The following post describes how to configure the oci-gradle-build-cache plugin to write to the cache when running on Travis-ci. I’m assuming dear reader that you have an Oracle Cloud account ready, but if that were not to be the case then you can sign up for an Always Free tier account at https://www.oracle.com/cloud/free/. Let’s get started!
Step 1: Create a config file
There are a couple of ways to configure the plugin, we’ll use a configuration file whose format is specified at this page; you must gather the following information from your account
- tenancy id
- user id
- default home region
Your tenancy id can be found by clicking on the “Profile” button found at the top right corner of the Cloud Console. This pulls down a menu that has a link to your tenancy details. Click on it and you should see a page similar to the next one
The user id can be found by clicking on the “hamburger” menu located at the top left, scroll down to “Identity” then click on “Users”. Click on the user that matches the email address you used to register the account.
On this same page you can upload a key file. Details on generating an API key can be found at https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm. Once you have that key file you can upload it by clicking on the “Add Public Key” button. As a result you get the fingerprint listed as follows.
Finally the region id can be found at the top bar. Click on the name of the region (Frankfurt in my case) then select “Manage Regions”. This displays all available regions with their short ids. Select the one that matches your home region.
For the next step, create a directory named
.oci local to your project and place the contents on a file named
[DEFAULT] user= tenancy= region= key_file=.oci/oci_api.key.pem pass_phrase= fingerprint=
Now fill in the values for each matching key with the information we just gathered. The key file must also be copied under the
.oci directory. IMPORTANT: make sure that the
.oci directory is excluded from source control (add it to
.gitignore if you use Git).
Step 2: Create a dedicated compartment
Go back to the Cloud console, browse to the “Identity” menu and click on “Compartments”. Create a new compartment as a child of your root compartment. I named mine “build”.
Step 3: Grant storage access to the compartment.
Browse to “Identity” then “Policies”, you should see a page similar to the next one
Select the root policy and add a new policy statement that matches your region and compartment name
Allow service objectstorage-<region-id> to manage object-family in compartment <compartment-name>
Which in my case results in
Allow service objectstorage-eu-frankfurt-1 to manage object-family in compartment build
Step 4: Apply the plugin to your project
Paste the following into your
Notice that the location of the config file is local to the project. Also the value of the
compartmentId property will be obtained from and environment variable. We’ll have to instruct Travis-ci about this variable in a couple of steps.
Step 5: Encrypt the configuration files
At this step we’ll refer to the Encrypting Files guide from Travis, paying special attention to the Encrypting multiple files section as we have to encrypt
.oci/oci_api_key.pem. For example
$ tar cvf .travis-secrets.tar .oci/config .oci/oci_api_key.pem $ travis encrypt-file .travis-secrets.tar $ vi .travis.yml $ git add .travis-secrets.tar.enc .travis.yml $ git commit -m 'use secret archive' $ git push
Don’t forget to add a decryption command to
.travis.yml as shown on the guide!
Step 6: Configure environment variables in Travis
Browse to https://travis-ci.org and find the project settings. Add a new environment variable named
compartmentId (Update: renamed environment variable to
COMPARTMENT_ID) and paste the OCID of the compartment you created on step 2. Notice that you should have 2 additional environment variables (key and iv) that Travis will use to decode the encrypted files from the previous step.
Step 7: Run a build
This should be enough to get you going. What’s left is to trigger a build on Travis. When the build is finished browse to the Cloud Console, click on the “hamburger” menu, select “Object Storage” then on “Object Storage” once again. Select the compartment from the pull down sidebar on the left. You should see a bucket named
build-cache. Click on it and you should get a page similar to this one
And that’s pretty much it. Setting up the plugin requires a bit of work when you do it for the first time, but once going you can replicate the setup with other projects. The steps shown here are specific to Travis, no doubt other CI services offer capabilities to encrypt/decrypt secrets and environment variables thus what you’ve learned today can be translated to those services as well.
Keep on coding!