name: Earthly main branch +all concurrency: group: ${{ github.workflow }}-main cancel-in-progress: true on: workflow_dispatch: push: branches: - main env: FORCE_COLOR: 1 CLICOLOR_FORCE: 1 RUST_LOG_STYLE: always jobs: test: timeout-minutes: 20 runs-on: ubuntu-latest steps: - uses: earthly/actions-setup@v1 - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Run build id: build run: | earthly --ci +test lint: timeout-minutes: 20 runs-on: ubuntu-latest steps: - uses: earthly/actions-setup@v1 - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Run build id: build run: | earthly --ci +test arm64-prebuild: timeout-minutes: 60 runs-on: ubuntu-latest if: github.repository == 'blue-build/cli' steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - name: Earthly login env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN != null run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build earthly sat s arm # Setup repo and add caching - uses: actions/checkout@v4 with: ref: main - name: Login to GitHub Container Registry uses: docker/login-action@v3 if: github.token != null with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - name: Run build id: build run: | earthly --ci --push -P +prebuild amd64-prebuild: timeout-minutes: 60 runs-on: ubuntu-latest if: github.repository == 'blue-build/cli' steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - name: Earthly login env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN != null run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build earthly sat s amd # Setup repo and add caching - uses: actions/checkout@v4 with: ref: main - name: Login to GitHub Container Registry uses: docker/login-action@v3 if: github.token != null with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - name: Run build id: build run: | earthly --ci --push -P +prebuild build-scripts: timeout-minutes: 60 runs-on: ubuntu-latest if: github.repository == 'blue-build/cli' steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - name: Earthly login env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN != null run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build earthly sat s pr - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - name: Run build id: build run: | earthly --ci --push -P +build-scripts-all build-images: permissions: packages: write timeout-minutes: 60 runs-on: ubuntu-latest needs: - arm64-prebuild - amd64-prebuild steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - name: Earthly login env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN != null run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build earthly sat s main # Setup repo and add caching - uses: actions/checkout@v4 with: ref: main - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run build if: github.repository == 'blue-build/cli' run: earthly --push --ci -P +build-images-all - name: Run build fork if: github.repository != 'blue-build/cli' run: earthly --ci -P +build-images-all integration-tests: permissions: packages: write timeout-minutes: 60 runs-on: ubuntu-latest if: github.repository == 'blue-build/cli' needs: - build-scripts - amd64-prebuild steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: earthly/actions-setup@v1 # Setup repo and add caching - uses: actions/checkout@v4 with: ref: main - name: Run integration tests if: github.repository == 'blue-build/cli' run: | earthly bootstrap earthly --ci -P ./integration-tests+all docker-build: timeout-minutes: 60 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write if: github.repository == 'blue-build/cli' needs: - build-scripts steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: sigstore/cosign-installer@v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@v1 # Setup repo and add caching - uses: actions/checkout@v4 with: ref: main - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 - uses: extractions/setup-just@v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-docker-build arm64-build: timeout-minutes: 40 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write if: github.repository == 'blue-build/cli' needs: - build-scripts steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: sigstore/cosign-installer@v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@v1 - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 - uses: extractions/setup-just@v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-arm64-build docker-build-external-login: timeout-minutes: 60 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write if: github.repository == 'blue-build/cli' needs: - build-scripts steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: sigstore/cosign-installer@v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: install: true - name: Docker Login uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: actions-rust-lang/setup-rust-toolchain@v1 # Setup repo and add caching - uses: actions/checkout@v4 with: ref: main - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 - uses: extractions/setup-just@v1 - name: Run Build env: GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-docker-build-external-login docker-build-oauth-login: timeout-minutes: 60 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write needs: - build-scripts if: github.repository == 'blue-build/cli' steps: - name: Google Auth id: auth uses: "google-github-actions/auth@v2" with: token_format: "access_token" service_account: ${{ secrets.SERVICE_ACCOUNT }} project_id: bluebuild-oidc create_credentials_file: false workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY }} - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: sigstore/cosign-installer@v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@v1 - name: Docker Auth id: docker-auth uses: "docker/login-action@v3" with: username: "oauth2accesstoken" password: "${{ steps.auth.outputs.access_token }}" registry: us-east1-docker.pkg.dev - uses: actions/checkout@v4 with: ref: main - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 - uses: extractions/setup-just@v1 - name: Run Build env: GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-docker-build-oauth-login podman-build: timeout-minutes: 60 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write if: github.repository == 'blue-build/cli' needs: - build-scripts steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: sigstore/cosign-installer@v3.3.0 - name: Setup Podman shell: bash run: | # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 ubuntu_version='22.04' key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null sudo apt-get update sudo apt-get install -y podman - uses: actions-rust-lang/setup-rust-toolchain@v1 # Setup repo and add caching - uses: actions/checkout@v4 with: ref: main - uses: extractions/setup-just@v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} run: just test-podman-build buildah-build: timeout-minutes: 60 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write if: github.repository == 'blue-build/cli' needs: - build-scripts steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: sigstore/cosign-installer@v3.3.0 - name: Setup Podman shell: bash run: | # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 ubuntu_version='22.04' key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null sudo apt-get update sudo apt-get install -y buildah - uses: actions-rust-lang/setup-rust-toolchain@v1 # Setup repo and add caching - uses: actions/checkout@v4 with: ref: main - uses: extractions/setup-just@v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} run: just test-buildah-build iso-from-image: timeout-minutes: 60 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write needs: - build-scripts if: github.repository == 'blue-build/cli' steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: sigstore/cosign-installer@v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@v1 - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 - uses: extractions/setup-just@v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-generate-iso-image iso-from-recipe: timeout-minutes: 60 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write needs: - build-scripts if: github.repository == 'blue-build/cli' steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 - uses: sigstore/cosign-installer@v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@v1 - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 - uses: extractions/setup-just@v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-generate-iso-image