Configuring the OCI Gradle Build Cache plugin with Travis-ci

The following post describes how to configure the oci-gradle-build-cache plugin to write to the cache when running on Travis-ci. I'm assuming dear reader that you have an Oracle Cloud account ready, but if that were not to be the case then you can sign up for an Always Free tier account at https://www.oracle.com/cloud/free/. Let's get started!

Step 1: Create a config file

There are a couple of ways to configure the plugin, we'll use a configuration file whose format is specified at this page; you must gather the following information from your account

  • tenancy id
  • user id
  • default home region
  • keyfile
  • passphrase
  • fingerprint

Your tenancy id can be found by clicking on the "Profile" button found at the top right corner of the Cloud Console. This pulls down a menu that has a link to your tenancy details. Click on it and you should see a page similar to the next one

The user id can be found by clicking on the "hamburger" menu located at the top left, scroll down to "Identity" then click on "Users". Click on the user that matches the email address you used to register the account.

On this same page you can upload a key file. Details on generating an API key can be found at https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm. Once you have that key file you can upload it by clicking on the "Add Public Key" button. As a result you get the fingerprint listed as follows.

Finally the region id can be found at the top bar. Click on the name of the region (Frankfurt in my case) then select "Manage Regions". This displays all available regions with their short ids. Select the one that matches your home region.

For the next step, create a directory named .oci local to your project and place the contents on a file named config

.oci/config

[DEFAULT]
user=
tenancy=
region=
key_file=.oci/oci_api.key.pem
pass_phrase=
fingerprint=

Now fill in the values for each matching key with the information we just gathered. The key file must also be copied under the .oci directory. IMPORTANT: make sure that the .oci directory is excluded from source control (add it to .gitignore if you use Git).

Step 2: Create a dedicated compartment

Go back to the Cloud console, browse to the "Identity" menu and click on "Compartments". Create a new compartment as a child of your root compartment. I named mine "build".

Step 3: Grant storage access to the compartment.

Browse to "Identity" then "Policies", you should see a page similar to the next one

Select the root policy and add a new policy statement that matches your region and compartment name

Allow service objectstorage-<region-id> to manage object-family in compartment <compartment-name>

Which in my case results in

Allow service objectstorage-eu-frankfurt-1 to manage object-family in compartment build

Step 4: Apply the plugin to your project

Paste the following into your settings.gradle file

Notice that the location of the config file is local to the project. Also the value of the compartmentId property will be obtained from and environment variable. We'll have to instruct Travis-ci about this variable in a couple of steps.

Step 5: Encrypt the configuration files

At this step we'll refer to the Encrypting Files guide from Travis, paying special attention to the Encrypting multiple files section as we have to encrypt .oci/config and .oci/oci_api_key.pem. For example

$ tar cvf .travis-secrets.tar .oci/config .oci/oci_api_key.pem
$ travis encrypt-file .travis-secrets.tar
$ vi .travis.yml
$ git add .travis-secrets.tar.enc .travis.yml
$ git commit -m 'use secret archive'
$ git push

Don't forget to add a decryption command to .travis.yml as shown on the guide!

Step 6: Configure environment variables in Travis

Browse to https://travis-ci.org and find the project settings. Add a new environment variable named compartmentId (Update: renamed environment variable to COMPARTMENT_ID) and paste the OCID of the compartment you created on step 2. Notice that you should have 2 additional environment variables (key and iv) that Travis will use to decode the encrypted files from the previous step.

Step 7: Run a build

This should be enough to get you going. What's left is to trigger a build on Travis. When the build is finished browse to the Cloud Console, click on the "hamburger" menu, select "Object Storage" then on "Object Storage" once again. Select the compartment from the pull down sidebar on the left. You should see a bucket named build-cache. Click on it and you should get a page similar to this one

Conclusion

And that's pretty much it. Setting up the plugin requires a bit of work when you do it for the first time, but once going you can replicate the setup with other projects. The steps shown here are specific to Travis, no doubt other CI services offer capabilities to encrypt/decrypt secrets and environment variables thus what you've learned today can be translated to those services as well.

Keep on coding!

Liked it? Take a second to support aalmiray on Patreon!
Become a patron at Patreon!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

ˆ Back To Top