OCI DevOps Composite–creating Build & Deploy Pipeline resources using Terraform plans

Lucas Jellema

I recently started a GitHub repo with Terraform plans for the creation of what I call OCI Composites – combinations of resources that will frequently be used together and that will have to be created through Infrastructure as Code. My first entry in this repository was the composite of Function, Container Image and Container Repository. I introduced this composite in this article. I am now ready for my second entry – a more audacious one: a build and triggered deploy pipeline with external code repository connection. When you run the TF plans introduced in this article, you will get:

  • a build pipeline with four stages and two parameters (for the container image version and the target compartment’s OCID value)
    • build a Function’s container image from the sources in the designated source repository
    • push the container image to the Container Image Registry on OCI
    • trigger the deployment pipeline
    • run a smoke test that invokes the freshly deployed function

  • a deployment pipeline that deploys the specified function using the freshly built container image

  • an artifact based on the container image

The repository for this composite contains not just the Terraform Plans. It also has the build specification required for building the container image from the sources and a second build specification file for running the smoke test. The latter specification file uses the OCI CLI (pre installed in the build server) to invoke the redeployed function. (the file also contains instructions to install Terraform and the OCI Provider for Terraform, but in the end I am not actually using these in the smoketest phase. I have not yet figured out how to provide the right authentication details to the Terraform OCI Provider in the build server.


The sources for the function are in directory functions\fake-fun. The smoke-test sub directory under this directory contains the build specification file executed in the fourth stage of the build pipeline – after the deployment pipeline has executed.

The OCI DevOps resources are created from the definitions in devops.tf. The file policies.tf defines the dynamic groups and IAM policies. In datasources.tf some Terraform resources used for querying the existing OCI resources. File provider.tf configures the OCI provider for Terraform and in variables.tf are the references that the user of this composite should specify: region and target compartment, name of DevOps project and external connection, name of application and function, the URL for the GitHub repository and the container image repository path in OCI Container Registry (everything before the function_name:image version)

This diagram shows in green the resources that are created and in blue the resources that should exist ahead of creating the composite.


The requirements for running these OCI Composite TF plans are:

* the target compartment’s OCID is specified in variables.tf

* a DevOps project already exists and its name is specified in variables.tf; its contains an external connection to a GitHub repository (the name of the connection is defined in variables.tf) and its URL is also defined there.

* This pipeline builds and deploys a Function. This function already exists – as does the repository in the Container Image Registry. The names of the function and its application as well as the name of the container image repository are defined in the variables.tf file. Note: these resources can be produced using the OCI Terraform Composite *createDeployInvokeFunction* introduced in this article.

* the user applying the Terraform plan has the required permissions to create the DevOps resources

Run terraform apply in the directory with the plan files for this composite:


16 resources are reported by Terraform.

The next image shows the resources created as part of the OCI Terraform Composite in the OCI DevOps project:


After the DevOps resources have been created by Terraform, I can kick off the Build Pipeline in the OCI Console. When all is said and done, the Smoke Test should leave a trail in the logs:



GitHub repository with the Terraforms for the OCI Composites as described in this article: https://github.com/lucasjellema/oci-terraform-composites

Documentation on the OCI Provider for Terraform: https://registry.terraform.io/providers/hashicorp/oci/latest/docs (specifically the DevOps resources https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/devops_build_pipeline)

Documentation on OCI CLI commands for Functions : https://docs.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/fn.html 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Next Post

Getting started quickly with querying OCI from Terraform in Cloud Shell

Terraform is all about infrastructure (and platform) as code. Creating OCI resources through Terraform is probably the best way to manage your cloud resources. I have written several articles about that. In this article I will quickly show the steps you can take for querying OCI resources using Terraform – […]
%d bloggers like this: