Initial workshop commit - oci pulumi self service

oci-pulumi-self-service/00-backstage/.dockerignore

@@ -0,0 +1,2 @@
+Pulumi.yaml
+Pulumi.*.yaml

oci-pulumi-self-service/00-backstage/Pulumi.yaml

@@ -0,0 +1,140 @@
+name: 00-backstage
+runtime: yaml
+description: "Run Backstage on Oracle Cloud Container Instance"
+
+
+resources:
+  backstageBuild:
+    type: command:local:Command
+    properties:
+      dir: "./backstage"
+      create: "yarn install && yarn tsc && yarn build:backend"
+      update: "yarn install && yarn tsc && yarn build:backend"
+
+  backstageImage:
+    options:
+      version: v4.5.3
+      dependsOn:
+      - ${backstageBuild}
+    properties:
+      build:
+        context: ./backstage
+        platform: linux/amd64
+        builderVersion: BuilderBuildKit
+        dockerfile: ./backstage/packages/backend/Dockerfile
+      imageName: ${oci:region}.ocir.io/${backstageContainerRepository.namespace}/${backstageContainerRepository.displayName}
+      registry:
+        server: ${oci:region}.ocir.io
+        username: ${backstageContainerRepository.namespace}/${username}
+        password: ${auth-token}
+    type: docker:Image
+
+  backstageVcn:
+    type: oci:Core:Vcn
+    properties:
+      compartmentId: ${compartment_ocid}
+      cidrBlock: "10.0.0.0/16"
+      displayName: "Backstage VCN"
+      dnsLabel: "backstage"
+
+  backstageContainerRepository:
+    type: oci:Artifacts:ContainerRepository
+    properties:
+      compartmentId: ${compartment_ocid}
+      displayName: "backstage"
+      isPublic: true
+
+  backstageSecurityList:
+    type: oci:Core:SecurityList
+    properties:
+      compartmentId: ${compartment_ocid}
+      vcnId: ${backstageVcn.id}
+      displayName: "backstage-security-list"
+      ingressSecurityRules:
+      - protocol: "6"
+        sourceType: "CIDR_BLOCK"
+        source: "0.0.0.0/0"
+        tcpOptions:
+          max: 7007
+          min: 7007
+      egressSecurityRules:
+      - protocol: "6"
+        destinationType: "CIDR_BLOCK"
+        destination: "0.0.0.0/0"
+        description: "Allow access to container registry via HTTPS"
+        tcpOptions:
+          max: 443
+          min: 443
+
+  backstageSubnet:
+    type: oci:Core:Subnet
+    properties:
+      cidrBlock: "10.0.0.0/24"
+      compartmentId: ${compartment_ocid}
+      vcnId: ${backstageVcn.id}
+      displayName: "backstage-subnet"
+      dnsLabel: "containers"
+      securityListIds:
+      - ${backstageSecurityList.id}
+      routeTableId: ${backstageRouteTable.id}
+
+  backstageInternetGateway:
+    type: oci:Core:InternetGateway
+    properties:
+      compartmentId: ${compartment_ocid}
+      vcnId: ${backstageVcn.id}
+      displayName: "backstage-internet-gateway"
+      enabled: true
+
+  backstageRouteTable:
+    type: oci:Core:RouteTable
+    properties:
+      compartmentId: ${compartment_ocid}
+      vcnId: ${backstageVcn.id}
+      displayName: "backstage-route-table"
+      routeRules:
+      - destination: "0.0.0.0/0"
+        networkEntityId: ${backstageInternetGateway.id}
+
+  backstageContainerInstance:
+    type: oci:ContainerEngine:ContainerInstance
+    properties:
+      availabilityDomain: ${backstageAvailabilityDomains.availabilityDomains[0].name}
+      compartmentId: ${compartment_ocid}
+      displayName: "backstage-container-instance"
+      containerRestartPolicy: "ALWAYS"
+      shape: "CI.Standard.E4.Flex"
+      shapeConfig:
+        ocpus: 2
+        memoryInGbs: 16
+      vnics:
+      - subnetId: ${backstageSubnet.id}
+        displayName: "test-vnic"
+        isPublicIpAssigned: true
+        nsgIds: []
+      containers:
+      - imageUrl: ${backstageImage.repoDigest}
+        displayName: "backstage"
+        environmentVariables:
+          PULUMI_ACCESS_TOKEN: ${pulumi-pat}
+          GITHUB_TOKEN: ${github-token}
+        commands:
+        - "node"
+        arguments:
+        - "packages/backend"
+        - "--config"
+        - "app-config.yaml"
+
+outputs:
+  image: ${backstageImage.repoDigest}
+  backstageUrl: http://${backstageContainerInstancePublicIp.publicIpAddress}:7007
+
+
+variables:
+  backstageAvailabilityDomains:
+    fn::oci:Identity/getAvailabilityDomains:getAvailabilityDomains:
+      compartmentId: ${tenancy_ocid}
+
+  backstageContainerInstancePublicIp:
+    fn::oci:Core/getVnic:getVnic:
+      vnicId: ${backstageContainerInstance.vnics[0].vnicId}

