oracle-devrel · MarcGueury · Jun 8, 2026 · May 7, 2026 · May 12, 2026 · May 12, 2026
diff --git a/basis/bin/compute/compute_install.sh b/basis/bin/compute/compute_install.sh
@@ -40,6 +40,9 @@ EOT
 
     # Resize the boot volume (if >47GB)
     sudo /usr/libexec/oci-growfs -y
+
+    # Workaround : Force the ol8_oci_included (sometimes it is deactivated)
+    sudo dnf config-manager --enable ol8_oci_included
 fi
 
 if ! grep -q "# Build Bastion" $HOME/.bashrc; then
@@ -69,6 +72,9 @@ if ! grep -q "# Build Bastion" $HOME/.bashrc; then
         cp $HOME/compute/git/post-receive ~/app.git/hooks
         chmod +x ~/app.git/hooks/post-receive
         chmod +x ~/app.git/hooks/post-receive
+
+        # Cline CLI
+        install_cline_cli        
     fi
 fi
 

diff --git a/basis/bin/compute/rebuild.sh b/basis/bin/compute/rebuild.sh
@@ -5,9 +5,11 @@ start_time=$(date +%s)
 . ./shared_compute.sh
 title "Rebuild (in alphabetical order)"
 
-TARGET_OKE="$HOME/target/oke"
-mkdir -p $TARGET_OKE
-export DOCKER_LOGGED=false
+if [ "$TF_VAR_build_host" == "bastion" ]; then 
+    TARGET_OKE="$HOME/target/oke"
+    mkdir -p $TARGET_OKE
+    export DOCKER_LOGGED=false
+fi
 
 chmod +x */*.sh
 

diff --git a/basis/bin/compute/shared_compute.sh b/basis/bin/compute/shared_compute.sh
@@ -150,11 +150,21 @@ install_java() {
     if [ "$TF_VAR_build_host" == "bastion" ]; then 
         # sudo dnf install -y maven
         if [ ! -d $HOME/maven ]; then
-            MVN_VERSION=3.9.15
-            wget https://dlcdn.apache.org/maven/maven-3/$MVN_VERSION/binaries/apache-maven-$MVN_VERSION-bin.tar.gz
-            tar xfz apache-maven-$MVN_VERSION-bin.tar.gz
-            mv apache-maven-$MVN_VERSION $HOME/maven
-            rm apache-maven-$MVN_VERSION-bin.tar.gz
+            BASE_URL="https://dlcdn.apache.org/maven/maven-3"
+            LATEST_VERSION=$(
+                wget -qO- "$BASE_URL/" |
+                grep -oE 'href="[0-9]+\.[0-9]+\.[0-9]+/' |
+                sed 's|href="||;s|/||' |
+                sort -V |
+                tail -1
+            )
+            FILE="apache-maven-${LATEST_VERSION}-bin.tar.gz"
+            URL="${BASE_URL}/${LATEST_VERSION}/binaries/${FILE}"
+            echo "Downloading Maven ${LATEST_VERSION}..."
+            wget -nv "$URL"
+            tar xfz $FILE
+            mv apache-maven-${LATEST_VERSION} $HOME/maven
+            rm $FILE
             export PATH=$HOME/maven/bin:$PATH
             echo "export PATH=$HOME/maven/bin:$PATH" >> $HOME/.bashrc 
         fi
@@ -391,9 +401,9 @@ install_ngnix() {
 
     # Default: location /app/ { proxy_pass http://localhost:8080 }
     if [ -f nginx_app.locations ]; then
-        cp nginx_app.locations $TARGET_DIR/nginx_app.locations
-        file_replace_variables $TARGET_DIR/nginx_app.locations
-        sudo cp $TARGET_DIR/nginx_app.locations /etc/nginx/conf.d/.
+        cp nginx_app.locations /tmp/nginx_app.locations
+        file_replace_variables /tmp/nginx_app.locations
+        sudo cp /tmp/nginx_app.locations /etc/nginx/conf.d/.
         if grep -q nginx_app /etc/nginx/nginx.conf; then
             echo "Include nginx_app.locations is already there"
         else
@@ -434,6 +444,31 @@ install_ngnix() {
 }
 export -f install_ngnix 
 
