particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: Cleanup workflows to be run from just (#238)

Browse source
This commit is contained in:
Gerald Pinder 2024-10-07 16:34:36 -04:00 committed by GitHub
parent 7c5578994e
commit 32092195d3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
16 changed files with 298 additions and 265 deletions
Download patch file Download diff file Expand all files Collapse all files

213
.github/workflows/build-pr.yml vendored
View file

@ -14,7 +14,7 @@ env:
jobs:
test:
timeout-minutes: 20
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
@ -32,7 +32,7 @@ jobs:
earthly --ci +test
lint:
timeout-minutes: 20
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
@ -50,22 +50,16 @@ jobs:
earthly --ci +lint
arm64-prebuild:
timeout-minutes: 60
timeout-minutes: 10
runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- name: Earthly login
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN != null
run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
earthly org s blue-build
@ -79,7 +73,6 @@ jobs:
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
if: github.token != null
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -91,22 +84,16 @@ jobs:
earthly --ci --push -P +prebuild
amd64-prebuild:
timeout-minutes: 60
timeout-minutes: 10
runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- name: Earthly login
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN != null
run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
earthly org s blue-build
@ -120,7 +107,6 @@ jobs:
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
if: github.token != null
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -131,28 +117,19 @@ jobs:
run: |
earthly --ci --push -P +prebuild
build:
timeout-minutes: 60
build-images:
timeout-minutes: 30
runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
needs:
- arm64-prebuild
- amd64-prebuild
outputs:
push: ${{ steps.build.outputs.push }}
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- name: Earthly login
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN != null
run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
earthly org s blue-build
@ -166,7 +143,6 @@ jobs:
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
if: github.token != null
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -175,21 +151,38 @@ jobs:
- name: Run build
id: build
run: |
if [ -n "${{ github.token }}" ]; then
earthly --ci --push -P +build
echo "push=true" >> "$GITHUB_OUTPUT"
else
earthly --ci -P +build
fi
earthly --ci --push -P +build-images
build-scripts:
timeout-minutes: 5
runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
steps:
- uses: earthly/actions-setup@v1
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Run build
id: build
run: |
earthly --ci --push -P +build-scripts
integration-tests:
permissions:
packages: write
timeout-minutes: 60
runs-on: ubuntu-latest
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Maximize build space
@ -210,15 +203,12 @@ jobs:
earthly --ci -P ./integration-tests+all
docker-build:
timeout-minutes: 60
timeout-minutes: 20
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Maximize build space
@ -239,35 +229,26 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B docker -I docker -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
run: just test-docker-build
arm64-build:
timeout-minutes: 60
timeout-minutes: 40
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Maximize build space
@ -288,38 +269,26 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild build \
--retry-push \
--platform linux/arm64 \
--push \
-vv \
recipes/recipe-arm64.yml
run: just test-arm64-build
docker-build-external-login:
timeout-minutes: 60
timeout-minutes: 20
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Maximize build space
@ -347,34 +316,25 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
run: just test-docker-build-external-login
docker-build-oauth-login:
timeout-minutes: 60
timeout-minutes: 20
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Google Auth
@ -413,39 +373,25 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
bluebuild build \
--registry us-east1-docker.pkg.dev \
--registry-namespace bluebuild-oidc/bluebuild \
--retry-push \
--push \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
run: just test-docker-build-oauth-login
podman-build:
timeout-minutes: 60
timeout-minutes: 20
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Maximize build space
@ -473,31 +419,22 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B podman -I podman -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
run: just test-podman-build
buildah-build:
timeout-minutes: 15
timeout-minutes: 20
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Maximize build space
@ -525,31 +462,22 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B buildah -I podman -S sigstore --squash --push -vv recipes/recipe.yml recipes/recipe-39.yml
run: just test-buildah-build
iso-from-image:
timeout-minutes: 60
timeout-minutes: 20
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Maximize build space
@ -570,33 +498,26 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild generate-iso image ghcr.io/blue-build/cli/test:40
run: just test-generate-iso-image
iso-from-recipe:
timeout-minutes: 60
timeout-minutes: 20
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps:
- name: Maximize build space
@ -617,19 +538,15 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild generate-iso -vv recipe recipes/recipe.yml
run: just test-generate-iso-recipe

