Use OCI DevOps Plugin in Jenkins to store artifacts in Oracle Cloud

We will see how we can leverage OCI DevOps Plugin on Jenkins to trigger a deployment pipeline on OCI DevOps Service to store artifacts on Oracle Cloud.

Oracle Cloud Infrastructure DevOps Plugin can be used to upload artifacts and run deployments on the Oracle Cloud Infrastructure (OCI) from Jenkins. A Jenkins master instance with the Oracle Cloud Infrastructure DevOps plugin can upload the artifacts to the Artifact Registry repository and can trigger the deployment pipeline for those artifacts.

Reference: https://plugins.jenkins.io/oracle-cloud-infrastructure-devops/

In this project we will perform the following steps:

1. Install Jenkins in your local system
2. Configure a compute instance and configure policies
3. Create a deployment pipeline on OCI
4. Create a Build job in Jenkins
5. Test the deployment

Note: Configure a proxy or disconnect VPN before running the following commands

Step 1: Install Jenkins

Here are the steps to install Jenkins (For Mac):

1. To install HomeBrew, open a terminal and use the following command:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

2. Run the following commands to set the Homebrew to your PATH

echo '# Set PATH, MANPATH, etc., for Homebrew.' >> /Users/<computer name>/.zprofile
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/<computer name>/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"

3. Install Jenkins

brew install jenkins-lts

4. Install Java (Ignore this step if you have already installed it in the past)

brew install java

5. Start using Jenkins in your local system

brew services start jenkins-lts

6. Configure the Administrator Password and install the suggested plug-ins.

7. Ensure that you are installing Oracle Cloud Infrastructure DevOps and Groovy Plugins.

Step 2: Configure a Compute instance and configure policies

Create and Configure a Compute Instance

1. Configure a Compute instance with the name “Jenkins2OCI_Compute”
2. Download the SSH key pair and upload the public key (.pub) file.
3. We will be creating Instance Groups in the next step where we will eventually add this instance. If your code requires Sudo privileges, we will use the following Cloud-Init Script to enable the user logged in to have Sudo permissions.

#cloud-config
users:
  - default
  - name: ocarun
    sudo: ALL=(ALL) NOPASSWD:ALL

Go ahead and create the instance.

Configure Policies

1. The dynamic group allows a group of OCI Compute instances as principal actors allowing instances to make API calls against OCI services.

Create a Dynamic group DevOpsDG and add the following matching rules:

ALL {resource.type = 'devopsdeploypipeline', resource.compartment.id = 'paste compartmentid'}
ALL {resource.type = 'devopsbuildpipeline', resource.compartment.id = 'paste compartmentid'} 
ALL {resource.type = 'devopsrepository', resource.compartment.id = 'paste compartmentid'} 
ALL {resource.type = 'devopsconnection', resource.compartment.id = 'paste compartmentid'} 
ALL {instance.compartment.id = 'paste compartmentid'}

2. Go to the Root compartment and create a Policy for DevOpsPolicy and add the following policies

Allow dynamic-group DevOpsPolicy to manage all-resources in compartment <compartment name>
Allow dynamic-group DevOpsPolicy to manage devops-family in compartment <compartment name>
Allow dynamic-group DevOpsPolicy to manage instance-family in compartment <compartment name>
Allow dynamic-group DevOpsPolicy to read all-artifacts in compartment <compartment name>
Allow dynamic-group DevOpsPolicy to use instance-agent-command-family in compartment <compartment name>
Allow dynamic-group DevOpsPolicy to use instance-agent-command-execution-family in compartment <compartment name>

Step 3: Create a deployment pipeline in OCI DevOps

1. Firstly, let's start off by creating an Artifact Registry. This is where we will store and manage all artifacts for this project.

