chore: Cleanup images and use hash for exports tag (#158)

I noticed that making changes to the exports script before a release
could cause modules to not build properly if breaking changes got pushed
out. To prevent this, I'm making it so that the hash of the commit is
put in the tag for the exports script image and that the CLI tool will
use that hash when building the `Containerfile`.

.github/workflows/build-pr.yml

@@ -14,6 +14,8 @@ jobs:
   build:
     timeout-minutes: 60
     runs-on: ubuntu-latest
+    outputs:
+      export: ${{ steps.build.outputs.export }}
 
     steps:
       - name: Maximize build space
@@ -23,8 +25,6 @@ jobs:
         if: env.EARTHLY_SAT_TOKEN == null
 
       - uses: earthly/actions-setup@v1
-        with:
-          version: v0.8.4
 
       - name: Earthly login
         env:
@@ -39,8 +39,22 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.ref }}
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        if: github.token != null
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
       - name: Run build
-        run: earthly --ci +build
+        id: build
+        run: |
+          if [ -n "${{ github.token }}" ]; then
+            earthly --ci --push +exports-script
+            echo "export=true" >> "$GITHUB_OUTPUT"
+          fi
+          earthly --ci +build
 
   integration-tests:
     permissions:
@@ -49,14 +63,16 @@ jobs:
     runs-on: ubuntu-latest
     needs:
       - build
+    if: needs.build.outputs.export == 'true'
 
     steps:
       - name: Maximize build space
         uses: ublue-os/remove-unwanted-software@v6
+        env:
+          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
+        if: env.EARTHLY_SAT_TOKEN == null
 
       - uses: earthly/actions-setup@v1
-        with:
-          version: v0.8.4
 
       - name: Earthly login
         env:
@@ -73,7 +89,6 @@ jobs:
           ref: ${{ github.event.pull_request.ref }}
 
       - name: Run integration tests
-        if: github.repository == 'blue-build/cli'
         run: earthly --ci -P ./integration-tests+all
 
   docker-build:
@@ -85,6 +100,7 @@ jobs:
       id-token: write
     needs:
       - build
+    if: needs.build.outputs.export == 'true'
 
     steps:
       - name: Maximize build space
@@ -92,8 +108,6 @@ jobs:
 
       - uses: sigstore/cosign-installer@v3.3.0
       - uses: earthly/actions-setup@v1
-        with:
-          version: v0.8.4
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -107,7 +121,7 @@ jobs:
         run: |
           earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
           earthly org s blue-build
-          earthly sat s blue-build-integration-tests
+          earthly sat s blue-build-pr
 
       - uses: actions/checkout@v4
         with:
@@ -115,7 +129,7 @@ jobs:
 
       - name: Install bluebuild
         run: |
-          earthly -a +install/bluebuild --BUILD_TARGET=x86_64-unknown-linux-musl /usr/local/bin/bluebuild
+          earthly -a +installer/bluebuild /usr/local/bin/bluebuild
 
       - name: Expose GitHub Runtime
         uses: crazy-max/ghaction-github-runtime@v3
@@ -130,8 +144,4 @@ jobs:
           cd integration-tests/test-repo
           bluebuild template -vv | tee Containerfile
           grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
-          if [ -n "$GH_TOKEN" ] && [ -n "$COSIGN_PRIVATE_KEY" ]; then
-            bluebuild build --push -vv
-          else
-            bluebuild build -vv
-          fi
+          bluebuild build --push -vv

.github/workflows/build.yml

@@ -28,8 +28,6 @@ jobs:
         if: env.EARTHLY_SAT_TOKEN == null
 
       - uses: earthly/actions-setup@v1
-        with:
-          version: v0.8.4
 
       - name: Earthly login
         env:
@@ -56,21 +54,27 @@ jobs:
         if: github.repository == 'blue-build/cli'
         run: earthly --push --ci +build
 
+      - name: Run build fork
+        if: github.repository != 'blue-build/cli'
+        run: earthly --ci +build
+
   integration-tests:
     permissions:
       packages: write
     timeout-minutes: 60
     runs-on: ubuntu-latest
+    if: github.repository == 'blue-build/cli'
     needs:
       - build
 
     steps:
       - name: Maximize build space
         uses: ublue-os/remove-unwanted-software@v6
+        env:
+          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
+        if: env.EARTHLY_SAT_TOKEN == null
 
       - uses: earthly/actions-setup@v1
-        with:
-          version: v0.8.4
 
       - name: Earthly login
         env:
@@ -97,6 +101,7 @@ jobs:
       contents: read
       packages: write
       id-token: write
+    if: github.repository == 'blue-build/cli'
     needs:
       - build
 
@@ -106,8 +111,6 @@ jobs:
 
       - uses: sigstore/cosign-installer@v3.3.0
       - uses: earthly/actions-setup@v1
-        with:
-          version: v0.8.4
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -121,7 +124,7 @@ jobs:
         run: |
           earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
           earthly org s blue-build
-          earthly sat s blue-build-integration-tests
+          earthly sat s blue-build-main
 
       - uses: actions/checkout@v4
         with:
@@ -129,7 +132,7 @@ jobs:
 
       - name: Install bluebuild
         run: |
-          earthly -a +install/bluebuild --BUILD_TARGET=x86_64-unknown-linux-musl /usr/local/bin/bluebuild
+          earthly -a +installer/bluebuild /usr/local/bin/bluebuild
 
       - name: Expose GitHub Runtime
         uses: crazy-max/ghaction-github-runtime@v3