Getting Started with DevOps
Learn how to get started with the DevOps service, and the prerequisites for using it.
Prerequisites
Before you begin using the DevOps service, you must meet the following prerequisites:
- You must have access to an Oracle Cloud Infrastructure tenancy.
- Each service in Oracle Cloud Infrastructure (OCI) integrates with Identity and Access Management (IAM) for authentication and authorization, for all interfaces (the Console, SDK and CLI, and REST API). Access permissions are provided to users within a particular compartment. You can create a compartment or reuse an existing one. See Managing Compartments.
- An administrator in your organization needs to set up groups, compartments , and policies that control which users can access which services, and which resources, and the type of access they have. See Authentication and Authorization.
Setting up Groups and Users
- Create a group or use an existing group in your
tenancy.
Users of this group are allowed to manage the DevOps service.
- Create users and add them to the group, or add existing users to the group.
- Generate an auth token for each user
using Git to interact with your code repositories. You can also use API signing keys.
Auth tokens are a form of user credentials. They are Oracle-generated token strings, which you can use to authenticate with third-party APIs that do not support OCI's signature-based authentication. The auth token is used for authenticating to OCI on the command line when performing Git operations. Administrators can create and distribute auth tokens to other users. Auth tokens do not expire. Each user can have up to two auth tokens at a time. For more information, see Managing User Credentials.
Setting up Access for DevOps Resources
To grant users permission to access the various DevOps resources such as build pipelines, deployment pipelines, artifacts, and code repositories you have to create dynamic groups and IAM policies. See Managing Dynamic Groups and Getting Started with Policies.
For creating dynamic groups and policies, refer the following examples:
- For build pipelines, see Build Pipeline Policies.
- For code repositories, see Code Repository Policies.
- For deployment pipelines, see Deployment Pipeline Policies.
For more details, see DevOps IAM Policies.
Integrating with External Code Repositories
With the OCI DevOps service you can create a connection to external repositories such as GitHub, GitLab, Bitbucket Cloud, Bitbucket Server, GitLab Server, and Visual Builder Studio. Following are the ways to integrate:
- GitHub, GitLab, GitLab Server, and Visual Builder Studio: You have to retrieve a personal access token (PAT) from those providers and store your PAT securely in an OCI vault. For instructions, see Build Source Integration.
- Bitbucket Cloud: You need your Bitbucket username and create an app password, then store the app password in an OCI vault. See Generating an App Password for Bitbucket Cloud.
- Bitbucket Server: You must create HTTP access token and then store the access token in an OCI vault.
This process is required only for integrating with third-party code repositories and not with the OCI DevOps code repository.
Setting up Notifications and Topics
Project notifications keep you apprised of important events and the latest DevOps project status. They also alert you if you need to take any necessary action such as approving a workflow. You must create a topic and add subscription to the topic. For creating a topic, see Creating a Topic. The topic is required when creating your DevOps project.
Setting up Repository
The DevOps service uses an OCI Container Registry repository or an Artifact Registry repository for containing the completed build artifacts. You can create either of these repositories.
Creating an Auth Token
Auth tokens are a form of user credentials. They are Oracle-generated token strings, which you can use to authenticate with third-party APIs that do not support Oracle Cloud Infrastructure's signature-based authentication. Auth token is required for using Git to interact with your code repositories.
Learn how to create an auth token by using the Oracle Cloud Console.
- If you're creating an auth token for yourself:
- Sign in to the Console.
- In the top-right corner of the Console, open the Profile menu and click User Settings.
- If you're an administrator creating an auth token for another user:
- Open the navigation menu and click Identity & Security.
- Under Identity, click Users.
- Locate the user in the list, and then click the user's name to view their details.
- Under Resources, click Auth Tokens.
- Click Generate Token.
- Enter a description that indicates what this token is for, for example,
Anne's auth token for use with DevOps code repository
. Avoid entering confidential information. -
Click Generate Token.
