commit 334770143ca55098f7af79869449e36589f99d83
Author: bdeshi <bdeshi@bdeshi.space>
Date:   Tue May 28 15:02:15 2024 +0600

    init (resources creation ok)

diff --git a/.envrc.sample b/.envrc.sample
new file mode 100644
index 0000000..ff8c4af
--- /dev/null
+++ b/.envrc.sample
@@ -0,0 +1 @@
+export TF_VAR_config_file_profile="${OCI_CLI_PROFILE}"
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..98a2754
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,36 @@
+# from: https://github.com/github/gitignore/blob/main/Terraform.gitignore
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
new file mode 100644
index 0000000..01647c5
--- /dev/null
+++ b/.terraform-docs.yml
@@ -0,0 +1,6 @@
+formatter: markdown table
+output:
+  file: README.md
+  mode: inject
+sort:
+  by: required
diff --git a/.terraform-version b/.terraform-version
new file mode 100644
index 0000000..4131bf4
--- /dev/null
+++ b/.terraform-version
@@ -0,0 +1 @@
+latest-allowed
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..c3943ad
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/oracle/oci" {
+  version     = "5.42.0"
+  constraints = "~> 5.42.0"
+  hashes = [
+    "h1:FSU0QtxN1cRv9DSxPqwg8E7tdYy/fXrA0fqOqVaqhEM=",
+    "zh:3002adc1c0c23b56c79eac20aa8bcbeecac3ad61e959d4bf3fdbf02c43e0b6fe",
+    "zh:3de47921a93a72dc7a4661f82863f7d7d6e50aec42ec8b289201ebbc19569e2f",
+    "zh:4897dab7303c79597c5b79ed2e3158634f74582a5db22225bd3923c0019b3682",
+    "zh:5b816202c988397d6ca6ddc4919bb10227f93168eeb5d5dacffe552fdbcd643e",
+    "zh:8424d47852d1d80611d2d321c9e5aa88b77ace37cc0d3e9e3346ef0b7812d516",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a637b4e0172c588d0b8f41995b0b36526e535ad461dd3bfd5d6f739e2d9fb37c",
+    "zh:b6cb3e0a2e93de7475cb06b3ceed4ad47bbef5dd3d626a13c4f2095cb9c7459b",
+    "zh:c54c437e136eb63cf087ec66f476e9e10fdcb5ddd695c6daf45ca634985d6b55",
+    "zh:c7563b56f31e08a2d8fefb19834f08d116581a4b47bbb43486da9082e719d6d5",
+    "zh:c8f98a1463fea84486d7ff1a7149a60684de8ebb06f408adaf74dc6940914a39",
+    "zh:cfdb86269b01c19f0f3da9d2b087d3a56343f1eba9021cf0c49d697041357359",
+    "zh:d68a4bfbd7a1d11eded456724b7876428e42aa5e86ff64b53da8bba1b8a6b2c4",
+    "zh:d755b0f6836472327116ac9c111bddcf8719a98f4a68c2377ecaa3f42dfaa094",
+    "zh:f6567eadd4469e66f6d990fcccc8dd8232d8555a2f8698bc823c57384668a074",
+  ]
+}
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..18fbf2c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,32 @@
+# oci woodpecker cache
+
+sets up a cache bucket on oci for use with [woodpecker ci](https://woodpecker-ci.org/).
+
+depends on [terraform-oci-free](https://git.bdeshi.space/bdeshi/terraform-oci-free).
+
+## Usage
+
+```bash
+terraform init -backend-config=terraform.backend.tfvars
+terraform apply -var-file=terraform.tfvars
+```
+
+Collect the output values and create woodpecker ci user-level variables, eg:
+
+```yaml
+CACHE_S3_ENDPOINT: <s3_endpoint>
+CACHE_S3_BUCKET: <s3_bucket_name>
+CACHE_S3_ACCESS_KEY_ID: <s3_access_key_id>
+CACHE_S3_SECRET_ACCESS_KEY: <s3_secret_access_key>
+CACHE_USE_PATH_STYLE: true
+```
+
+these variables can then be used with the [drone-cache](https://github.com/meltwater/drone-cache/)
+plugin in a woodpecker ci pipeline.
