Prerequisites

To self-host OpenCI, you need to meet the following prerequisites:

  • Mac with M1 or later
  • macOS 14.0 or later

Initial Setup

To self-host OpenCI, you need to install some tools.

Tart

Tart is a tool for managing macOS VMs.

brew install cirruslabs/cli/tart

Firebase CLI

OpenCI uses Firebase, so you need to install the Firebase CLI.

curl -sL https://firebase.tools | bash

OpenCI Runner

OpenCI Runner is a CLI for running OpenCI. Dart is required for installation.

dart pub global activate openci_runner

Download Base Image

OpenCI uses macOS 15.0 as its base image. This takes a considerable amount of time.

tart pull ghcr.io/open-ci-io/sequoia:0.0.4

Firebase Configuration

OpenCI uses Firebase for its backend and other components. Therefore, Firebase needs to be configured.

Create a Firebase Project

Access the Firebase site with any Google account and create a project.

Firestore Configuration

Firestore is used to register build jobs. Therefore, access Firestore and provision it.

Firebase Functions Configuration

OpenCI uses Firebase Functions. Using Firebase Functions requires registration for the Blaze plan (paid). The cost is approximately a few yen per month.

Firebase Initialization

After creating a Firebase project, specify the project to use.

firebase use project-id

Firebase Functions Deployment

Clone the OpenCI CLI repository.

gh repo clone open-ci-io/openci

GitHub App Configuration

OpenCI uses a GitHub app to retrieve build jobs.

Create a GitHub App

Access GitHub app creation and create a GitHub app.

Secret Configuration

Register the GitHub app secrets used by Firebase Functions in Google Cloud’s Secret Manager.

Navigate to /apps/firebase_functions/functions/

GITHUB_APP_ID

firebase functions:secrets:set APP_ID

GITHUB_WEBHOOK_SECRET

A “secret random string” used to verify the authenticity of Webhooks sent from GitHub.

Generate a string as follows:

openssl rand -hex 32

Set the generated string to GITHUB_WEBHOOK_SECRET in Firebase Functions.

firebase functions:secrets:set GITHUB_WEBHOOK_SECRET

Then, set this string to the Webhook Secret in the GitHub app.

The Webhook configuration is complete when it looks like the following:

GITHUB_PRIVATE_KEY

Create a Private Key for the GitHub app. You will also use this in the next step.

Set this Private Key to PRIVATE_KEY in Firebase Functions.

Originally, you should register the Secret with the firebase CLI, but the current CLI crashes when reading .pem files. Therefore, register it from the GCP Secret Manager using the GUI.

After setting all the Secrets, deploy Firebase Functions.

cd apps/firebase_functions/functions
firebase deploy --only functions

Finally, specify the URL of Firebase Functions’ gitHubAppFunction as the Webhook URL for the GitHub app.

Create a Firebase Service Account

Create a Firebase service account and place it in an arbitrary directory.

With this, the preparation for self-hosting OpenCI is complete. Congratulations!

Was this page helpful?

Running OpenCI