159
.github/workflows/build.yml vendored
View file

@ -134,7 +134,47 @@ jobs:
run: |
earthly --ci --push -P +prebuild
build:
build-scripts:
timeout-minutes: 60
runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- name: Earthly login
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN != null
run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
earthly org s blue-build
earthly sat s pr
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Run build
id: build
run: |
earthly --ci --push -P +build-scripts
build-images:
permissions:
packages: write
timeout-minutes: 60
@ -188,7 +228,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
needs:
- build
- build-scripts
steps:
- name: Maximize build space
@ -216,7 +256,7 @@ jobs:
id-token: write
if: github.repository == 'blue-build/cli'
needs:
- build
- build-scripts
steps:
- name: Maximize build space
@ -236,28 +276,21 @@ jobs:
with:
ref: main
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B docker -I docker -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
run: just test-docker-build
arm64-build:
timeout-minutes: 60
timeout-minutes: 40
runs-on: ubuntu-latest
permissions:
contents: read
@ -265,7 +298,7 @@ jobs:
id-token: write
if: github.repository == 'blue-build/cli'
needs:
- build
- build-scripts
steps:
- name: Maximize build space
@ -286,27 +319,18 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild build \
--retry-push \
--platform linux/arm64 \
--push \
-vv \
recipes/recipe-arm64.yml
run: just test-arm64-build
docker-build-external-login:
timeout-minutes: 60
@ -317,7 +341,7 @@ jobs:
id-token: write
if: github.repository == 'blue-build/cli'
needs:
- build
- build-scripts
steps:
- name: Maximize build space
@ -345,23 +369,17 @@ jobs:
ref: main
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
run: just test-docker-build-external-login
docker-build-oauth-login:
timeout-minutes: 60
@ -371,7 +389,7 @@ jobs:
packages: write
id-token: write
needs:
- build
- build-scripts
if: github.repository == 'blue-build/cli'
steps:
@ -409,28 +427,17 @@ jobs:
with:
ref: main
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
bluebuild build \
--registry us-east1-docker.pkg.dev \
--registry-namespace bluebuild-oidc/bluebuild \
--retry-push \
--push \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
run: just test-docker-build-oauth-login
podman-build:
timeout-minutes: 60
@ -441,7 +448,7 @@ jobs:
id-token: write
if: github.repository == 'blue-build/cli'
needs:
- build
- build-scripts
steps:
- name: Maximize build space
@ -469,20 +476,14 @@ jobs:
ref: main
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B podman -I podman -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
run: just test-podman-build
buildah-build:
timeout-minutes: 60
@ -493,7 +494,7 @@ jobs:
id-token: write
if: github.repository == 'blue-build/cli'
needs:
- build
- build-scripts
steps:
- name: Maximize build space
@ -521,20 +522,14 @@ jobs:
ref: main
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
run: |
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B buildah -I podman -S sigstore --squash --push -vv recipes/recipe.yml recipes/recipe-39.yml
run: just test-buildah-build
iso-from-image:
timeout-minutes: 60
@ -544,7 +539,7 @@ jobs:
packages: write
id-token: write
needs:
- build
- build-scripts
if: github.repository == 'blue-build/cli'
steps:
@ -566,22 +561,18 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild generate-iso image ghcr.io/blue-build/cli/test:40
run: just test-generate-iso-image
iso-from-recipe:
timeout-minutes: 60
@ -591,7 +582,7 @@ jobs:
packages: write
id-token: write
needs:
- build
- build-scripts
if: github.repository == 'blue-build/cli'
steps:
@ -613,19 +604,15 @@ jobs:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build
env:
GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true
run: |
cd integration-tests/test-repo
bluebuild generate-iso -vv recipe recipes/recipe.yml
run: just test-generate-iso-image