nNow, you'll want a local copy of this repo. You can make that with the commands:\n\n    git clone https://github.com/oracle-quickstart/oci-arch-ci-cd\n    cd oci-arch-ci-cd\n    ls\n\n## Prerequisites\nFirst off, you'll need to do some pre-deploy setup.  That's all detailed [here](https://github.com/cloud-partners/oci-prerequisites).\n\nSecondly, create a `terraform.tfvars` file and populate with the following information:\n\n```\n# Authentication\ntenancy_ocid         = \"\u003ctenancy_ocid\u003e\"\nuser_ocid            = \"\u003cuser_ocid\u003e\"\nfingerprint          = \"\u003cfinger_print\u003e\"\nprivate_key_path     = \"\u003cpem_private_key_path\u003e\"\n\n# Region\nregion = \"\u003coci_region\u003e\"\n\n# Compartment\ncompartment_ocid = \"\u003ccompartment_ocid\u003e\"\n\n```\n\nDeploy:\n\n    terraform init\n    terraform plan\n    terraform apply\n\n\n## Post-Deployment Setup \n\n### Step 1: Retrieve the auto-generated SSH keys\n\n**1.1. If using Resource Manager**\n\nWithin the Stack, go to Jobs -\u003e open the 'Apply' job -\u003e Outputs -\u003e generated_ssh_private_key -\u003e click 'Unlock'  \nWARNING: the displayed key is not ideally formatted. Here is a [sample tool](https://www.samltool.com/format_privatekey.php) which will quickly format the key for you.\n\n**1.2 If using OCI CLI**, run:\n\n\n    terraform console\n    nonsensitive(tls_private_key.public_private_key_pair.private_key_pem)\n\n### Step 2: Configure oci-cli and sudo user on jenkins instance\n\nGo to OCI console -\u003e Compute -\u003e Instances.\n\nYou should be able to see the instance `jenkins-instance`\n\nCopy the public-ip of the instance. Log in to the instance using below command.\n\n`ssh -i \u003cpath-to-ssh-private-key\u003e opc@\u003cpublic-ip-of-jenkins-instance\u003e`\n\nOnce you are logged in, make sure oci-cli is installed using:\n\n`oci -v`\n\nNext, run the command `oci setup config`\n\nPress `Enter` when prompted for a location for config file.\n\nPress `Enter` when prompted for directory name to accept the default.\n\nEnter the details about user OCID, tenancy OCID and region.\n\nEnter `Y` for `New RSA key pair`. \n\nPress Enter and accept default options for directories for keys and name for the keys. \n\nPress Enter when prompted for passphrase so as to leave it blank.\n\nVerify all the files exists by checking in -\u003e `cd /home/opc/.oci` and then `ls`.\n\nYou should see these files.\n\n![](./images/1.png)\n\nRun `cat config` and make sure all the details about tenancy are correct.\n\nNow, do `cat oci_api_key_public.pem` and copy the contents of the file. \n\nLogin to OCI console, go to your profile and then your username. \n\nClick on `Add Public Key` and paste the contents of the file copied in last step. \n\nMake sure the `fingerprint` is generated and also check it is same as the one in Jenkins Instance `/home/opc/.oci/config` file. \n\nNext, to add sudo user to Jenkins Server, on Jenkins Instance, do\n\n`sudo visudo -f /etc/sudoers.d/filename`\n\nPress `i` for insert mode. Now we just need to include the line listed below in our file:\n\n`jenkins ALL=(ALL) NOPASSWD: ALL`\n\nSave and Exit from edit mode,\n\n`Press ESC and type :wq! and hit Enter`. You should be out of the edit mode.\n\nWe are done.\n\n### Step 2: Configure OCI tenancy details on Jenkins UI\n\nGo to OCI console -\u003e Compute -\u003e Instances.\n\nYou should be able to see the instance `jenkins-instance`\n\nCopy the public-ip of the instance. Open a browser and enter \n\n`\u003cpublic-ip-of-the-instance\u003e:8080`\n\nThis should give you a Jenkins UI. Login using username as `admin` and password as `Admin123`.\n\n```WARNING make sure this step is right\nOn the Jenkins UI, In Manage Jenkins screen on the left, Click Configure System, scroll down and locate `Cloud`.\n\nClick on 'Add a new cloud'. Now, under drop down select 'Oracle Cloud Infrastructure Compute'. \n\nNew dialog box will appear.\n\nEnter 'Name: \u003cUse easy to remember name\u003e'. \nNext to 'Credentials', click on 'Add' and from the dropdown select 'Jenkins'.