oracle · gotsysdba · Jul 1, 2025 · Jul 1, 2025 · Jul 1, 2025 · Jul 1, 2025
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -9,6 +9,7 @@ on:
     paths:
       - "docs/**"
       - "helm/**"
+      - ".github/workflows/documentation.yml"
 
   # Allows running this workflow manually
   workflow_dispatch:

diff --git a/.github/workflows/opentofu.yml b/.github/workflows/opentofu.yml
@@ -0,0 +1,43 @@
+# Workflow for validating Infrastructure as Code
+name: Validate Infrastructure as Code
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+    # Limit runs to only when opentofu changes
+    paths:
+      - "opentofu/**"
+      - ".github/workflows/opentofu.yml"
+
+  # Allows running this workflow manually
+  workflow_dispatch:
+
+jobs:
+  check:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    container:
+      image: hashicorp/terraform:latest
+    # Block merging if the job fails
+    permissions:
+      pull-requests: write
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Initialize Infrastructure as Code
+        working-directory: ./opentofu
+        run: terraform init -backend=false
+
+      - name: Validate Infrastructure as Code
+        working-directory: ./opentofu
+        run: terraform validate
+
+      - name: Validate Infrastructure as Code formatting
+        working-directory: ./opentofu
+        run: terraform fmt -recursive -check
diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml
@@ -20,11 +20,13 @@ jobs:
       docker:
         image: docker:latest
         options: --privileged
+    # Block merging if the job fails
+    permissions:
+      pull-requests: write
 
     steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
+      - name: Checkout Code
+        uses: actions/checkout@v4
 
       - uses: docker/setup-buildx-action@v3
         with:
@@ -53,7 +55,3 @@ jobs:
 
       - name: Run All Tests
         run: pytest
-
-    # Block merging if the job fails
-    permissions:
-      pull-requests: write
diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml
@@ -26,7 +26,7 @@ jobs:
             exit 1
           fi
 
-      - name: Checkout repository
+      - name: Checkout Code
         uses: actions/checkout@v4
 
       - name: Build and Push Infrastructure as Code

diff --git a/opentofu/main.tf b/opentofu/main.tf
@@ -92,9 +92,11 @@ module "vm" {
   adb_password          = local.adb_password
   streamlit_client_port = local.streamlit_client_port
   fastapi_server_port   = local.fastapi_server_port
+  vm_is_gpu_shape       = var.vm_is_gpu_shape
   compute_os_ver        = var.compute_os_ver
   compute_cpu_ocpu      = var.compute_cpu_ocpu
   compute_cpu_shape     = var.compute_cpu_shape
+  compute_gpu_shape     = var.compute_gpu_shape
   availability_domains  = local.availability_domains
   private_subnet_id     = module.network.private_subnet_ocid
   providers = {

diff --git a/opentofu/modules/vm/data.tf b/opentofu/modules/vm/data.tf
@@ -7,12 +7,14 @@
 data "oci_core_images" "images" {
   compartment_id   = var.compartment_id
   operating_system = "Oracle Linux"
-  shape            = var.compute_cpu_shape
+  shape            = local.vm_compute_shape
 
   filter {
-    name   = "display_name"
-    values = ["Oracle-Linux-${var.compute_os_ver}-.*"]
-    regex  = true
+    name = "display_name"
+    values = [
+      var.vm_is_gpu_shape ? "Oracle-Linux-${var.compute_os_ver}-.*(GPU|NVIDIA|A10).*" : "Oracle-Linux-${var.compute_os_ver}-.*"
+    ]
+    regex = true
   }
 
   sort_by    = "TIMECREATED"
@@ -29,4 +31,38 @@ data "oci_core_services" "core_services" {
     values = ["All .* Services In Oracle Services Network"]
     regex  = true
   }
+}
+
+data "cloudinit_config" "workers" {
+  gzip          = true
+  base64_encode = true
+
+  # Expand root filesystem to fill available space on volume
+  part {
+    content_type = "text/cloud-config"
+    content = jsonencode({
+      # https://cloudinit.readthedocs.io/en/latest/reference/modules.html#growpart
+      growpart = {
+        mode                     = "auto"
+        devices                  = ["/"]
+        ignore_growroot_disabled = false
+      }
+
+      # https://cloudinit.readthedocs.io/en/latest/reference/modules.html#resizefs
+      resize_rootfs = true
+
+      # Resize logical LVM root volume when utility is present
+      bootcmd = ["if [[ -f /usr/libexec/oci-growfs ]]; then /usr/libexec/oci-growfs -y; fi"]
+    })
+    filename   = "10-growpart.yml"
+    merge_type = "list(append)+dict(no_replace,recurse_list)+str(append)"
+  }
+
+  # Startup Initialisation
+  part {
+    content_type = "text/x-shellscript"
+    content      = local.cloud_init
+    filename     = "50-custom-init.sh"
+    merge_type   = "list(append)+dict(no_replace,recurse_list)+str(append)"
+  }
 }
diff --git a/opentofu/modules/vm/locals.tf b/opentofu/modules/vm/locals.tf
@@ -10,4 +10,6 @@ locals {
     db_name        = var.adb_name
     db_password    = var.adb_password
   })
+
+  vm_compute_shape = var.vm_is_gpu_shape ? var.compute_gpu_shape : var.compute_cpu_shape
 }
diff --git a/opentofu/modules/vm/main.tf b/opentofu/modules/vm/main.tf
@@ -60,15 +60,18 @@ resource "oci_core_instance" "instance" {
   compartment_id      = var.compartment_id
   display_name        = format("%s-compute", var.label_prefix)
   availability_domain = var.availability_domains[0]
-  shape               = var.compute_cpu_shape
-  shape_config {
-    memory_in_gbs = var.compute_cpu_ocpu * 16
-    ocpus         = var.compute_cpu_ocpu
+  shape               = local.vm_compute_shape
+  dynamic "shape_config" {
+    for_each = var.vm_is_gpu_shape ? [] : [1]
+    content {
+      memory_in_gbs = var.compute_cpu_ocpu * 16
+      ocpus         = var.compute_cpu_ocpu
+    }
   }
   source_details {
     source_type             = "image"
     source_id               = data.oci_core_images.images.images[0].id
-    boot_volume_size_in_gbs = 50
+    boot_volume_size_in_gbs = 100
   }
   agent_config {
     are_all_plugins_disabled = false
@@ -85,7 +88,7 @@ resource "oci_core_instance" "instance" {
     nsg_ids          = [oci_core_network_security_group.compute.id]
   }
   metadata = {
-    user_data = "${base64encode(local.cloud_init)}"
+    user_data = data.cloudinit_config.workers.rendered
   }
   lifecycle {
     create_before_destroy = true

diff --git a/opentofu/modules/vm/variables.tf b/opentofu/modules/vm/variables.tf
@@ -32,6 +32,11 @@ variable "vcn_id" {
 variable "private_subnet_id" {
   type = string
 }
+
+variable "vm_is_gpu_shape" {
+  type = bool
+}
+
 variable "compute_os_ver" {
   type = string
 }
@@ -44,6 +49,10 @@ variable "compute_cpu_ocpu" {
   type = number
 }
 
+variable "compute_gpu_shape" {
+  type = string
+}
+
 variable "adb_name" {
   type = string
 }