Step-by-Step Guide: OCI DevOps & Resource Manager Terraform Infrastructure Provisioning

 

Introduction

Infrastructure provisioning on Oracle Cloud Infrastructure (OCI) can be automated with Infrastructure as Code (IaC) using OCI DevOps, OCI Resource Manager, and Terraform — enabling CI/CD-driven deployments across environments.

In this blog, we’ll walk through a real-world, high level plan of provisioning OCI infrastructure using OCI DevOps build pipelines integrated with OCI Resource Manager (Plan & Apply).

High-Level Architecture

The overall workflow looks like this:

1. OCI DevOps Code Repository stores Terraform and pipeline artifacts

2. OCI DevOps Build Pipeline is triggered on code changes

3. Build Pipeline invokes OCI Resource Manager

4. Resource Manager runs Terraform Plan and Apply

5. Infrastructure is provisioned automatically

Step 1: Create OCI DevOps Code Repository

Start by creating a Code Repository inside your OCI DevOps Project. This repository will store:

• build_spec.yaml

• Terraform configuration files

Once created, clone the repository using Cloud Shell:

Authenticate using your OCI username and Auth Token.

Initially the repository will be blank and terraform codes will pushed to the repository using cloud shell.

Step 2: Create OCI DevOps Build Pipeline

Next, create a Build Pipeline in OCI DevOps. This pipeline will:

• Read Terraform artifacts

• Trigger OCI Resource Manager operations

You don’t need to configure all stages immediately; the pipeline will be connected later using triggers.

Step 3: Prepare Repository Structure

Organize your repository with a clean structure:

devops-repository/

├── build_spec.yaml

└── terraform/

└── resource_manager.tf

At present, the files are present locally in cloud shell but not on OCI Devops

Step 4: Upload Artifacts and Push to Repository

Add the Terraform and build specification files, then push them to the repository:

git add .

git commit -m "updated artifacts first time"--this will prompt for the username and password

git push -u origin main

Note:The build file has to be present in the root folder of the devops repository so that build pipeline can read it.

This ensures the build pipeline always pulls the latest Terraform configuration.

Step 5: Upload Terraform Artifacts to Object Storage

In this case, OCI Resource Manager requires Terraform configuration to be sourced from OCI Object Storage. You can also call resource manager directly from build pipeline.

1. Create an Object Storage bucket

2. Upload the Terraform artifacts (resource_manager.tf files)

Step 6: Create OCI Resource Manager Stack (CLI)

In this scenario, the stack cannot be created from the OCI Console. In such cases, use OCI CLI:

export compartment_id=<compartment_ocid>

export config_source_bucket_name=ORM_STACK

export config_source_namespace=<namespace>

export config_source_region=us-ashburn-1

export stack_display_name=ORM-STACK

export terraform_version=1.1.x

oci resource-manager stack create-from-object-storage \

--display-name $stack_display_name \

--compartment-id $compartment_id \

--config-source-bucket-name $config_source_bucket_name \

--config-source-namespace $config_source_namespace \

--config-source-region $config_source_region \

--terraform-version $terraform_version

Successful output returns the Stack OCID.

Step 7: Update build_spec.yaml

Update the build_spec.yaml file to reference the Resource Manager Stack OCID. This file defines:

• Build stages

• Resource Manager Plan

• Resource Manager Apply

This allows OCI DevOps to orchestrate Terraform execution automatically.

Step 8: Create Build Pipeline Trigger

Create a trigger that connects:

• Code Repository (main branch)

• Build Pipeline

Now, every git push automatically triggers infrastructure provisioning

Step 9: Commit and Trigger the Pipeline

Make final updates and push changes:

git add .

git commit -m "updated resource manager stack"

git push

Under the resource manager, we can see that both apply and plan jobs were triggered.

Note: In this case, the state file is internally being managed by Resource manager.

Thus every commit code pushed to devops will trigger the resource manager stack to create resources in OCI.

Benefits of This Approach

• Fully automated infrastructure provisioning

• Terraform state managed securely by OCI

• CI/CD driven infrastructure changes

• Repeatable, auditable deployments

• Reduced manual errors

---

Conclusion

By integrating OCI DevOps, OCI Resource Manager, and Terraform, you can achieve a powerful Infrastructure as Code (IaC) pipeline on Oracle Cloud. This setup is ideal for enterprises looking to standardize cloud provisioning with governance, automation, and scalability