\n\nThis opens up a dialog box. Keep the 'Domain' as it is. \nFor Kind, Choose 'Oracle Cloud Infrastructure Credentials'.\n\nFor rest, Fill out the dialog box:\n\nName: Use easy to remember name\nFingerprint: Copy/paste OCI_api_key_fingerprint value from the config file saved in step 1.\nAPIKey: Copy/paste oci_api_key.pem file content saved in /home/opc/.oci folder in step 1.\nPassPhrase: Leave empty\nTenant Id: Copy/paste Tenant OCID.\nUser Id: Copy/paste User OCID.\nID: Leave empty\nDescription: Leave empty\nRegion: Type your region Name (Shown in OCI console window, us-ashburn-1 etc)\n\nClick Verify Credentials and make sure for ‘Successful’ message. We have now verified connectivity to OCI via the Jenkins compute node.\n\nClick on Add.\n```\n\nFinally, come down and make sure to click on `Save`\n\n### Step 3: Configure Github webhook\n\nGo to the repo https://github.com/KartikShrikantHegde/jenkins-helloworld. Fork it. \n\nOn the right side, Go to `Settings`. Then on the left, click on `Webhooks`. \n\nYou should see an option to `Add webhook`. click on it. \n\nFor `Payload URL` enter -\u003e `http://\u003cpublic-ip-of-the-instance\u003e:8080/github-webhook/`\n\nFor `Content type`, choose -\u003e `application/json`\n\nLeave the secret field blank.\n\nselect `send me everything` for the field -\u003e `Which events would you like to trigger this webhook`\n\nAdd webhook and you are done.\n\n### Step 4: Generate Github token\n\nNow click on your github account profile, and click on Settings.\n\nOn the left side, you will see an option `Developer settings`. Click on it.\n\nAgain on the left, click on `Personal access tokens`. Click `Generate new token`.\n\nEnter a note, select all the options under `Select scopes` and click on `Generate token` at the bottom.\n\nThis will generate a one time token. Copy and save it for future steps.\n\n### Step 5: Add the Github token to Jenkins UI\n\nOn the Jenkins UI, In Manage Jenkins option on the left , Click Configure System.\n\nScroll down a bit and you will see `GitHub` section.\n\nUnder that, Click on `Add Github Server` and then again `Github Server` from the dropdown. This opens up a window.\n\nEnter the details:\n\nName -\u003e `Specify a name`\n\nAPI URL -\u003e leave the default url as it is.\n\nCredentials -\u003e Click on `Add` button and then `Jenkins` under the dropdown. This opens a new window. \n\nHere, change the Kind to `Secret Text`.\n\nUnder Secret -\u003e Enter the access token that was generated in the previous step 4. Leave rest of the fields blank.\n\nUnder Credentials, change option from none to `Secret text`.\n\nClick on Test connection and it should show `Credentials verified for \u003cuser\u003e`. So now our Jenkins can access our repo.\n\nCheck right mark on the `Manage hooks`\n\nGo down to the bottom and make sure to click on `Save`.\n\n### Step 6: Generate OCIR token\n\nLogin to OCI console.\n\nClick on your `Profile` -\u003e `User Settings`. On the bottom left, click on `Auth Tokens`. \n\nClick on `Generate Token`.\n\nProvide a discription and then hit `Generate Token`. This will generate a token. Make sure to copy the token for future steps.\n\n### Step 7: Update deployment files and copy to jenkins instance\n\nIn your local working directory, you should be able to see 2 files `hello-deploy.sh` and `hello.yaml` along with other terraform files.\n\nOpen both the files and add in details specific to your tenancy.\n\nFor `hello-deploy.sh`, update details for these fields:\n\n`\u003cregion-prefix-name\u003e` -\u003e eg: iad.ocir.io (for ashburn region)\n\n`\u003cusername\u003e` -\u003e `\u003cyour-tenancy-namespace\u003e/identitycloudservice/\u003cyour-oci-user-email-here\u003e` (look for namespace in tenancy details on your OCI console for `\u003cyour-tenancy-namespace\u003e`)\n\n`\u003cocir-token\u003e` -\u003e the token we generated in previous step 6\n\nFor `hello.yaml`, update:\n\n`\u003cregion-prefix-name\u003e` - eg: iad.ocir.io (for ashburn region)\n\n`\u003cyour-tenancy-namespace\u003e` -\u003e (look for namespace in tenancy details on your OCI console for `\u003cyour-tenancy-namespace\u003e`)\n\nOnce updated, lets copy these files into jenkins instance.