oci-pulumi-self-service/00-backstage/backstage/.dockerignore

@@ -0,0 +1,8 @@
+.git
+.yarn/cache
+.yarn/install-state.gz
+node_modules
+packages/*/src
+packages/*/node_modules
+plugins
+*.local.yaml

oci-pulumi-self-service/00-backstage/backstage/.eslintignore

@@ -0,0 +1 @@
+playwright.config.ts

oci-pulumi-self-service/00-backstage/backstage/.eslintrc.js

@@ -0,0 +1,3 @@
+module.exports = {
+  root: true,
+};

oci-pulumi-self-service/00-backstage/backstage/.prettierignore

@@ -0,0 +1,4 @@
+dist
+dist-types
+coverage
+.vscode

oci-pulumi-self-service/00-backstage/backstage/README.md

@@ -0,0 +1,10 @@
+# [Backstage](https://backstage.io)
+
+This is your newly scaffolded Backstage App, Good Luck!
+
+To start the app, run:
+
+```sh
+yarn install
+yarn dev
+```

oci-pulumi-self-service/00-backstage/backstage/app-config.production.yaml

@@ -0,0 +1,39 @@
+app:
+  # Should be the same as backend.baseUrl when using the `app-backend` plugin.
+  baseUrl: http://localhost:7007
+
+backend:
+  # Note that the baseUrl should be the URL that the browser and other clients
+  # should use when communicating with the backend, i.e. it needs to be
+  # reachable not just from within the backend host, but from all of your
+  # callers. When its value is "http://localhost:7007", it's strictly private
+  # and can't be reached by others.
+  baseUrl: http://localhost:7007
+  # The listener can also be expressed as a single <host>:<port> string. In this case we bind to
+  # all interfaces, the most permissive setting. The right value depends on your specific deployment.
+  listen: ':7007'
+
+  # config options: https://node-postgres.com/api/client
+  database:
+    client: pg
+    connection:
+      host: ${POSTGRES_HOST}
+      port: ${POSTGRES_PORT}
+      user: ${POSTGRES_USER}
+      password: ${POSTGRES_PASSWORD}
+      # https://node-postgres.com/features/ssl
+      # you can set the sslmode configuration option via the `PGSSLMODE` environment variable
+      # see https://www.postgresql.org/docs/current/libpq-ssl.html Table 33.1. SSL Mode Descriptions (e.g. require)
+      # ssl:
+      #   ca: # if you have a CA file and want to verify it you can uncomment this section
+      #     $file: <file-path>/ca/server.crt
+
+auth:
+  providers:
+    guest: null
+
+catalog:
+  # Overrides the default list locations from app-config.yaml as these contain example data.
+  # See https://backstage.io/docs/features/software-catalog/#adding-components-to-the-catalog for more details
+  # on how to get entities into the catalog.
+  locations: []

