From bf52cdae35155923bed8a49c87d5085d7ab1ffdf Mon Sep 17 00:00:00 2001
From: Gerald Pinder <gmpinder@gmail.com>
Date: Sun, 2 Jun 2024 18:10:27 -0400
Subject: [PATCH] chore: Add action to test external login

---
 .github/workflows/build.yml | 60 +++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index cfe6713..cd6eb4d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -139,6 +139,66 @@ jobs:
           grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
           bluebuild build --push -vv
 
+  docker-build-external-login:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    if: github.repository == 'blue-build/cli'
+    needs:
+      - build
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@v6
+
+      - uses: sigstore/cosign-installer@v3.3.0
+      - uses: earthly/actions-setup@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+
+      - name: Docker Login
+        uses: docker/login-action@v3
+        with:
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Earthly login
+        env:
+          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
+        if: env.EARTHLY_SAT_TOKEN != null
+        run: |
+          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
+          earthly org s blue-build
+          earthly sat s main
+
+      - uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Install bluebuild
+        run: |
+          earthly -a +installer/bluebuild /usr/local/bin/bluebuild
+
+      - name: Expose GitHub Runtime
+        uses: crazy-max/ghaction-github-runtime@v3
+
+      - name: Run Build
+        env:
+          GH_PR_EVENT_NUMBER: ${{ github.event.number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: |
+          cd integration-tests/test-repo
+          bluebuild template -vv | tee Containerfile
+          grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
+          bluebuild build --push -vv
+
   podman-build:
     timeout-minutes: 60
     runs-on: ubuntu-latest