name: Earthly main branch +all

concurrency: 
  group: ${{ github.workflow }}-main
  cancel-in-progress: true

on:
  workflow_dispatch:
  push:
    branches:
      - main

env:
  FORCE_COLOR: 1

jobs:
  build:
    permissions:
      packages: write
    timeout-minutes: 60
    runs-on: ubuntu-latest

    steps:
      - name: Maximize build space
        uses: ublue-os/remove-unwanted-software@v6
        env:
          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
        if: env.EARTHLY_SAT_TOKEN == null

      - uses: earthly/actions-setup@v1

      - name: Earthly login
        env:
          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
        if: env.EARTHLY_SAT_TOKEN != null
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
          earthly sat s main

      # Setup repo and add caching
      - uses: actions/checkout@v4
        with:
          ref: main

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Run build
        if: github.repository == 'blue-build/cli'
        run: earthly --push --ci +build

      - name: Run build fork
        if: github.repository != 'blue-build/cli'
        run: earthly --ci +build

  integration-tests:
    permissions:
      packages: write
    timeout-minutes: 60
    runs-on: ubuntu-latest
    if: github.repository == 'blue-build/cli'
    needs:
      - build

    steps:
      - name: Maximize build space
        uses: ublue-os/remove-unwanted-software@v6

      - uses: earthly/actions-setup@v1

      # Setup repo and add caching
      - uses: actions/checkout@v4
        with:
          ref: main

      - name: Run integration tests
        if: github.repository == 'blue-build/cli'
        run: |
          earthly bootstrap
          earthly --ci -P ./integration-tests+all

  docker-build:
    timeout-minutes: 60
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
    if: github.repository == 'blue-build/cli'
    needs:
      - build

    steps:
      - name: Maximize build space
        uses: ublue-os/remove-unwanted-software@v6

      - uses: sigstore/cosign-installer@v3.3.0
      - uses: earthly/actions-setup@v1

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          install: true

      - name: Earthly login
        env:
          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
        if: env.EARTHLY_SAT_TOKEN != null
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
          earthly sat s main

      - uses: actions/checkout@v4
        with:
          ref: main

      - name: Install bluebuild
        run: |
          earthly -a +installer/bluebuild /usr/local/bin/bluebuild

      - name: Expose GitHub Runtime
        uses: crazy-max/ghaction-github-runtime@v3

      - name: Run Build
        env:
          GH_TOKEN: ${{ github.token }}
          GH_PR_EVENT_NUMBER: ${{ github.event.number }}
          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
          BB_BUILDKIT_CACHE_GHA: true
        run: |
          cd integration-tests/test-repo
          bluebuild template -vv | tee Containerfile
          grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
          bluebuild build --push -vv

  podman-build:
    timeout-minutes: 60
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
    if: github.repository == 'blue-build/cli'
    needs:
      - build

    steps:
      - name: Maximize build space
        uses: ublue-os/remove-unwanted-software@v6

      - uses: sigstore/cosign-installer@v3.3.0
      - uses: earthly/actions-setup@v1

      - name: Setup Podman
        shell: bash
        run: |
          # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04
          ubuntu_version='22.04'
          key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key"
          sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}"
          echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list
          curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
          sudo apt-get update
          sudo apt-get install -y podman

      - name: Earthly login
        env:
          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
        if: env.EARTHLY_SAT_TOKEN != null
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
          earthly sat s main

      - uses: actions/checkout@v4
        with:
          ref: main

      - name: Install bluebuild
        run: |
          earthly -a +installer/bluebuild /usr/local/bin/bluebuild

      - name: Run Build
        env:
          GH_TOKEN: ${{ github.token }}
          GH_PR_EVENT_NUMBER: ${{ github.event.number }}
          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
        run: |
          cd integration-tests/test-repo
          bluebuild template -vv | tee Containerfile
          grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
          bluebuild build -B podman --push -vv