From f8950b3477d5fa70250e6cb89726e320f9f1b0e5 Mon Sep 17 00:00:00 2001
From: Gerald Pinder <gmpinder@gmail.com>
Date: Fri, 2 May 2025 16:33:41 -0400
Subject: [PATCH] chore: Create separate test and build workflows

---
 .github/workflows/build.yml | 419 -----------------------------------
 .github/workflows/main.yml  |  13 +-
 .github/workflows/pr.yml    |  13 +-
 .github/workflows/test.yml  | 424 ++++++++++++++++++++++++++++++++++++
 4 files changed, 448 insertions(+), 421 deletions(-)
 create mode 100644 .github/workflows/test.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2065732..a0271c0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -7,59 +7,15 @@ on:
       repo:
         required: true
         type: string
-      pr_event_number:
-        type: string
-    secrets:
-      TEST_SIGNING_SECRET:
 env:
   FORCE_COLOR: 1
   CLICOLOR_FORCE: 1
   RUST_LOG_STYLE: always
 
 jobs:
-  test:
-    timeout-minutes: 40
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
-
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-      - name: Run build
-        id: build
-        run: |
-          earthly --ci +test
-
-  lint:
-    timeout-minutes: 40
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
-
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-      - name: Run build
-        id: build
-        run: |
-          earthly --ci +lint
-
   arm64-prebuild:
     timeout-minutes: 20
     runs-on: ubuntu-24.04-arm
-    if: inputs.repo == 'blue-build/cli'
 
     steps:
       - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
@@ -87,7 +43,6 @@ jobs:
   amd64-prebuild:
     timeout-minutes: 20
     runs-on: ubuntu-latest
-    if: inputs.repo == 'blue-build/cli'
 
     steps:
       - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
@@ -117,7 +72,6 @@ jobs:
   build-scripts:
     timeout-minutes: 60
     runs-on: ubuntu-latest
-    if: inputs.repo == 'blue-build/cli'
     steps:
       - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
 
@@ -150,7 +104,6 @@ jobs:
       packages: write
     timeout-minutes: 60
     runs-on: ubuntu-latest
-    if: inputs.repo == 'blue-build/cli'
     needs:
       - arm64-prebuild
       - amd64-prebuild
@@ -179,376 +132,4 @@ jobs:
 
 
       - name: Run build
-        if: inputs.repo == 'blue-build/cli'
         run: earthly --push --ci -P +build-images-all
-
-      - name: Run build fork
-        if: inputs.repo != 'blue-build/cli'
-        run: earthly --ci -P +build-images-all
-
-  integration-tests:
-    permissions:
-      packages: write
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
-
-      # Setup repo and add caching
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with: 
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-      - name: Run integration tests
-        run: |
-          earthly bootstrap
-          earthly --ci -P ./integration-tests+all
-
-  docker-build:
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-        with:
-          install: true
-
-      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
-
-      # Setup repo and add caching
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with: 
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-      - name: Expose GitHub Runtime
-        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
-
-      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
-
-      - name: Run Build
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-          BB_BUILDKIT_CACHE_GHA: true
-        run: just test-docker-build
-
-  rechunk-build:
-    timeout-minutes: 40
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
-        with:
-          install-dir: /usr/bin
-          use-sudo: true
-
-      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
-
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-      - name: Expose GitHub Runtime
-        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
-
-      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
-
-      - name: Run Build
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-          BB_BUILDKIT_CACHE_GHA: true
-        run: |
-          export CARGO_HOME=$HOME/.cargo
-          just test-fresh-rechunk-build
-          just test-rechunk-build
-
-  arm64-build:
-    timeout-minutes: 90
-    # runs-on: ubuntu-24.04-arm
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-        with:
-          install: true
-
-      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
-
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-      - name: Expose GitHub Runtime
-        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
-
-      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
-
-      - name: Run Build
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-          BB_BUILDKIT_CACHE_GHA: true
-        run: just test-arm64-build
-
-  docker-build-external-login:
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-        with:
-          install: true
-
-      - name: Docker Login
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        if: inputs.repo == 'blue-build/cli'
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-
-      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
-
-      # Setup repo and add caching
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-
-      - name: Expose GitHub Runtime
-        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
-
-      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
-
-      - name: Run Build
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-          BB_BUILDKIT_CACHE_GHA: true
-        run: just test-docker-build-external-login
-
-  podman-build:
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
-
-      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
-
-      # Setup repo and add caching
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-
-      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
-
-      - name: Run Build
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-          BB_BUILDKIT_CACHE_GHA: true
-        run: just test-podman-build
-
-  buildah-build:
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
-
-      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
-
-      # Setup repo and add caching
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-
-      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
-
-      - name: Run Build
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-          BB_BUILDKIT_CACHE_GHA: true
-        run: just test-buildah-build
-
-  iso-from-image:
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-        with:
-          install: true
-
-      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
-
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-      - name: Expose GitHub Runtime
-        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
-
-      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
-
-      - name: Run Build
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-          BB_BUILDKIT_CACHE_GHA: true
-        run: just test-generate-iso-image
-
-  iso-from-recipe:
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-
-    steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
-
-      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-        with:
-          install: true
-
-      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
-
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-          ref: ${{ inputs.ref }}
-          repository: ${{ inputs.repo }}
-
-
-      - name: Expose GitHub Runtime
-        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
-
-      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
-
-      - name: Run Build
-        env:
-          GH_TOKEN: ${{ github.token }}
-          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
-          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
-          BB_BUILDKIT_CACHE_GHA: true
-        run: just test-generate-iso-image
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 322f59d..36532c1 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -11,8 +11,19 @@ on:
       - main
 