+
+<!-- markdownlint-disable -->
+
+# Terraform Docs
+
+<!-- BEGIN_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/oci.iam.tf b/oci.iam.tf
new file mode 100644
index 0000000..3e2564b
--- /dev/null
+++ b/oci.iam.tf
@@ -0,0 +1,42 @@
+resource "oci_identity_user" "woodpecker_cache" {
+  compartment_id = local.tenancy_id
+  name           = local.woodpecker_cache_iam_name
+  description    = local.woodpecker_cache_iam_name
+  freeform_tags  = local.default_tags
+}
+
+resource "oci_identity_user_capabilities_management" "woodpecker_cache" {
+  user_id                      = oci_identity_user.woodpecker_cache.id
+  can_use_customer_secret_keys = "true"
+  can_use_api_keys             = "false"
+  can_use_auth_tokens          = "false"
+  can_use_console_password     = "false"
+  can_use_smtp_credentials     = "false"
+}
+
+resource "oci_identity_customer_secret_key" "woodpecker_cache" {
+  display_name = local.woodpecker_cache_iam_name
+  user_id      = oci_identity_user.woodpecker_cache.id
+}
+
+resource "oci_identity_group" "woodpecker_cache" {
+  compartment_id = local.tenancy_id
+  name           = local.woodpecker_cache_iam_name
+  description    = local.woodpecker_cache_iam_name
+  freeform_tags  = local.default_tags
+}
+
+resource "oci_identity_user_group_membership" "woodpecker_cache" {
+  group_id = oci_identity_group.woodpecker_cache.id
+  user_id  = oci_identity_user.woodpecker_cache.id
+}
+
+resource "oci_identity_policy" "woodpecker_cache" {
+  compartment_id = local.compartment_id
+  description    = local.woodpecker_cache_iam_name
+  name           = local.woodpecker_cache_iam_name
+  statements = [
+    "ALLOW group ${oci_identity_group.woodpecker_cache.name} TO manage objects IN COMPARTMENT '${local.compartment_name}' where all {target.bucket.name = '${oci_objectstorage_bucket.woodpecker_cache.name}'}"
+  ]
+  freeform_tags = local.default_tags
+}
diff --git a/oci.objectstorage.tf b/oci.objectstorage.tf
new file mode 100644
index 0000000..7d4d378
--- /dev/null
+++ b/oci.objectstorage.tf
@@ -0,0 +1,47 @@
+data "oci_objectstorage_namespace" "ns" {
+  compartment_id = local.compartment_id
+}
+
+resource "oci_objectstorage_bucket" "woodpecker_cache" {
+  compartment_id = local.compartment_id
+  name           = "woodpecker-cache"
+  namespace      = data.oci_objectstorage_namespace.ns.namespace
+  freeform_tags  = local.default_tags
+}
+
+resource "oci_objectstorage_object_lifecycle_policy" "woodpecker_cache" {
+  bucket    = oci_objectstorage_bucket.woodpecker_cache.name
+  namespace = data.oci_objectstorage_namespace.ns.namespace
+  rules {
+    is_enabled  = true
+    action      = "INFREQUENT_ACCESS"
+    name        = "migrate-infrequent-access"
+    target      = "objects"
+    time_amount = 30
+    time_unit   = "DAYS"
+  }
+  rules {
+    is_enabled  = true
+    action      = "ARCHIVE"
+    name        = "migrate-archive"
+    target      = "objects"
+    time_amount = 90
+    time_unit   = "DAYS"
+  }
+  rules {
+    is_enabled  = true
+    action      = "DELETE"
+    name        = "delete-old-caches"
+    target      = "objects"
+    time_amount = 120
+    time_unit   = "DAYS"
+  }
+  rules {
+    is_enabled  = true
+    action      = "ABORT"
+    name        = "cancel-multipart-uploads"
+    target      = "multipart-uploads"
+    time_amount = "3"
+    time_unit   = "DAYS"
+  }
+}
diff --git a/terraform.backend.tfvars.sample b/terraform.backend.tfvars.sample
