Public Alpha (v0.1.x)
Oore CI is in public alpha.
- Expect breaking changes (APIs, config formats, and CLI flags) between
v0.1.xreleases. - We still publish a
stablechannel to mean “the default install/update channel”, not “1.0 production maturity”.
If you’re evaluating Oore CI, this page is the shortest path to your first green build.
Before broader rollout, review: Known Alpha Limitations.
Release Channels
Oore CI uses three release channels to balance stability and velocity.
| Channel | Frequency | Stability | Recommended For |
|---|---|---|---|
| stable | ~Weekly | Highest | Typical evaluation and production usage. |
| beta | ~Daily | Moderate | Previewing upcoming features. |
| alpha | Per-commit | Experimental | Testing bug fixes or contributing code. |
Install/Update Examples
# Install stable (default)
curl -fsSL https://oore.build/install | bash
# Install alpha
curl -fsSL https://oore.build/install | OORE_CHANNEL=alpha bash
# Update to latest on your current channel
oore updateAuth‑mode decision table
Choosing the right authentication mode depends on where you access your daemon from.
| Mode | Access | Auth | Use Case |
|---|---|---|---|
| Local-only | 127.0.0.1 | None | Local eval |
| Remote (OIDC) | HTTPS | OIDC | Team Dashboards |
| Remote (Proxy) | Proxy/IAP | Headers | Private/Ent |
The two supported onboarding paths
Choosing the right path depends on your environment and whether your daemon is reachable from the public internet.
| Path | Use When | Requirements | Tradeoffs |
|---|---|---|---|
| Local-first | Fast local eval | macOS, loopback | No remote access |
| Hosted UI | Teams & Remote | macOS, HTTPS, OIDC | Needs tunnel + OIDC |
Path A: Local-first (no HTTPS required)
Best when you want to try it on a single Mac first.
- Install:
curl -fsSL https://oore.build/install | bash- Start the daemon:
oored run- Complete setup from the CLI:
oore setup
Continue with:
Path B: Hosted UI (requires an HTTPS-reachable backend URL)
Best when you want the hosted UI at https://ci.oore.build from day one.
Important constraint: Browsers block https pages (like ci.oore.build) from making requests to http://127.0.0.1 or other http origins. You must provide an https:// URL for your backend.
- Install + start the daemon as above.
- Make your backend reachable over HTTPS (for example, via a tunnel):
cloudflared tunnel --url http://127.0.0.1:8787- Open
https://ci.oore.build, add your tunnel URL as the backend, and follow the setup wizard.
Cloudflared Troubleshooting (#43)
If you have trouble connecting your tunnel to the Hosted UI, check these common failure modes:
Tunnel URL has expired
- Symptom: Cloudflare logo page says "This tunnel is not active."
- Fix: Restart your tunnel command. If using Quick Tunnels, you will get a new URL each time.
- Check:
cloudflared tunnel --url http://127.0.0.1:8787
Localhost Mismatch (Port 8787)
- Symptom: "Backend unreachable" from
ci.oore.builddespite tunnel being up. - Fix: Ensure
ooredis running on the same port your tunnel is pointing to. - Check:
curl -I http://127.0.0.1:8787/healthz
- Symptom: "Backend unreachable" from
Mixed Content / HTTP instead of HTTPS
- Symptom: Browser console shows "Blocked loading of mixed active content."
- Fix: Ensure your backend URL in
ci.oore.buildstarts withhttps://. - Check: Look for the
trycloudflare.comURL in your terminal logs.
For a full reset of your Oore CI instance, see the Clean Reinstall Guide.
Continue with:
Common first-time blockers (and fixes)
oore / oored not found after install
The installer adds ~/.oore/bin to your PATH for future shells.
- Open a new terminal, then try
oore version, or - Use the full path once:
~/.oore/bin/oore version.
Hosted UI can’t connect to a localhost backend
If your backend URL is http://127.0.0.1:8787, the hosted UI will not be able to reach it.
- Use local setup (
oore setup), or - expose the backend over HTTPS (tunnel / reverse proxy) and use that URL in hosted UI.
“Do I need OIDC on day one?”
Remote access defaults to OIDC, but local-first onboarding supports loopback-only login (no local passwords).
If you want a remote-first path without configuring OIDC immediately, see the deployment docs for the trusted_proxy option:
How to report issues and security findings
- Bugs/UX issues: GitHub issues (use the Alpha Feedback Playbook)
- Security reports: follow SECURITY.md (private disclosure)