+# -- install_nodejs -----------------------------------------------------
+
+install_nodejs() {
+    sudo dnf module enable -y nodejs:20
+    sudo dnf module install -y nodejs
+}
+export -f install_nodejs     
+
+# -- install_cline_cli -----------------------------------------------------
+# https://docs.cline.bot/cline-cli/installation
+
+install_cline_cli() {
+    install_nodejs
+    sudo npm install -g cline
+    cline version
+    if [ "$TF_VAR_genai_api_key" == "" ] || [ "$TF_VAR_genai_model" == "" ] || [ "$TF_VAR_region" == "" ]; then
+        echo "<install_cline_cli> SKIP: Missing variables TF_VAR_genai_api_key=$TF_VAR_genai_api_key / TF_VAR_genai_model=$TF_VAR_genai_model / TF_VAR_region=$TF_VAR_region"
+    else 
+        # cline auth -p openai -k $TF_VAR_genai_api_key -b https://inference.generativeai.${TF_VAR_region}.oci.oraclecloud.com -m $TF_VAR_genai_model
+        cline auth -p openai -k $TF_VAR_genai_api_key -b https://inference.generativeai.${TF_VAR_region}.oci.oraclecloud.com -m openai.gpt-oss-120b
+    fi 
+    # xai.grok-4-1-fast-non-reasoning
+}
+export -f install_cline_cli 
+
 # -- Install Docker tools ---------------------------------------------------
 
 install_docker_tools() {
@@ -636,3 +671,34 @@ build_rsync() {
     fi    
 }
 export -f build_rsync
+
+# -- livelab_oci_config ------------------------------------------------------------
+
+# Create a OCI Config for LiveLab (that does not support instance principal)
+livelab_oci_config()
+{
+   if [ "$LIVELABS" != "" ]; then
+     mkdir -p $HOME/.oci
+
+     # OCI Config file
+     cat > $HOME/.oci/config << EOF
+[DEFAULT]
+user=$TF_VAR_current_user_ocid
+fingerprint=$FINGERPRINT
+tenancy=$TF_VAR_tenancy_ocid
+region=$TF_VAR_region
+key_file=/home/opc/.oci/oci_api_key.pem
+EOF
+     echo "livelab_oci_config: .oci/config created"
+
+     # oci_api_key.pem
+     cat > $HOME/.oci/oci_api_key.pem << EOF
+$OCI_API_KEY_PEM
+OCI_API_KEY
+
+EOF
+    chmod 600 $HOME/.oci/config
+    chmod 600 $HOME/.oci/oci_api_key.pem
+  fi
+}
+export -f livelab_oci_config
diff --git a/basis/bin/config.sh b/basis/bin/config.sh
@@ -164,6 +164,45 @@ if declare -p | grep -q "__TO_FILL__"; then
         fi      
     fi
 
