1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
|
# Tickborg (ofborg) — Overview
## What is Tickborg?
Tickborg is the distributed Continuous Integration (CI) bot purpose-built for the
**Project Tick monorepo**. It is a Rust-based system derived from the original
[ofborg](https://github.com/NixOS/ofborg) — a CI system created for the NixOS
project — and adapted for the multi-project, multi-language, multi-platform
reality of Project Tick.
Where the original ofborg was tightly coupled to Nix package evaluation, tickborg
has been generalised to handle arbitrary build systems (CMake, Meson, Autotools,
Cargo, Gradle, Make, and custom commands) while retaining the proven AMQP-based
distributed worker architecture that made ofborg reliable at scale.
The crate name remains **`tickborg`** in code, the workspace lives under
`ofborg/` in the Project Tick tree, and the bot responds to the handle
**`@tickbot`** in GitHub comments.
---
## High-Level Goals
| Goal | How Tickborg achieves it |
|------|--------------------------|
| **Automated PR evaluation** | Every opened / synchronised PR is evaluated for which sub-projects changed and builds are scheduled automatically. |
| **On-demand builds** | Maintainers comment `@tickbot build <attr>` or `@tickbot eval` on a PR to trigger builds or re-evaluations. |
| **Push-triggered CI** | Direct pushes to protected branches (`main`, `staging`, etc.) are detected and build jobs are dispatched. |
| **Multi-platform builds** | Builds can be fanned out to `x86_64-linux`, `aarch64-linux`, `x86_64-darwin`, `aarch64-darwin`, `x86_64-windows`, `aarch64-windows`, and `x86_64-freebsd`. |
| **GitHub Check Runs** | Build results are reported back via the GitHub Checks API, giving inline status on every PR. |
| **Build log collection** | Build output is streamed over AMQP to a central log collector and served via a log viewer web UI. |
| **Prometheus metrics** | Operational statistics are published to RabbitMQ and exposed on a `/metrics`-compatible HTTP endpoint. |
---
## Design Principles
### 1. Message-Oriented Architecture
Every component communicates exclusively through **RabbitMQ (AMQP 0-9-1)**
messages. There is no shared database, no direct RPC between services, and no
in-memory coupling between workers. This means:
- Each worker binary can be deployed, scaled, and restarted independently.
- Work is durable — RabbitMQ queues are declared `durable: true` and messages
are published with `delivery_mode: 2` (persistent).
- Load balancing is implicit: multiple builder instances consuming from the same
queue will each receive a fair share of jobs via `basic_qos(1)`.
### 2. Worker Trait Abstraction
All business logic is expressed through two traits:
```rust
// tickborg/src/worker.rs
pub trait SimpleWorker: Send {
type J: Send;
fn consumer(&mut self, job: &Self::J) -> impl Future<Output = Actions>;
fn msg_to_job(
&mut self, method: &str, headers: &Option<String>, body: &[u8],
) -> impl Future<Output = Result<Self::J, String>>;
}
```
```rust
// tickborg/src/notifyworker.rs
#[async_trait]
pub trait SimpleNotifyWorker {
type J;
async fn consumer(
&self, job: Self::J,
notifier: Arc<dyn NotificationReceiver + Send + Sync>,
);
fn msg_to_job(
&self, routing_key: &str, content_type: &Option<String>, body: &[u8],
) -> Result<Self::J, String>;
}
```
`SimpleWorker` is for purely functional message processors: receive a message,
return a list of `Action`s. `SimpleNotifyWorker` is for long-running tasks (like
builds) that need to stream intermediate results back during processing.