2. Create a DevOps project “JenkinsOCIDemo” and create a deployment pipeline.

3. Create an instance group environment and add the Linux instance we created in the previous step.

4. Switch to the Artifact section and add the DeploySpec artifact and set the artifact path as artifact.tar.gz and version ${version}

5. Create a “JenkinsArtifact” which is a generic artifact and set the artifact path as artifact.tar.gz and version ${version}

6. Create a deployment pipeline with the following configuration:

Environment: Instance Group Configuration

Deployment Configuration: DeploySpec

Jenkins Artifact: JenkinsArtifact

Instance Rollout by Percentage: 1

The delay between batches: 60

Step 5: Create a Build job in Jenkins

1. Login to Jenkins on your local machine with your credentials
2. Select Manage Jenkins -> Manage Credentials -> System -> Global Credentials -> Add new credentials and then select Oracle Cloud Infrastructure DevOps from the dropdown under Kind

3. Update the following:

• Fingerprint — The Fingerprint for the key pair being used.
• API Key — The OCI API Signing Private Key.
• PassPhrase — The PassPhrase for the key pair being used.
• Tenant Id — The Tenant OCID.
• User Id — The OCID of the User whose API signing key you are using.
• Region — The OCI region to use for all OCI API requests for example, us-phoenix-1.
• ID — An internal unique ID by which these credentials are identified from jobs, and other configurations.
• Description — An optional description to differentiate between similar credentials.

Click Verify Credentials to successfully connect to your Oracle Cloud Infrastructure.

4. Here is the code for creating a build pipeline in Jenkins:

import groovy.json.*
args_map = [version:"1.$BUILD_NUMBER"]
print "Build number: "+BUILD_NUMBER
version = BUILD_NUMBER
print "version: "+version

pipeline {
  agent any
  stages {
    stage('checkout') {
      steps {
        echo 'Hello World'
        checkout([$class:'GitSCM', branches:[[name: '*/main']], extensions:[], userRemoteConfigs:[[url: 'https://github.com/saipriyabalu/jenkins-hello-world.git']]])
        sh 'echo `pwd`'
        sh 'ls -alrt'
      }
    }
    stage('build') {
      steps {
        sh 'tar -czf artifacts.tar.gz ./*.sh'
      }
    }
    stage("OCI Upload Artifact") {
        steps {
          OCIUploadArtifact(credentialsId: 'ocicred',
          uploadArtifactDetailsList: [[artifactPath: 'artifacts.tar.gz',
          repositoryId: '',
          repositoryType: 'GENERIC',
          sourcePath: 'artifacts.tar.gz',
          version: "1.$BUILD_NUMBER"],
          [artifactPath: 'deployment_spec.yaml',
          repositoryId: '',
          repositoryType: 'GENERIC',
          sourcePath: 'deployment_spec.yaml',
          version: "1.$BUILD_NUMBER"]
          ])
        }
    }
    stage('Trigger Deployment') {
        steps {
          OCIDeployment(argumentVal: JsonOutput.toJson(args_map),
          credentialsId: 'ocicred',
          displayName: "testDeployment${BUILD_NUMBER}",
          endpoint: 'https://devops.us-ashburn-1.oci.oraclecloud.com/',
          pipelineId: '',
          pollingConfig: [timeoutSeconds: 600, "pollingIntervalSeconds" : 5], executionMode: 'SYNC'
          )
      }
    }  
  }
}

Update repositoryId: ‘<copy the ocid of the artifact repository which you created>’

Update pipelineId: ‘<copy the ocid of the deployment pipeline from OCI DevOps project which you created>’

5. Switch to the Jenkins Console -> Create a Pipeline Project -> Update the Pipeline Script

Save the changes.

Step 6: Test the deployment

1. Go ahead and select Build now in Jenkins to start the build process
2. After the deployment pipeline is triggered you can check the logs under Project -> Deployment Pipelines -> Deployments
3. After successful completion, you will notice that the artifact.tar.gz file is now available in the tmp/integrationTestFolder in the Linux instance added to the instance group.