 jobs:
-  main_branch:
+  build:
     uses: ./.github/workflows/build.yml
+    if: github.repository == 'blue-build/cli'
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    with:
+      repo: ${{ github.repository }}
+      ref: main
+    secrets: inherit
+  test:
+    uses: ./.github/workflows/test.yml
     permissions:
       contents: read
       packages: write
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index d09dedd..c1e6549 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -8,8 +8,19 @@ on:
   pull_request:
 
 jobs:
-  pull_request:
+  build:
     uses: ./.github/workflows/build.yml
+    if: github.repository == 'blue-build/cli'
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    with:
+      repo: ${{ github.event.pull_request.head.repo.full_name }}
+      ref: ${{ github.event.pull_request.head.ref }}
+    secrets: inherit
+  test:
+    uses: ./.github/workflows/test.yml
     permissions:
       contents: read
       packages: write
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..4777ce0
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,424 @@
+on:
+  workflow_call:
+    inputs:
+      ref:
+        required: true
+        type: string
+      repo:
+        required: true
+        type: string
+      pr_event_number:
+        type: string
+    secrets:
+      TEST_SIGNING_SECRET:
+env:
+  FORCE_COLOR: 1
+  CLICOLOR_FORCE: 1
+  RUST_LOG_STYLE: always
+
+jobs:
+  test:
+    timeout-minutes: 40
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+      - name: Run build
+        id: build
+        run: |
+          earthly --ci +test
+
+  lint:
+    timeout-minutes: 40
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+      - name: Run build
+        id: build
+        run: |
+          earthly --ci +lint
+
+  integration-tests:
+    permissions:
+      packages: write
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
+
+      # Setup repo and add caching
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with: 
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+      - name: Run integration tests
+        run: |
+          earthly bootstrap
+          earthly --ci -P ./integration-tests+all
+
+  docker-build:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        with:
+          install: true
+
+      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
+
+      # Setup repo and add caching
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with: 
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+      - name: Expose GitHub Runtime
+        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
+
+      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
+
+      - name: Run Build
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: just test-docker-build
+
+  rechunk-build:
+    timeout-minutes: 40
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
+        with:
+          install-dir: /usr/bin
+          use-sudo: true
+
+      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+      - name: Expose GitHub Runtime
+        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
+
+      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
+
+      - name: Run Build
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: |
+          export CARGO_HOME=$HOME/.cargo
+          just test-fresh-rechunk-build
+          just test-rechunk-build
+
+  arm64-build:
+    timeout-minutes: 90
+    # runs-on: ubuntu-24.04-arm
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        with:
+          install: true
+
+      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+      - name: Expose GitHub Runtime
+        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
+
+      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
+
+      - name: Run Build
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: just test-arm64-build
+
+  docker-build-external-login:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        with:
+          install: true
+
+      - name: Docker Login
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        if: inputs.repo == 'blue-build/cli'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+
+      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
+
+      # Setup repo and add caching
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+
+      - name: Expose GitHub Runtime
+        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
+
+      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
+
+      - name: Run Build
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: just test-docker-build-external-login
+
+  podman-build:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
+
+      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
+
+      # Setup repo and add caching
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+
+      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
+
+      - name: Run Build
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: just test-podman-build
+
+  buildah-build:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
+
+      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
+
+      # Setup repo and add caching
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+
+      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
+
+      - name: Run Build
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: just test-buildah-build
+
+  iso-from-image:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        with:
+          install: true
+
+      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+      - name: Expose GitHub Runtime
+        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
+
+      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
+
+      - name: Run Build
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: just test-generate-iso-image
+
+  iso-from-recipe:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6
+
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        with:
+          install: true
+
+      - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repo }}
+
+
+      - name: Expose GitHub Runtime
+        uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
+
+      - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
+
+      - name: Run Build
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
+          BB_BUILDKIT_CACHE_GHA: true
+        run: just test-generate-iso-image