new file mode 100644
index 0000000..96bc928
--- /dev/null
+++ b/terraform.backend.tfvars.sample
@@ -0,0 +1,5 @@
+#vim:ft=hcl
+organization = "***"
+workspaces {
+  name = "***"
+}
diff --git a/terraform.data.tf b/terraform.data.tf
new file mode 100644
index 0000000..338dce3
--- /dev/null
+++ b/terraform.data.tf
@@ -0,0 +1,4 @@
+data "terraform_remote_state" "base" {
+  backend = var.remote_state_type
+  config  = var.remote_state_config
+}
diff --git a/terraform.locals.tf b/terraform.locals.tf
new file mode 100644
index 0000000..37c2db7
--- /dev/null
+++ b/terraform.locals.tf
@@ -0,0 +1,12 @@
+locals {
+
+  tenancy_id       = data.terraform_remote_state.base.outputs.tenancy_id
+  compartment_id   = data.terraform_remote_state.base.outputs.compartment_id
+  compartment_name = data.terraform_remote_state.base.outputs.compartment_name
+  default_tags = {
+    ManagedBy       = "iac/terraform"
+    "iac/source"    = var.iac_source
+    "iac/component" = var.iac_component
+  }
+  woodpecker_cache_iam_name = "woodpecker-cache-operator"
+}
diff --git a/terraform.outputs.tf b/terraform.outputs.tf
new file mode 100644
index 0000000..891c806
--- /dev/null
+++ b/terraform.outputs.tf
@@ -0,0 +1,21 @@
+output "s3_bucket_name" {
+  value = oci_objectstorage_bucket.woodpecker_cache.name
+}
+
+output "s3_endpoint" {
+  value = "https://${oci_objectstorage_bucket.woodpecker_cache.namespace}.compat.objectstorage.${var.oci_region}.oraclecloud.com"
+}
+
+output "s3_accss_key_id" {
+  value = oci_identity_customer_secret_key.woodpecker_cache.id
+}
+
+output "s3_secret_access_key" {
+  value     = oci_identity_customer_secret_key.woodpecker_cache.key
+  sensitive = true
+}
+
+output "s3_use_path_style" {
+  description = "Use path style access for S3. This is necessary for OCI object storage."
+  value       = true
+}
diff --git a/terraform.tf b/terraform.tf
new file mode 100644
index 0000000..d54090c
--- /dev/null
+++ b/terraform.tf
@@ -0,0 +1,15 @@
+terraform {
+  required_version = "~> 1.8.0"
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "~> 5.42.0"
+    }
+  }
+
+  backend "remote" {}
+}
+
+provider "oci" {
+  region = var.oci_region
+}
diff --git a/terraform.tfvars.sample b/terraform.tfvars.sample
new file mode 100644
index 0000000..429b2f7
--- /dev/null
+++ b/terraform.tfvars.sample
@@ -0,0 +1,9 @@
+#vim:ft=hcl
+oci_region       = "uk-london-1"
+remote_state_type = "remote"
+remote_state_config = {
+    organization = "***"
+    workspaces = {
+        name = "***"
+    }
+}
diff --git a/terraform.variables.tf b/terraform.variables.tf
new file mode 100644
index 0000000..d2ddc75
--- /dev/null
+++ b/terraform.variables.tf
@@ -0,0 +1,25 @@
+variable "oci_region" {
+  type = string
+}
+
+variable "iac_source" {
+  type        = string
+  default     = "git@git.bdeshi.space:bdeshi/terraform-oci-woodpecker-cache.git"
+  description = "Source of the iac config. used in various tags and metadata."
+}
+
+variable "iac_component" {
+  type        = string
+  default     = "oci-woodpecker-cache"
+  description = "Component name of the iac config. used in various tags and metadata."
+}
+
+variable "remote_state_type" {
+  type        = string
+  description = "The type of the remote state backend to fetch the compartment_id from"
+}
+
+variable "remote_state_config" {
+  type        = any
+  description = "The configuration of the remote state backend to fetch the compartment_id from"
+}