Merge branch 'main' into oag-dbat-integration

Author: oheimburger

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/LICENSE

@@ -0,0 +1,35 @@
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/README.md

@@ -0,0 +1,116 @@
+<!--
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+-->
+
+#  OCI Resource Manager Terraform Stack to create OCI DevOps CI/CD pipelines for OCI Functions
+
+Reviewed: 11.2.2025
+ 
+# When to use this asset?
+ 
+Anyone who wants to create OCI DevOps pipelines for OCI Functions using Terraform in OCI Resource manager.
+The DevOps project is not specific to any programming language but includes <a href="./files/build_pipeline_specs/">build pipeline specs</a> example files to build and deploy jvm and native Java functions. Source code for a such Function can be found <a href="https://github.com/oracle-devrel/technology-engineering/blob/main/app-dev/devops-and-containers/functions/java-helloworld-AI-with-local-dev-and-oci-functions/README.md">here</a>.
+
+# Author
+<a href="https://github.com/mikarinneoracle">mikarinneoracle</a>
+
+# How to use this asset?
+
+Clone this repo locally. In OCI Console click <code>Create Stack</code> under <code>Resource Manager</code> in your project compartment. Drag-n-drop the <a href="./files">files</a> -folder to <code>Stack Configuration</code> (<b>folder type</b>) or click this button below to create the stack on your OCI tenancy:
+
+<p>
+
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-devrel/technology-engineering/releases/download/latest/devops-tf-stack.zip)
+
+<p>
+Note! OCI DevOps <code>IAM Policies</code> are not part of the stack, please refer to <a href="https://docs.oracle.com/en-us/iaas/Content/devops/using/devops_iampolicies.htm">docs</a> how to create them before running the devops project pipelines.
+<p>
+
+### Stack settings
+
+Creating the stack in OCI Resource Manger fill in the vars:
+
+![Stack](./files/stack.jpg)
+
+<ul>
+    <li><i>initial_image</i> that is used to create the OCI Function as target environment for the OCI DevOps deployment pipeline.
+    By default it is loaded from Dockerhub, but you can use any X86 arch image if want to replace this</li>
+    <li><i>docker_user</i> is your OCIR Docker user to push the initial image (above) to OCIR repo for the Function. Replace &lt;namespace&gt; with your <code>tenancy namespace</code>. <code>oracleidentitycloudservice</code> is only used for federated domains/users, not local</li>
+    <li><i>docker_password</i> is an <code>auth token</code> in your OCI user profile, <i>create one for this</i></li>
+</ul>
+
+Docker credentials are only used during the DevOps project creation to push the initial Function image and the DevOps project won't need them after it's been created by Terraform. <i>Hence, you can delete the auth token from your profile after the stack has been run.</i>
+<p>
+
+After creation run Stacks's Apply to create the OCI DevOps project. 
+<p>
+The Stack creates only a <i>private subnet</i> in the VCN and hence the Function cannot be called outside the tenancy by default after the build and deploy.
+<p>
+However, the Function invocation can be done from <code>OCI Cloud Shell</code> either by connecting to the <b>VCN private subnet</b> or to <b>OCI Service Network</b>, both options will work. The invocation can be done as follows using the Stack <code>project_name</code> e.g. :
+<pre>
+fn invoke helloworldai-java helloworldai-java
+</pre>
+
+Since the stack creates the DevOps project with a target Function with the intial image it should already run and return:
+<pre>
+Hello, world!
+</pre>
+
+# Useful Links
+
+- [OCI DevOps](https://www.oracle.com/cloud/cloud-native/devops-service/)
+    - Oracle Cloud Infrastructure (OCI) DevOps is a continuous integration and continuous delivery (CI/CD) service for development teams building on OCI
+- [OCI Functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm)
+    - Learn how the Functions service lets you create, run, and scale business logic without managing any infrastructure
+- [OCI SDK for Java](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdk.htm)
+    - The Oracle Cloud Infrastructure SDK for Java enables you to write code to manage Oracle Cloud Infrastructure resources
+- [Fn](https://fnproject.io/)
+    - The Fn project is an open-source container-native serverless platform that you can run anywhere -- any cloud or on-premise. It’s easy to use, supports every programming language, and is extensible and performant
+- [OCI Functions with GraalVM](https://github.com/shaunsmith/graalvm-fn-init-images)
+    - Discover GraalVM Native Image -based functions with this example GitHub repo
+- [Oracle](https://www.oracle.com/)
+    - Oracle Website
+
+## License
+
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](LICENSE) for more details.
+
+ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.  FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK. 

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/artifacts.tf

@@ -0,0 +1,19 @@
+## This configuration was generated by terraform-provider-oci
+
+resource oci_artifacts_container_configuration export_container_configuration {
+  compartment_id                      = var.compartment_ocid
+  is_repository_created_on_first_push = "false"
+}
+
+resource oci_artifacts_container_repository export_project {
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.compartment_id
+  
+  display_name = "${var.image_name}"
+  freeform_tags = {
+  }
+  is_immutable = "false"
+  is_public    = "false"
+  provisioner "local-exec" {
+    command = "docker login ${var.registry} -u '${var.docker_user}' -p '${var.docker_pwd}' && docker pull ${var.initial_image} && docker tag ${var.initial_image} ${var.registry}/${data.oci_objectstorage_namespace.tenancy_namespace.namespace}/${var.image_name}:1 && docker push ${var.registry}/${data.oci_objectstorage_namespace.tenancy_namespace.namespace}/${var.image_name}:1"
+  }
+}

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/build_pipeline_specs/build_spec.yaml

