name: Earthly main branch +all

on:
  workflow_dispatch:
  push:
    branches:
      - main

env:
  FORCE_COLOR: 1

jobs:
  build:
    permissions:
      packages: write
    timeout-minutes: 60
    runs-on: ubuntu-latest

    steps:
      - name: Maximize build space
        uses: ublue-os/remove-unwanted-software@v6

      - uses: earthly/actions-setup@v1
        with:
          version: v0.8.3

      - name: Earthly login
        env:
          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
        if: env.EARTHLY_SAT_TOKEN != null
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
          earthly sat s blue-build

      # Setup repo and add caching
      - uses: actions/checkout@v4
        with:
          ref: main

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Run build
        if: github.repository == 'blue-build/cli'
        run: earthly --push --ci +build

      - name: Switch to integration-tests satellite
        env:
          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
        if: env.EARTHLY_SAT_TOKEN != null
        run: earthly sat s blue-build-integration-tests

      - name: Run integration tests
        if: github.repository == 'blue-build/cli'
        run: earthly --ci -P ./integration-tests+all

  docker-build:
    timeout-minutes: 60
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write

    steps:
      - name: Maximize build space
        uses: ublue-os/remove-unwanted-software@v6

      - uses: sigstore/cosign-installer@v3.3.0
      - uses: earthly/actions-setup@v1
        with:
          version: v0.8.3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          install: true

      - name: Earthly login
        env:
          EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
        if: env.EARTHLY_SAT_TOKEN != null
        run: |
          earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
          earthly org s blue-build
          earthly sat s blue-build-integration-tests

      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.ref }}

      - name: Install bluebuild
        env:
          BB_BUILDKIT_CACHE_GHA: true
        run: |
          earthly -a +install/bluebuild --BUILD_TARGET=x86_64-unknown-linux-musl /usr/local/bin/bluebuild

      - name: Expose GitHub Runtime
        uses: crazy-max/ghaction-github-runtime@v3

      - name: Run Build
        env:
          BB_BUILDKIT_CACHE_GHA: "true"
          GH_TOKEN: ${{ github.token }}
          GH_PR_EVENT_NUMBER: ${{ github.event.number }}
          COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
        run: |
          cd integration-tests/test-repo
          bluebuild build --push -vv