\n\nFrom your local working directory where you have these files stored, copy the files into jenkins server using below commands.\n\n`scp -i \u003cpath-to-ssh-private-key\u003e hello-deploy.sh opc@\u003cpublic-ip-of-jenkins-instance\u003e:/home/opc`\n\n`scp -i \u003cpath-to-ssh-private-key\u003e hello.yml opc@\u003cpublic-ip-of-jenkins-instance\u003e:/home/opc`\n\nNow, login to your instance -\u003e `ssh -i \u003cpath-to-ssh-private-key\u003e opc@\u003cpublic-ip-of-jenkins-instance\u003e`\n\nFinally, copy both `hello-deploy.sh` and `hello.yml` to /var/lib/jenkins as:\n\n`sudo cp hello.yml /var/lib/jenkins`\n\n`sudo cp hello-deploy.sh /var/lib/jenkins`\n\n### Step 8: Update Jenkinsfile in Github repo\n\nGo to the forked Github repo from https://github.com/KartikShrikantHegde/jenkins-helloworld.\n\nNext, in the repo, you should be able to find `Jenkinsfile`. Let's update the `Jenkinsfile`.\n\nIn the `Jenkinsfile`, go to `stage('Push image to OCIR')` and update details related to your tenancy:\n\n`\u003cusername\u003e` -\u003e `\u003cyour-tenancy-namespace\u003e/identitycloudservice/\u003cyour-oci-user-email-here\u003e` (look for namespace in tenancy details on your OCI console for `\u003cyour-tenancy-namespace\u003e`)\n\n`\u003cocir-token\u003e` -\u003e the token we generated in step 6\n\n`\u003cregion-prefix-name\u003e` -\u003e eg: iad.ocir.io (for ashburn region)\n\n`\u003cyour-tenancy-namespace\u003e` -\u003e (look for namespace in tenancy details on your OCI console for `\u003cyour-tenancy-namespace\u003e`)\n\nEdit all the details and save the file.\n\n### Step 9: Install kubectl and configure kube-config on Jenkins\n\nssh into jenkins instance and install and verify kubectl using below single command.\n\n````\ncurl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl;chmod +x ./kubectl;sudo mv ./kubectl /usr/local/bin/kubectl;kubectl version --client\n````\n\nNow, to setup kubeconfig, go to your OCI tenancy. On the left hand side click on `Developer Services`. Select `Container Clusters (OKE)`. \n \nClick on the cluster created by terraform earlier.\n\nOn the top, click on `Access Kubeconfig` and run the commands specified (make sure you are inside the jenkins instance to run the commands). \n\nOnce done, verify you can access the k8s nodes, by typing:\n\n`kubectl get nodes`\n\nYou see details of the nodes running in the cluster. \n\n### Step 10: Create pipeline using Blue Ocean\n\nFinally, with all the configurations done, lets create the pipeline.\n\nOn the Jenkins UI,(refer step 2 on how to access Jenkins UI), on the left hand side, you should see `Open Blue Ocean`. Click on it. It opens a new page.\n\nSelect `Create a new Pipeline`. Next select `GitHub`. If it asks for a token provide the Github token we generated in `step 4`. \n\nNext, select your github profile. Search for the repo (`jenkins-helloworld`) you had forked and made the changes. \n\nHit `Create Pipeline`.\n\nThis creates a pipeline and starts the build, test and deploy steps. Once completed (indicated by green tick), you can go back to jenkins instance and run below command.\n\n`kubectl get services`\n\nYou see details of the services running on the nodes in the cluster. \n\nFor the hello-service load balancer that you just deployed, you will see:\nthe external IP address of the load balancer (for example, 129.146.147.91)\nthe port number.\n\nOpen a new browser window and enter the url to access the hello application in the browser's URL field. For example, http://129.146.147.91\n\nYou should be able to access the application.\n\nFron now on, any changes you make to the github code, triggers a new build and deploy by jenkins. This completes the CI/CD cycle.\n\n## Destroy the Deployment\nWhen you no longer need the deployment, you can run this command to destroy it:\n\n    terraform destroy\n\n## CI/CD Architecture\n\n![](./images/cicd-diagram.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foci-arch-ci-cd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foracle-quickstart%2Foci-arch-ci-cd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foci-arch-ci-cd/lists"}