### 3. One Binary per Concern
Each responsibility is compiled into its own binary target under
`tickborg/src/bin/`:
| Binary | Role |
|--------|------|
| `github-webhook-receiver` | HTTP server that validates GitHub webhook payloads, verifies HMAC-SHA256 signatures, and publishes them to the `github-events` exchange. |
| `evaluation-filter` | Consumes `pull_request.*` events and decides whether a PR warrants evaluation. Publishes `EvaluationJob` to `mass-rebuild-check-jobs`. |
| `github-comment-filter` | Consumes `issue_comment.*` events, parses `@tickbot` commands, and publishes `BuildJob` messages. |
| `github-comment-poster` | Consumes `build-results` and creates GitHub Check Runs. |
| `mass-rebuilder` | Performs full monorepo evaluation on a PR checkout: detects changed projects, schedules builds. |
| `builder` | Executes actual builds using the configured build system (CMake, Cargo, etc.) and reports results. |
| `push-filter` | Consumes `push.*` events and creates build jobs for pushes to tracked branches. |
| `log-message-collector` | Collects streaming build log messages and writes them to disk. |
| `logapi` | HTTP server that serves collected build logs via a REST API. |
| `stats` | Collects stat events from RabbitMQ and exposes Prometheus metrics on port 9898. |
| `build-faker` | Development/testing tool that publishes fake build jobs. |
---
## Key Data Structures
### Repo
```rust
// tickborg/src/message/common.rs
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct Repo {
pub owner: String,
pub name: String,
pub full_name: String,
pub clone_url: String,
}
```
### Pr
```rust
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
pub struct Pr {
pub target_branch: Option<String>,
pub number: u64,
pub head_sha: String,
}
```
### PushTrigger
```rust
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
pub struct PushTrigger {
pub head_sha: String,
pub branch: String,
pub before_sha: Option<String>,
}
```
### BuildJob
```rust
// tickborg/src/message/buildjob.rs
#[derive(Serialize, Deserialize, Debug)]
pub struct BuildJob {
pub repo: Repo,
pub pr: Pr,
pub subset: Option<Subset>,
pub attrs: Vec<String>,
pub request_id: String,
pub logs: Option<ExchangeQueue>,
pub statusreport: Option<ExchangeQueue>,
pub push: Option<PushTrigger>,
}
```
### BuildResult
```rust
// tickborg/src/message/buildresult.rs
#[derive(Serialize, Deserialize, Debug)]
pub enum BuildResult {
V1 {
tag: V1Tag,
repo: Repo,
pr: Pr,
system: String,
output: Vec<String>,
attempt_id: String,
request_id: String,
status: BuildStatus,
skipped_attrs: Option<Vec<String>>,
attempted_attrs: Option<Vec<String>>,
push: Option<PushTrigger>,
},
Legacy { /* ... backward compat ... */ },
}
```
### BuildStatus
```rust
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq)]
pub enum BuildStatus {
Skipped,
Success,
Failure,
TimedOut,
HashMismatch,
UnexpectedError { err: String },
}
```
---
## Supported Build Systems
The `BuildExecutor` struct in `tickborg/src/buildtool.rs` supports:
```rust
pub enum BuildSystem {
CMake,
Meson,
Autotools,
Cargo,
Gradle,
Make,
Custom { command: String },
}
```
For each build system, tickborg knows how to invoke the configure, build, and
test phases. A `ProjectBuildConfig` ties a sub-project to its build system:
```rust
pub struct ProjectBuildConfig {
pub name: String,
pub path: String,
pub build_system: BuildSystem,
pub build_timeout_seconds: u16,
pub configure_args: Vec<String>,
pub build_args: Vec<String>,
pub test_command: Option<Vec<String>>,
}
```
---
## Supported Platforms (Systems)
```rust
// tickborg/src/systems.rs
pub enum System {
X8664Linux,
Aarch64Linux,
X8664Darwin,
Aarch64Darwin,
X8664Windows,
Aarch64Windows,
X8664FreeBSD,
}
```
Primary CI platforms (used for untrusted users):
- `x86_64-linux`
- `x86_64-darwin`
- `x86_64-windows`
Trusted users get access to all seven platforms, including ARM and FreeBSD.
---
## Comment Parser
Users interact with tickborg by posting comments on GitHub PRs/issues:
```
@tickbot build meshmc
@tickbot eval
@tickbot test mnv
@tickbot build meshmc json4cpp neozip
```
The parser is implemented in `tickborg/src/commentparser.rs` using the `nom`
parser combinator library. It produces:
```rust
pub enum Instruction {
Build(Subset, Vec<String>),
Test(Vec<String>),
Eval,
}
pub enum Subset {
Project,
}
```
Multiple commands can appear in a single comment, even interspersed with prose:
```markdown
I noticed the target was broken — let's re-eval:
@tickbot eval
Also, try building meshmc:
@tickbot build meshmc
```
---
## Access Control (ACL)
```rust
// tickborg/src/acl.rs
pub struct Acl {
trusted_users: Option<Vec<String>>,
repos: Vec<String>,
}
```
- `repos` — list of GitHub repositories tickborg is responsible for.
- `trusted_users` — users who can build on *all* architectures (including ARM,
FreeBSD). When `None` (disabled), everyone gets unrestricted access.
- Non-trusted users only build on primary platforms.
