Opinionated Terraform for Oracle Cloud Infrastructure that provisions a free-tier friendly A1 Flex instance with networking and storage. Includes a ready-to-run GitHub Actions workflow.
- Overview
- Architecture at a glance
- Features
- Prerequisites
- Automated deployment with GitHub Actions
- Quick start
- Troubleshooting
- Licence
- Security
- Contributing
- Support
This module provisions an Oracle Cloud Infrastructure environment tailored to the free-tier allowances. It creates compute, networking and storage to run useful workloads at zero cost where available.
The stack deploys:
- 1x VM.Standard.A1.Flex instance with 4 OCPUs and 24 GB RAM
- 100 GB boot volume plus an additional 100 GB block volume
- A Virtual Cloud Network with subnets, security lists and an internet gateway
- Terraform defines:
- VCN, public subnets, security lists and internet gateway
- One A1 Flex compute instance
- One attached block volume
- Opinionated security lists for typical access patterns
- Outputs expose public IP and key resource identifiers
- Free-tier friendly shapes and sizes
- Baseline networking with public access where required
- Automated plan and apply via GitHub Actions
- Automatic clean-up on failure to keep the tenancy tidy
- Oracle Cloud Infrastructure account
- Terraform 1.6 or newer
- OCI API credentials stored as GitHub Secrets
| Secret name | Description |
|---|---|
PAT_TOKEN |
Personal access token used by the pipeline to check out the repository |
PKEY |
OCI SSH private key |
TENANCY_OCID |
OCID of your tenancy |
USER_OCID |
OCID of your user |
FP |
Fingerprint for the user’s API key |
SSH_PUB_KEY |
SSH public key added to the instance for access |
The workflow Execute OCI Pipeline performs the following:
- Checks out the repository to the GitHub runner
- Sets up Node.js and the Terraform CLI
- Configures the SSH private key and Terraform variables from GitHub Secrets
- Initialises Terraform, creates a plan and applies it
- On failure, automatically destroys provisioned resources to return to a clean state
The root main.tf is the entry point used by the workflow. It wires the module, variables and any provisioners. As part of instance initialisation it updates packages and installs Docker and Docker Compose.
When the workflow completes successfully, the public IP is shown in the Terraform outputs. Connect using:
- Username:
opc - Authentication: your SSH key corresponding to
SSH_PUB_KEY
- Fork or clone this repository into your GitHub account.
- Add the GitHub Secrets listed above in your repository settings.
- Review
main.tfand variables for region, compartment and any tags. - Open the Actions tab, select Execute OCI Pipeline, provide inputs and run it.
- Use the outputs to SSH to the instance as
opc.
- Apply failed or timed out
Check Actions logs for missing or incorrect secrets. Confirm tenancy, compartment and region values. - Cannot SSH
EnsureSSH_PUB_KEYmatches your private key and that security lists allow ingress from your IP. - Quota or capacity constraints
Free-tier entitlements and regional capacity can vary. Try another region or adjust shapes.
This project is licensed under the MIT Licence. See the LICENCE file for details.
If you discover a security issue, please review and follow the guidance in SECURITY.md, or open a private security-focused issue with minimal details and request a secure contact channel.
Feel free to open issues or submit pull requests if you have suggestions or improvements.
See CONTRIBUTING.md
Open an issue with as much detail as possible, including your tenancy region, the workflow you ran and relevant Terraform logs.
