repo create

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/LICENSE

@@ -0,0 +1,35 @@
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/README.md

@@ -0,0 +1,93 @@
+<!--
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+-->
+
+# Terraform Stack to be used in OCI Resource Manager to create OCI DevOps pipelines for OCI Functions
+
+Reviewed: 11.2.2025
+
+# When to use this asset?
+
+Anyone who wants to create OCI DevOps pipelines for OCI Functions using Terraform in OCI Resource manager.
+The DevOps project is not specific to any programming language but includes <a href="./files/build_pipeline_specs/">build pipeline specs</</a> example files to build and deploy jvm and native Java functions. Source code for a such Function can be found <a href="https://github.com/oracle-devrel/technology-engineering/blob/main/app-dev/devops-and-containers/functions/java-helloworld-AI-with-local-dev-and-oci-functions/README.md">here</a>.
+
+# Author
+<a href="https://github.com/mikarinneoracle">mikarinneoracle</a>
+
+# How to use this asset?
+
+Clone this repo locally. In OCI Console click <code>Create Stack</code> under <code>Resource manager</code> in your project compartment. Drag-n-drop the <a href="./files">files -folder</a> to <code>Stack Configuration</code> (<b>folder type</b>).
+<p>
+OCI DevOps IAM Policies are not part of the stack, please refer to <a href="https://docs.oracle.com/en-us/iaas/Content/devops/using/devops_iampolicies.htm">docs</a> how to create them first.
+<p>
+Important! Before running the stack it is manadatory to create the OCI Registry repository for the OCI Function container and upload a dummy X86 architecture container to it. The <b>name</b> of the OCIR repo needs to match to the <code>image_name</code> of the Stack variables e.g. <code>helloworldai-java</code>. This can by done by doing the following in OCI Cloud Shell:
+<pre>
+oci artifacts container repository create --display-name helloworldai-java --compartment-id ocid1.compartment.oc1.....gq
+docker pull hello-world
+docker tag hello-world fra.ocir.io/&lt;YOUR_TENANCY_NAMESPACE&gt;/helloworldai-java:1
+docker push fra.ocir.io/&lt;YOUR_TENANCY_NAMESPACE&gt;/helloworldai-java:1
+</pre>
+Unless doing this the Stack will run into an error:
+<pre>
+Error: 400-InvalidParameter, Invalid Image fra.ocir.io/&lt;YOUR_TENANCY_NAMESPACE&gt;/&lt;IMAGE&gt; does not exist or you do not have access to use it
+</pre>
+After doing this the Stack can be run and after the OCI DevOps project creation the build pipelines can be run to build and deploy the OCI Function.
+
+# Useful Links
+
+- [OCI DevOps](https://www.oracle.com/cloud/cloud-native/devops-service/)
+    - Oracle Cloud Infrastructure (OCI) DevOps is a continuous integration and continuous delivery (CI/CD) service for development teams building on OCI
+- [OCI Functions](https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm)
+    - Learn how the Functions service lets you create, run, and scale business logic without managing any infrastructure
+- [OCI SDK for Java](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/javasdk.htm)
+    - The Oracle Cloud Infrastructure SDK for Java enables you to write code to manage Oracle Cloud Infrastructure resources
+- [Fn](https://fnproject.io/)
+    - The Fn project is an open-source container-native serverless platform that you can run anywhere -- any cloud or on-premise. It’s easy to use, supports every programming language, and is extensible and performant
+- [OCI Functions with GraalVM](https://github.com/shaunsmith/graalvm-fn-init-images)
+    - Discover GraalVM Native Image -based functions with this example GitHub repo
+- [Oracle](https://www.oracle.com/)
+    - Oracle Website
+
+## License
+
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](LICENSE) for more details.
+
+ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.  FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK. 

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/artifacts.tf

@@ -0,0 +1,16 @@
+## This configuration was generated by terraform-provider-oci
+
+resource oci_artifacts_container_configuration export_container_configuration {
+  compartment_id                      = var.compartment_ocid
+  is_repository_created_on_first_push = "true"
+}
+
+resource oci_artifacts_container_repository export_project {
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.compartment_id
+
+  display_name = "${var.project_name}-image"
+  freeform_tags = {
+  }
+  is_immutable = "false"
+  is_public    = "false"
+}

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/build_pipeline_specs/build_spec.yaml

@@ -0,0 +1,20 @@
+version: 0.1             
+component: build
+timeoutInSeconds: 5000
+shell: bash
+env:
+  exportedVariables:
+    - buildId
+steps:
+  - type: Command
+    command: |
+      buildId=`echo ${OCI_BUILD_RUN_ID} | rev | cut -c 1-6 | rev`
+      echo "Build ID: $buildId"
+  - type: Command
+    command: |
+      docker build -t ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME} .
+      docker tag ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:latest ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:$buildId
+outputArtifacts:
+  - name: image-jvm
+    type: DOCKER_IMAGE
+    location: ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/build_pipeline_specs/build_spec_native.yaml