```rust
impl Acl {
pub fn is_repo_eligible(&self, name: &str) -> bool;
pub fn build_job_architectures_for_user_repo(
&self, user: &str, repo: &str
) -> Vec<System>;
pub fn can_build_unrestricted(&self, user: &str, repo: &str) -> bool;
}
```
---
## Project Tagger
The `ProjectTagger` in `tickborg/src/tagger.rs` analyses changed files in a PR
and generates labels:
```rust
pub struct ProjectTagger {
selected: Vec<String>,
}
impl ProjectTagger {
pub fn analyze_changes(&mut self, changed_files: &[String]);
pub fn tags_to_add(&self) -> Vec<String>;
}
```
It produces labels like:
- `project: meshmc`
- `project: mnv`
- `scope: ci`
- `scope: docs`
- `scope: root`
---
## The Monorepo Evaluation Strategy
When a PR is evaluated, the `MonorepoStrategy` in
`tickborg/src/tasks/eval/monorepo.rs` implements the `EvaluationStrategy` trait:
```rust
pub trait EvaluationStrategy {
fn pre_clone(&mut self) -> impl Future<Output = StepResult<()>>;
fn on_target_branch(&mut self, co: &Path, status: &mut CommitStatus)
-> impl Future<Output = StepResult<()>>;
fn after_fetch(&mut self, co: &CachedProjectCo) -> StepResult<()>;
fn after_merge(&mut self, status: &mut CommitStatus)
-> impl Future<Output = StepResult<()>>;
fn evaluation_checks(&self) -> Vec<EvalChecker>;
fn all_evaluations_passed(&mut self, status: &mut CommitStatus)
-> impl Future<Output = StepResult<EvaluationComplete>>;
}
```
The strategy:
1. Labels the PR from its title (extracting project names like `meshmc`,
`mnv`, etc. using regex word boundaries).
2. Parses Conventional Commit messages to find affected scopes.
3. Uses file-change detection to identify which sub-projects changed.
4. Returns an `EvaluationComplete` containing `BuildJob`s to be dispatched.
---
## How It All Fits Together
```
GitHub Webhook
│
▼
┌──────────────────┐
│ Webhook Receiver │──► github-events (Topic Exchange)
└──────────────────┘ │
┌─────────────────┼──────────────────┐
▼ ▼ ▼
┌─────────────┐ ┌───────────────┐ ┌──────────────┐
│ Eval Filter │ │ Comment Filter│ │ Push Filter │
└──────┬──────┘ └──────┬────────┘ └──────┬───────┘
│ │ │
▼ ▼ ▼
mass-rebuild- build-jobs build-inputs-*
check-jobs (Fanout) queues
│ │ │
▼ ▼ ▼
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│Mass Rebuilder │ │ Builder │ │ Builder │
└──────┬───────┘ └──────┬───────┘ └──────┬───────┘
│ │ │
└────────┬────────┘ │
▼ ▼
build-results build-results
(Fanout Exchange) (Fanout Exchange)
│
▼
┌────────────────┐ ┌──────────────────┐
│ Comment Poster │ │ Log Collector │
└────────────────┘ └──────────────────┘
│ │
▼ ▼
GitHub Checks API /var/log/tickborg/
```
---
## Repository Layout
```
ofborg/
├── Cargo.toml # Workspace root
├── Cargo.lock # Pinned dependency versions
├── docker-compose.yml # Full stack for local dev / production
├── Dockerfile # Multi-stage build for all binaries
├── service.nix # NixOS module for systemd services
├── flake.nix # Nix flake for dev shell & building
├── example.config.json # Example configuration file
├── config.production.json # Production config template
├── config.public.json # Public (non-secret) config
├── deploy/ # Deployment scripts
├── doc/ # Legacy upstream docs
├── ofborg/ # Original ofborg crate (deprecated)
├── ofborg-simple-build/ # Original simple build (deprecated)
├── ofborg-viewer/ # Log viewer web UI (JavaScript)
├── tickborg/ # Main crate
│ ├── Cargo.toml # Crate manifest with all dependencies
│ ├── build.rs # Build script (generates events.rs)
│ ├── src/
│ │ ├── lib.rs # Library root — module declarations
│ │ ├── bin/ # Binary entry points (11 binaries)
│ │ ├── acl.rs # Access control lists
│ │ ├── asynccmd.rs # Async command execution
│ │ ├── buildtool.rs # Build system abstraction
│ │ ├── checkout.rs # Git checkout / caching
│ │ ├── clone.rs # Git clone trait
│ │ ├── commentparser.rs # @tickbot command parser (nom)
│ │ ├── commitstatus.rs # GitHub commit status wrapper
│ │ ├── config.rs # Configuration types & loading