+    # PUBLIC_IP_FILTER
+    if [ "$TF_VAR_public_ip_filter" == "__TO_FILL__" ]; then
+        title "Config - Public IP Filter"
+        echo "The setup will include an Internet Gateway that allows HTTP and HTTPS traffic on ports 80 and 443 from the internet."
+        echo "What is the IP Range of the machines who can access these ports:"
+        echo "[1] all the machines on the internet -> 0.0.0.0/0"
+        echo "[2] just my laptop"
+        echo "[3] other"
+        read -rp "Choose an option [1-3]: " choice
+
+        case "$choice" in
+            1)
+                export TF_VAR_public_ip_filter="0.0.0.0/0"
+                ;;
+            2)
+                echo ""
+                echo "Open a browser and find your public IP address using a site like:"
+                echo "  https://ifconfig.me"
+                echo "  https://whatismyipaddress.com"
+                echo ""
+
+                read -rp "Enter your public IP address: " USER_IP
+                export TF_VAR_public_ip_filter="${USER_IP}/32"
+                ;;
+            3)
+                read -rp "Enter the IP range (example: 192.168.1.0/24): " IP_RANGE
+                export TF_VAR_public_ip_filter="$IP_RANGE"
+                ;;
+            *)
+                echo "Invalid option."
+                exit 1
+                ;;
+        esac
+
+        echo "TF_VAR_public_ip_filter=${TF_VAR_public_ip_filter}"
+        store_terraform_tfvars public_ip_filter $TF_VAR_public_ip_filter 
+    fi
+
+
     # LICENSE_MODEL
     if [ "$TF_VAR_license_model" == "__TO_FILL__" ]; then
         title "Config - License Model"  
@@ -269,6 +308,7 @@ if declare -p | grep -q "__TO_FILL__"; then
     read_ocid TF_VAR_fnapp_ocid "Function Application" ocid1.fnapp
     read_ocid TF_VAR_log_group_ocid "Log Group" ocid1.loggroup
     read_ocid TF_VAR_bastion_ocid "Bastion Instance" ocid1.instance
+    read_ocid TF_VAR_project_ocid "Generative AI Project" ocid1.generativeaiproject
     # ? # read_ocid TF_VAR_vault_secret_authtoken_ocid "Enter your Private Subnet OCID" ocid1.subnet
 
     # -- terraform.tfvars

diff --git a/basis/bin/config_oke.sh b/basis/bin/config_oke.sh
@@ -50,7 +50,7 @@ if [ ! -f $KUBECONFIG ]; then
         kubectl apply -f src/oke/gateway.yaml
         # Wait 
         echo "Waiting for Gateway to be ready..."
-        kubectl wait --for=condition=Programmed gateway/oke-gateway -n default --timeout=120s
+        kubectl wait --for=condition=Programmed gateway/oke-gateway -n gateway --timeout=120s
         exit_on_error "Gateway Programmed State"
 
         # Get the IP

diff --git a/basis/bin/deploy_bastion.j2.sh b/basis/bin/deploy_bastion.j2.sh
@@ -33,21 +33,44 @@ function setup_bastion_dir() {
         cp -R src/app/db $BASTION_DIR/app/.
     fi
     cp $TARGET_DIR/tf_env.sh $BASTION_DIR/compute/.
+
+    if [ "$TF_VAR_deploy_type" == "public_compute" ]; then
+        if [ -d src/compute ]; then 
+            cp -R src/compute/* $BASTION_DIR/.
+        fi
+    fi
 }
 
 function scp_bastion() {
-    scp_or_rsync $BASTION_DIR/compute    
-    RESULT=$?
+    {%- if test_name and deploy_type!="public_compute" %}
+    # If 
+    # - During TestSuite
+    # - Public_compute got his own bastion (=compute) and does not need to lock it.
+    # - Build is done on Bastion
+    # - This takes as condition that an normal build did happen on the bastion before and has copied the compute/test_bastion_lock.sh before
+    # Get Lock CleanUp
+    ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "echo"   
+    RESULT=$?       
     if [ $RESULT -eq 0 ]; then
-        echo "Success - scp $BASTION_DIR/compute"
+        echo "Success - SSH Bastion"
     else
         return 1 
-    fi  
-    {%- if test_name %}
-    # Get Lock CleanUp
-    ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/test_bastion_lock.sh $TEST_NAME"          
+    fi
+    ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/test_bastion_lock.sh $TEST_NAME"   
+    RESULT=$?       
+    if [ $RESULT -eq 0 ]; then
+        echo "Success - lock $BASTION_DIR"
+    else
+        echo "Warning - lock failed $BASTION_DIR"
+    fi
     {%- endif %}
-    scp_or_rsync $BASTION_DIR/app
+    scp_or_rsync "$BASTION_DIR/*"
+    RESULT=$?
+    if [ $RESULT -eq 0 ]; then
+        echo "Success - scp $BASTION_DIR"
+    else
+        return 1 
+    fi
 }
 
 # Try 5 times to copy the files / wait 5 secs between each try
@@ -66,5 +89,5 @@ while [ true ]; do
     i=$(($i+1))
 done
 
-ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "bash compute/compute_install.sh 2>&1 | tee compute/compute_install.log"
-exit_on_error "Deploy Bastion - ssh"
+ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$BASTION_IP "set -o pipefail; bash compute/compute_install.sh 2>&1 | tee compute/compute_install.log"
+exit_on_error "Deploy Bastion - ssh"
diff --git a/basis/bin/deploy_compute.sh b/basis/bin/deploy_compute.sh
@@ -11,7 +11,11 @@ echo "COMPUTE_IP=$COMPUTE_IP"
 # Create the target/compute directory
 cp $TARGET_DIR/tf_env.sh $TARGET_DIR/compute/compute/.
 