oci-pulumi-self-service/00-backstage/backstage/app-config.yaml

@@ -0,0 +1,90 @@
+app:
+  title: Scaffolded Backstage App
+  baseUrl: http://localhost:7007
+
+organization:
+  name: My Company
+
+backend:
+  auth:
+    keys:
+    - secret: 'my-secret'
+  # Used for enabling authentication, secret is shared by all backend plugins
+  # See https://backstage.io/docs/auth/service-to-service-auth for
+  # information on the format
+  # auth:
+  #   keys:
+  #     - secret: ${BACKEND_SECRET}
+  baseUrl: http://localhost:7007
+  listen:
+    port: 7007
+    # Uncomment the following host directive to bind to specific interfaces
+    # host: 127.0.0.1
+  csp:
+    connect-src: ["'self'", 'http:', 'https:']
+    upgrade-insecure-requests: false
+    # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
+    # Default Helmet Content-Security-Policy values can be removed by setting the key to false
+  cors:
+    origin: http://localhost:7007
+    methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
+    credentials: true
+  # This is for local development only, it is not recommended to use this in production
+  # The production database configuration is stored in app-config.production.yaml
+  database:
+    client: better-sqlite3
+    connection: ':memory:'
+  # workingDirectory: /tmp # Use this to configure a working directory for the scaffolder, defaults to the OS temp-dir
+
+integrations:
+  github:
+    - host: github.com
+      # This is a Personal Access Token or PAT from GitHub. You can find out how to generate this token, and more information
+      # about setting up the GitHub integration here: https://backstage.io/docs/integrations/github/locations#configuration
+      token: ${GITHUB_TOKEN}
+    ### Example for how to add your GitHub Enterprise instance using the API:
+    # - host: ghe.example.net
+    #   apiBaseUrl: https://ghe.example.net/api/v3
+    #   token: ${GHE_TOKEN}
+
+proxy:
+  '/pulumi':
+    target: 'https://api.pulumi.com/api'
+    changeOrigin: true
+    headers:
+      Authorization: token ${PULUMI_ACCESS_TOKEN}
+      Accept: application/vnd.pulumi+8
+      Content-Type: application/json
+
+# Reference documentation http://backstage.io/docs/features/techdocs/configuration
+# Note: After experimenting with basic setup, use CI/CD to generate docs
+# and an external cloud storage when deploying TechDocs for production use-case.
+# https://backstage.io/docs/features/techdocs/how-to-guides#how-to-migrate-from-techdocs-basic-to-recommended-deployment-approach
+techdocs:
+  builder: 'local' # Alternatives - 'external'
+  generator:
+    runIn: 'docker' # Alternatives - 'local'
+  publisher:
+    type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives.
+
+auth:
+  # see https://backstage.io/docs/auth/ to learn about auth providers
+  providers:
+    # See https://backstage.io/docs/auth/guest/provider
+    guest:
+      dangerouslyAllowOutsideDevelopment: true
+scaffolder:
+  defaultCommitMessage: "OCI + Pulumi + Backstage = self service"
+  # see https://backstage.io/docs/features/software-templates/configuration for software template options
+
+catalog:
+  import:
+    entityFilename: catalog-info.yaml
+    pullRequestBranchName: backstage-integration
+  rules:
+    - allow: [Component, System, API, Resource, Location,Template,User,Group]
+  locations:
+    - type: url
+      target: https://github.com/enschilling/pulumi-backstage-templates/blob/main/oci-static-page/template.yaml
+      rules:
+      - allow: [Template]

oci-pulumi-self-service/00-backstage/backstage/backstage.json

@@ -0,0 +1,3 @@
+{
+  "version": "1.25.0"
+}

oci-pulumi-self-service/00-backstage/backstage/catalog-info.yaml

@@ -0,0 +1,13 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: backstage
+  description: An example of a Backstage application.
+  # Example for optional annotations
+  # annotations:
+  #   github.com/project-slug: backstage/backstage
+  #   backstage.io/techdocs-ref: dir:.
+spec:
+  type: website
+  owner: john@example.com
+  lifecycle: experimental

oci-pulumi-self-service/00-backstage/backstage/examples/entities.yaml

@@ -0,0 +1,41 @@
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-system
+apiVersion: backstage.io/v1alpha1
+kind: System
+metadata:
+  name: examples
+spec:
+  owner: guests
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-component
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: example-website
+spec:
+  type: website
+  lifecycle: experimental
+  owner: guests
+  system: examples
+  providesApis: [example-grpc-api]
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-api
+apiVersion: backstage.io/v1alpha1
+kind: API
+metadata:
+  name: example-grpc-api
+spec:
+  type: grpc
+  lifecycle: experimental
+  owner: guests
+  system: examples
+  definition: |
+    syntax = "proto3";
+
+    service Exampler {
+      rpc Example (ExampleMessage) returns (ExampleMessage) {};
+    }
+
+    message ExampleMessage {
+      string example = 1;
+    };

oci-pulumi-self-service/00-backstage/backstage/examples/org.yaml

@@ -0,0 +1,17 @@
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
+apiVersion: backstage.io/v1alpha1
+kind: User
+metadata:
+  name: guest
+spec:
+  memberOf: [guests]
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-group
+apiVersion: backstage.io/v1alpha1
+kind: Group
+metadata:
+  name: guests
+spec:
+  type: team
+  children: []

oci-pulumi-self-service/00-backstage/backstage/examples/template/content/catalog-info.yaml

@@ -0,0 +1,8 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: ${{ values.name | dump }}
+spec:
+  type: service
+  owner: user:guest
+  lifecycle: experimental

oci-pulumi-self-service/00-backstage/backstage/examples/template/content/index.js

@@ -0,0 +1 @@
+console.log('Hello from ${{ values.name }}!');