│ │ ├── easyamqp.rs # AMQP config types & traits
│ │ ├── easylapin.rs # lapin (AMQP) integration layer
│ │ ├── evalchecker.rs # Generic command checker
│ │ ├── files.rs # File utilities
│ │ ├── ghevent/ # GitHub event type definitions
│ │ ├── locks.rs # File-based locking
│ │ ├── message/ # Message types (jobs, results, logs)
│ │ ├── notifyworker.rs # Streaming notification worker trait
│ │ ├── stats.rs # Metrics / event system
│ │ ├── systems.rs # Platform / architecture enum
│ │ ├── tagger.rs # PR label tagger
│ │ ├── tasks/ # Task implementations
│ │ ├── worker.rs # Core worker trait
│ │ └── writetoline.rs # Line-based file writer
│ ├── test-nix/ # Test fixtures (Nix-era, kept)
│ ├── test-scratch/ # Scratch test data
│ └── test-srcs/ # Test source data (JSON events)
└── tickborg-simple-build/ # Simplified build tool crate
├── Cargo.toml
└── src/
```
---
## Technology Stack
| Component | Technology |
|-----------|-----------|
| Language | Rust (Edition 2024) |
| Async runtime | Tokio (multi-thread) |
| AMQP client | lapin 4.3 |
| HTTP server | hyper 1.0 + hyper-util |
| JSON | serde + serde_json |
| GitHub API | hubcaps (custom fork) |
| Logging | tracing + tracing-subscriber |
| Parser | nom 8 |
| Cryptography | hmac + sha2 (webhook verification) |
| Concurrency | parking_lot, tokio::sync |
| UUID | uuid v4 |
| Caching | lru-cache |
| File locking | fs2 |
| Date/time | chrono |
---
## Versioning
The crate version is declared in `tickborg/Cargo.toml`:
```toml
[package]
name = "tickborg"
version = "0.1.0"
```
The version is accessible at runtime via:
```rust
pub const VERSION: &str = env!("CARGO_PKG_VERSION");
```
It is also embedded in the RabbitMQ connection properties:
```rust
let opts = ConnectionProperties::default()
.with_client_property("tickborg_version".into(), tickborg::VERSION.into());
```
---
## Relation to the Original ofborg
Tickborg was forked from ofborg (NixOS/ofborg) and adapted:
| Aspect | ofborg | tickborg |
|--------|--------|----------|
| Purpose | Nix package evaluation for nixpkgs | Monorepo CI for Project Tick |
| Build system | `nix-build` only | CMake, Meson, Cargo, Gradle, Make, Custom |
| Bot handle | `@ofborg` | `@tickbot` |
| Platforms | Linux, macOS | Linux, macOS, Windows, FreeBSD |
| Evaluation | Nix expression evaluation | File-change detection + project mapping |
| Package crate | `ofborg` | `tickborg` |
The `ofborg/` and `ofborg-simple-build/` directories are kept for reference but
are no longer compiled as part of the workspace.
---
## Quick Start (for developers)
```bash
# Enter the dev shell (requires Nix)
nix develop ./ofborg
# Or without Nix, ensure Rust 2024+ is installed
cd ofborg
cargo build --workspace
# Run tests
cargo test --workspace
# Start local infra
docker compose up -d rabbitmq
```
See [building.md](building.md) for comprehensive build instructions and
[configuration.md](configuration.md) for setting up a config file.
---
## Further Reading
- [architecture.md](architecture.md) — Crate structure, module hierarchy, worker pattern
- [building.md](building.md) — Cargo build, dependencies, features, build targets
- [webhook-receiver.md](webhook-receiver.md) — GitHub webhook handling
- [message-system.md](message-system.md) — AMQP/RabbitMQ messaging
- [build-executor.md](build-executor.md) — Build execution, build system abstraction
- [evaluation-system.md](evaluation-system.md) — Monorepo evaluation, project detection
- [github-integration.md](github-integration.md) — GitHub API interaction
- [amqp-infrastructure.md](amqp-infrastructure.md) — RabbitMQ connection management
- [deployment.md](deployment.md) — NixOS module, Docker Compose
- [configuration.md](configuration.md) — Config file format, environment variables
- [data-flow.md](data-flow.md) — End-to-end data flow
- [code-style.md](code-style.md) — Rust coding conventions
- [contributing.md](contributing.md) — Contribution guide
|