+if -d src/compute; then 
+    cp -R src/compute/* $TARGET_DIR/compute/.
+fi
+
 scp_via_bastion "target/compute/*" opc@$COMPUTE_IP:/home/opc/.
-ssh -o StrictHostKeyChecking=no -oProxyCommand="$BASTION_PROXY_COMMAND" opc@$COMPUTE_IP "bash compute/compute_install.sh 2>&1 | tee compute/compute_install.log"
+ssh -o StrictHostKeyChecking=no -oProxyCommand="$BASTION_PROXY_COMMAND" opc@$COMPUTE_IP "set -o pipefail; bash compute/compute_install.sh 2>&1 | tee compute/compute_install.log"
 exit_on_error "Deploy Compute - ssh"
 
diff --git a/basis/src/app/rest/k8s-httproute.j2.yaml b/basis/src/app/rest/k8s-httproute.j2.yaml
@@ -88,4 +88,15 @@ spec:
     tls:
       mode: SIMPLE
       sni: ##ORDS_HOST##
+---
+apiVersion: networking.istio.io/v1beta1
+kind: DestinationRule
+metadata:
+  name: ##TF_VAR_prefix##-destination-rule2
+spec:
+  host: ##TF_VAR_prefix##-rest-service
+  trafficPolicy:
+    tls:
+      mode: SIMPLE
+      sni: ##ORDS_HOST##
 {%- endif %}      
diff --git a/basis/src/terraform/build.j21.tf b/basis/src/terraform/build.j21.tf
@@ -73,7 +73,7 @@ resource "null_resource" "build_deploy" {
     command = <<-EOT
         cd ${local.project_dir}
         export CALLED_BY_TERRAFORM="true"
-        . ./starter.sh env        
+        . ./starter.sh env -silent        
         # pwd
         # ls -al target
         # cat target/terraform.tfstate
@@ -97,7 +97,7 @@ resource "null_resource" "build_deploy" {
         fi
 
         # Build all apps
-        if [ "$TF_VAR_build_host" == "terraform" ]; then
+        if [ "$TF_VAR_build_host" != "bastion" ]; then
             for APP_NAME in `app_name_list_build`; do
                 src/app/$APP_NAME/build.sh
                 exit_on_error "Build App $APP_NAME"
@@ -160,7 +160,7 @@ resource "null_resource" "after_build" {
     command = <<-EOT
         cd ${local.project_dir}    
         export CALLED_BY_TERRAFORM="true"        
-        . ./starter.sh env    
+        . ./starter.sh env -silent
         if [ "$TF_VAR_tls" != "" ]; then
             title "Certificate - Post Deploy"
             certificate_post_deploy 

diff --git a/option/oke/gateway.j2.yaml b/option/oke/gateway.j2.yaml
@@ -1,8 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gateway
+---
 apiVersion: gateway.networking.k8s.io/v1
 kind: Gateway
 metadata:
   name: oke-gateway
-  namespace: default
+  namespace: gateway
   annotations:
     # OCI specific annotation for Network Load Balancer (Layer 4)
     oci.oraclecloud.com/load-balancer-type: "nlb"

diff --git a/option/src/app/java_helidon4/rest/pom.j2.xml b/option/src/app/java_helidon4/rest/pom.j2.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>io.helidon.applications</groupId>
         <artifactId>helidon-mp</artifactId>
-        <version>4.0.0</version>
+        <version>4.4.1</version>
         <relativePath/>
     </parent>
     <groupId>helidon</groupId>