@@ -0,0 +1,20 @@
+version: 0.1             
+component: build
+timeoutInSeconds: 5000
+shell: bash
+env:
+  exportedVariables:
+    - buildId
+steps:
+  - type: Command
+    command: |
+      buildId=`echo ${OCI_BUILD_RUN_ID} | rev | cut -c 1-6 | rev`
+      echo "Build ID: $buildId"
+  - type: Command
+    command: |
+      docker build -t ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME} .
+      docker tag ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:latest ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:$buildId
+outputArtifacts:
+  - name: image-jvm
+    type: DOCKER_IMAGE
+    location: ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/build_pipeline_specs/build_spec_native.yaml

@@ -0,0 +1,20 @@
+version: 0.1             
+component: build
+timeoutInSeconds: 5000
+shell: bash
+env:
+  exportedVariables:
+    - buildId
+steps:
+  - type: Command
+    command: |
+      buildId=`echo ${OCI_BUILD_RUN_ID} | rev | cut -c 1-6 | rev`
+      echo "Build ID: $buildId"
+  - type: Command
+    command: |
+      docker build -f Dockerfile.native -t ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME} .
+      docker tag ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:latest ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:$buildId
+outputArtifacts:
+  - name: image-native
+    type: DOCKER_IMAGE
+    location: ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/core.tf

@@ -0,0 +1,141 @@
+## This configuration was generated by terraform-provider-oci
+
+resource oci_core_subnet export_project-private {
+  #availability_domain = <<Optional value not found in discovery>>
+  cidr_block     = "10.0.0.0/24"
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+  
+  #dhcp_options_id = <<Optional value not found in discovery>>
+  display_name    = "${var.project_name}-private"
+  #dns_label = <<Optional value not found in discovery>>
+  freeform_tags = {
+  }
+  #ipv6cidr_block = <<Optional value not found in discovery>>
+  ipv6cidr_blocks = [
+  ]
+  prohibit_internet_ingress  = "true"
+  prohibit_public_ip_on_vnic = "true"
+  route_table_id             = oci_core_vcn.export_project_3.default_route_table_id
+  security_list_ids = [
+    oci_core_default_security_list.export_Default-Security-List-for-project.id,
+  ]
+  vcn_id = oci_core_vcn.export_project_3.id
+}
+
+resource oci_core_default_security_list export_Default-Security-List-for-project {
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+  
+  display_name = "Default Security List for ${var.project_name}"
+  egress_security_rules {
+    #description = <<Optional value not found in discovery>>
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    #icmp_options = <<Optional value not found in discovery>>
+    protocol  = "all"
+    stateless = "false"
+    #tcp_options = <<Optional value not found in discovery>>
+    #udp_options = <<Optional value not found in discovery>>
+  }
+  freeform_tags = {
+  }
+  ingress_security_rules {
+    #description = <<Optional value not found in discovery>>
+    #icmp_options = <<Optional value not found in discovery>>
+    protocol    = "6"
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = "false"
+    tcp_options {
+      max = "22"
+      min = "22"
+      #source_port_range = <<Optional value not found in discovery>>
+    }
+    #udp_options = <<Optional value not found in discovery>>
+  }
+  ingress_security_rules {
+    #description = <<Optional value not found in discovery>>
+    icmp_options {
+      code = "4"
+      type = "3"
+    }
+    protocol    = "1"
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = "false"
+    #tcp_options = <<Optional value not found in discovery>>
+    #udp_options = <<Optional value not found in discovery>>
+  }
+  ingress_security_rules {
+    #description = <<Optional value not found in discovery>>
+    icmp_options {
+      code = "-1"
+      type = "3"
+    }
+    protocol    = "1"
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    stateless   = "false"
+    #tcp_options = <<Optional value not found in discovery>>
+    #udp_options = <<Optional value not found in discovery>>
+  }
+  manage_default_resource_id = oci_core_vcn.export_project_3.default_security_list_id
+}
+
+resource oci_core_vcn export_project_3 {
+  #byoipv6cidr_details = <<Optional value not found in discovery>>
+  #cidr_block = <<Optional value not found in discovery>>
+  cidr_blocks = [
+    "10.0.0.0/16",
+  ]
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+  
+  display_name = "${var.project_name}"
+  #dns_label = <<Optional value not found in discovery>>
+  freeform_tags = {
+  }
+  ipv6private_cidr_blocks = [
+  ]
+  #is_ipv6enabled = <<Optional value not found in discovery>>
+  #is_oracle_gua_allocation_enabled = <<Optional value not found in discovery>>
+  security_attributes = {
+  }
+}
+
+resource oci_core_default_route_table export_Default-Route-Table-for-project {
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+  
+  display_name = "Default Route Table for ${var.project_name}"
+  freeform_tags = {
+  }
+  manage_default_resource_id = oci_core_vcn.export_project_3.default_route_table_id
+  route_rules {
+    #description = <<Optional value not found in discovery>>
+    destination       = "all-fra-services-in-oracle-services-network"
+    destination_type  = "SERVICE_CIDR_BLOCK"
+    network_entity_id = oci_core_service_gateway.export_svc-gw.id
+    #route_type = <<Optional value not found in discovery>>
+  }
+}
+
+data "oci_core_services" "all_oci_services" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
+  count = 1
+}
+
+resource oci_core_service_gateway export_svc-gw {
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+  
+  display_name = "${var.project_name}-svc-gw"
+  freeform_tags = {
+  }
+  #route_table_id = <<Optional value not found in discovery>>
+  services {
+    service_id = lookup(data.oci_core_services.all_oci_services[0].services[0], "id")
+  }
+  vcn_id = oci_core_vcn.export_project_3.id
+}
+

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/data.tf

@@ -0,0 +1,3 @@
+data "oci_objectstorage_namespace" "tenancy_namespace" {
+    compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+}