The new token string is displayed. For example,
Dm___________6MqX
. - Copy the auth token immediately to a secure location from which you can retrieve it later, because you won't see the auth token again in the Console.
- Close the Generate Token dialog box.
For more information, see Working with Auth Tokens.
Build Source Integration
Learn how to integrate your OCI code repositories with third-party code repositories like GitHub, GitLab, and Visual Builder Studio.
- Retrieve a personal access token (PAT) from the hosting service of the third-party code repository as follows:
- For GitHub, see Generating a GitHub PAT.
- For GitLab, see Generating a GitLab PAT.
- For Visual Builder Studio, see Set Up Token-Based Authentication.
- Store the retrieved PAT securely in an OCI vault. You can reuse existing vaults in your tenancy, or create a vault, master encryption key, and secret. For instructions, see Storing PAT in Vault.Note
Each tenancy has a limit of 10 vaults and each vault can store multiple secrets.Vault variables cannot be dynamically replaced. Only Oracle Cloud IDs (OCIDs) of the vault secret is supported.
- Create a vault secret policy in the root compartment to allow the dynamic group
to manage secrets. See Overview of Vault and Managing Secrets. For example:
Allow dynamic-group <dynamic_group_name> to manage secret-family in tenancy
Note
This process is required only for integrating with third-party code repositories and not with the OCI DevOps code repository.
Generating a GitHub PAT
Generating a GitLab PAT
Generating an App Password for Bitbucket Cloud
Learn how to integrate with Bitbucket Cloud and establish the connection to use Bitbucket repositories in the build pipeline.
You must store the app password in an Oracle Cloud Infrastructure (OCI) vault. OCI Vault is a managed service that lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources.
Each tenancy has a limit of 10 vaults and each vault can store multiple secrets.
Storing PAT in Vault
Before you begin, retrieve a personal access token (PAT) from the hosting service of the third-party code repository.
Using the DevOps Service
After you complete the prerequisites, perform the following steps to use the DevOps service for continuous integration, delivery, and deployment of your software to OCI compute platforms:
- Create a DevOps project for grouping the resources needed to implement your continuous integration and deployment (CI/CD) application.
- Create an OCI code repository or integrate with external code repositories such as GitHub, GitLab, and Bitbucket Cloud. See Mirroring a Repository.
- Create a build pipeline that contains the stages that define the build process for successfully compiling, testing, and running software applications before deployment.
- Add a Managed Build stage to your
build pipeline to test your software application.
Select either OCI code repository or an external code repository (GitHub, GitLab, Bitbucket Cloud, Bitbucket Server, and GitLab Server) as the primary code repository for the build.
- To store the Managed Build stage output, you need an OCI Container Registry repository or an Artifact Registry repository.
DevOps supports applications stored in OCI Container Registry and Artifact Registry repositories. In Container Registry repository, Docker images and Helm charts are stored and in Artifact Registry repository, you can store generic software packages.
- Create a DevOps artifact to point to the
repository location containing the build output.
A parameter in the artifact URI defines the software application version that is delivered to the OCI code repository.
- Add a Deliver Artifacts stage
to your build pipeline after adding the Managed Build stage.
The Deliver Artifacts stage maps the build outputs from the Managed Build stage with the version to deliver to a DevOps artifact resource, and then to the OCI code repository.
- Start the build process by manually running a
DevOps build pipeline.
Manual run uses the latest commit to the code repository that was added to the build. You can run the build based on specific commit by noting the commit details.
You can also automatically trigger a build run when you commit your changes to the code repository.
- Create a target environment supported by DevOps, if it doesn't exist in the Oracle Cloud Console. Supported environments are Kubernetes Engine clusters, compute instances (Oracle Linux and CentOS only), and Function applications.
- Create reference to the target environment for deployment.
- Create a deployment pipeline
to deliver the build output to the target environment.
DevOps supports deployment to Kubernetes clusters, instance groups, and Functions.
- Add a Trigger Deployment stage to automatically trigger a deployment from the build pipeline or run the deployment pipeline.