Skip to content
Oore

Architecture

Oore is a self-hosted CI/CD platform designed to run on dedicated Mac hardware. It’s built with Rust for the backend and Next.js for the web dashboard.

System Overview

┌─────────────────────────────────────────────────────────────────────┐
│                              Oore Platform                          │
├─────────────────────────────────────────────────────────────────────┤
│                                                                     │
│  ┌──────────┐     ┌──────────────┐     ┌────────────────────────┐  │
│  │   oore   │────▶│    oored     │────▶│   Build Executor       │  │
│  │   CLI    │     │   (server)   │     │   (macOS/Linux)        │  │
│  └──────────┘     └──────────────┘     └────────────────────────┘  │
│       │                  │                         │               │
│       │           ┌──────┴──────┐                  │               │
│       │           │             │                  │               │
│       │           ▼             ▼                  ▼               │
│       │     ┌──────────┐  ┌──────────┐    ┌──────────────────┐    │
│       │     │  SQLite  │  │ Webhooks │    │  Artifacts/Logs  │    │
│       │     │    DB    │  │ (GitHub/ │    │  (/var/lib/oore) │    │
│       │     └──────────┘  │  GitLab) │    └──────────────────┘    │
│       │                   └──────────┘                             │
│       │                                                            │
│       │     ┌──────────────────────────────────────────────────┐  │
│       └────▶│                   REST API                        │  │
│             └──────────────────────────────────────────────────┘  │
│                                    ▲                               │
│                                    │                               │
│             ┌──────────────────────┴───────────────────────────┐  │
│             │              Next.js Dashboard                    │  │
│             └──────────────────────────────────────────────────┘  │
│                                                                     │
└─────────────────────────────────────────────────────────────────────┘

Components

oore-core

Shared library with database layer, models, crypto, and webhook handling.

oore-server (oored)

HTTP server daemon with Axum, REST API, and background worker.

oore-cli (oore)

Command-line client for repository and build management.

web (Next.js)

Web dashboard with shadcn/ui components (in development).

oore-core

The shared library containing:

  • Database layer: SQLx with SQLite, automatic migrations
  • Models: Repository, Build, WebhookEvent, Provider types
  • Crypto: HMAC verification, AES-256-GCM encryption
  • Webhook handling: Signature verification, payload parsing
  • Provider configs: GitHub App, GitLab OAuth

oore-server (oored)

The HTTP server daemon:

  • Framework: Axum web framework
  • Routes: REST API endpoints
  • State: Database pool, configuration, provider configs
  • Worker: Background webhook processor
  • Service management: Install/start/stop as system service

oore-cli (oore)

Command-line client:

  • Framework: Clap for argument parsing
  • HTTP client: Reqwest for API calls
  • Commands: Repository, build, webhook management

Data Flow

Webhook Processing

GitHub/GitLab                    oored                       Build Executor
     │                            │                               │
     │  POST /webhooks/github     │                               │
     ├───────────────────────────▶│                               │
     │                            │ 1. Verify signature           │
     │                            │ 2. Store event                │
     │                            │ 3. Queue for processing       │
     │         {"status":"ok"}    │                               │
     │◀───────────────────────────┤                               │
     │                            │                               │
     │                            │ 4. Process in background      │
     │                            │ 5. Create build record        │
     │                            │ 6. Execute build              │
     │                            ├──────────────────────────────▶│

Design Decisions

Why Rust?

  • Performance: Handles concurrent builds efficiently
  • Safety: Memory safety without garbage collection
  • Single binary: Easy deployment, no runtime dependencies
  • Cross-platform: Builds for macOS and Linux from same codebase

Why SQLite?

  • Simplicity: No separate database server to manage
  • Portability: Single file, easy backup/migration
  • Performance: WAL mode provides excellent read/write performance

Why ULID for IDs?

BenefitDescription
SortableLexicographically sortable by timestamp
Unique128-bit random component
URL-safeNo special characters
ReadableEasier to work with than UUIDs

Example: 01HNJX5Q9T3WP2V6Z8K4M7YRBF

Why Async Webhook Processing?

GitHub requires webhook responses within 10 seconds. Processing might take longer, so:

  1. Receive webhook, verify signature
  2. Store event in database immediately
  3. Return success response
  4. Process in background worker

Security Model

Secrets Storage

SecretStorageProtection
Admin tokenEnvironmentFile permissions (0600)
Encryption keyEnvironmentFile permissions (0600)
GitHub webhook secretEnvironmentFile permissions (0600)
GitLab webhook tokensDatabaseHMAC-SHA256 (not plaintext)
OAuth tokensDatabaseAES-256-GCM encryption

File Layout

oore.build/
├── crates/
│   ├── oore-core/           # Shared library
│   │   ├── migrations/      # Database migrations
│   │   └── src/
│   ├── oore-server/         # Server daemon
│   │   └── src/
│   └── oore-cli/            # CLI client
│       └── src/
├── web/                     # Next.js dashboard
├── docs/                    # Documentation (Starlight)
└── landing/                 # Marketing site (Astro)