@@ -0,0 +1,29 @@
+version: 0.1             
+component: build
+timeoutInSeconds: 5000
+shell: bash
+env:
+  exportedVariables:
+    - buildId
+steps:
+  - type: Command
+    command: |
+      buildId=`echo ${OCI_BUILD_RUN_ID} | rev | cut -c 1-6 | rev`
+      echo "Build ID: $buildId"
+  - type: Command
+    command: |
+      # This replaces the default open-jdk
+      export GRAALVM_VERSION="21"
+      export JAVA_VERSION="17"
+      yum -y install graalvm${GRAALVM_VERSION}-ee-${JAVA_VERSION}-jdk;
+      export JAVA_HOME=/usr/lib64/graalvm/graalvm${GRAALVM_VERSION}-ee-java${JAVA_VERSION};
+      java -version
+
+      mvn clean install
+      
+      docker build -f Dockerfile.native -t ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME} .
+      docker tag ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:latest ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:$buildId
+outputArtifacts:
+  - name: image-native
+    type: DOCKER_IMAGE
+    location: ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/core.tf

@@ -0,0 +1,141 @@
+## This configuration was generated by terraform-provider-oci
+
+resource oci_core_subnet export_project-private {
+  #availability_domain = <<Optional value not found in discovery>>
+  cidr_block     = "10.0.0.0/24"
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+
+  #dhcp_options_id = <<Optional value not found in discovery>>
+  display_name    = "${var.project_name}-private"
+  #dns_label = <<Optional value not found in discovery>>
+  freeform_tags = {
+  }
+  #ipv6cidr_block = <<Optional value not found in discovery>>
+  ipv6cidr_blocks = [
+  ]
+  prohibit_internet_ingress  = "true"
+  prohibit_public_ip_on_vnic = "true"
+  route_table_id             = oci_core_vcn.export_project_3.default_route_table_id
+  security_list_ids = [
+    oci_core_default_security_list.export_Default-Security-List-for-project.id,
+  ]
+  vcn_id = oci_core_vcn.export_project_3.id
+}
+
+resource oci_core_default_security_list export_Default-Security-List-for-project {
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+
+  display_name = "Default Security List for ${var.project_name}"
+  egress_security_rules {
+    #description = <<Optional value not found in discovery>>
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    #icmp_options = <<Optional value not found in discovery>>
+    protocol  = "all"
+    stateless = "false"
+    #tcp_options = <<Optional value not found in discovery>>
+    #udp_options = <<Optional value not found in discovery>>
+  }
+  freeform_tags = {
+  }
+  ingress_security_rules {
+    #description = <<Optional value not found in discovery>>
+    #icmp_options = <<Optional value not found in discovery>>
+    protocol    = "6"
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = "false"
+    tcp_options {
+      max = "22"
+      min = "22"
+      #source_port_range = <<Optional value not found in discovery>>
+    }
+    #udp_options = <<Optional value not found in discovery>>
+  }
+  ingress_security_rules {
+    #description = <<Optional value not found in discovery>>
+    icmp_options {
+      code = "4"
+      type = "3"
+    }
+    protocol    = "1"
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = "false"
+    #tcp_options = <<Optional value not found in discovery>>
+    #udp_options = <<Optional value not found in discovery>>
+  }
+  ingress_security_rules {
+    #description = <<Optional value not found in discovery>>
+    icmp_options {
+      code = "-1"
+      type = "3"
+    }
+    protocol    = "1"
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    stateless   = "false"
+    #tcp_options = <<Optional value not found in discovery>>
+    #udp_options = <<Optional value not found in discovery>>
+  }
+  manage_default_resource_id = oci_core_vcn.export_project_3.default_security_list_id
+}
+
+resource oci_core_vcn export_project_3 {
+  #byoipv6cidr_details = <<Optional value not found in discovery>>
+  #cidr_block = <<Optional value not found in discovery>>
+  cidr_blocks = [
+    "10.0.0.0/16",
+  ]
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+
+  display_name = "${var.project_name}"
+  #dns_label = <<Optional value not found in discovery>>
+  freeform_tags = {
+  }
+  ipv6private_cidr_blocks = [
+  ]
+  #is_ipv6enabled = <<Optional value not found in discovery>>
+  #is_oracle_gua_allocation_enabled = <<Optional value not found in discovery>>
+  security_attributes = {
+  }
+}
+
+resource oci_core_default_route_table export_Default-Route-Table-for-project {
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+
+  display_name = "Default Route Table for ${var.project_name}"
+  freeform_tags = {
+  }
+  manage_default_resource_id = oci_core_vcn.export_project_3.default_route_table_id
+  route_rules {
+    #description = <<Optional value not found in discovery>>
+    destination       = "all-fra-services-in-oracle-services-network"
+    destination_type  = "SERVICE_CIDR_BLOCK"
+    network_entity_id = oci_core_service_gateway.export_svc-gw.id
+    #route_type = <<Optional value not found in discovery>>
+  }
+}
+
+data "oci_core_services" "all_oci_services" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
+  count = 1
+}
+
+resource oci_core_service_gateway export_svc-gw {
+  compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+
+  display_name = "${var.project_name}-svc-gw"
+  freeform_tags = {
+  }
+  #route_table_id = <<Optional value not found in discovery>>
+  services {
+    service_id = lookup(data.oci_core_services.all_oci_services[0].services[0], "id")
+  }
+  vcn_id = oci_core_vcn.export_project_3.id
+}
+

app-dev/devops-and-containers/devops/oci-devops-terraform-function-java-graalvm/files/data.tf

@@ -0,0 +1,3 @@
+data "oci_objectstorage_namespace" "tenancy_namespace" {
+    compartment_id = oci_artifacts_container_configuration.export_container_configuration.id
+}