name: Earthly PR +build concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true on: pull_request: env: FORCE_COLOR: 1 CLICOLOR_FORCE: 1 RUST_LOG_STYLE: always jobs: arm64-prebuild: timeout-minutes: 10 runs-on: ubuntu-latest if: github.repository == github.event.pull_request.head.repo.full_name steps: - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build earthly sat s arm - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - name: Run build id: build run: | earthly --ci --push -P +prebuild amd64-prebuild: timeout-minutes: 10 runs-on: ubuntu-latest if: github.repository == github.event.pull_request.head.repo.full_name steps: - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build earthly sat s amd - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - name: Run build id: build run: | earthly --ci --push -P +prebuild build-images: timeout-minutes: 60 runs-on: ubuntu-latest if: github.repository == github.event.pull_request.head.repo.full_name needs: - arm64-prebuild - amd64-prebuild steps: - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build earthly sat s pr - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - name: Run build id: build run: | earthly --ci --push -P +build-images-all build-scripts: timeout-minutes: 5 runs-on: ubuntu-latest if: github.repository == github.event.pull_request.head.repo.full_name steps: - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - name: Earthly login env: EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} if: env.EARTHLY_SAT_TOKEN != null run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build earthly sat s pr - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - name: Run build id: build run: | earthly --ci --push -P +build-scripts-all integration-tests: permissions: packages: write timeout-minutes: 60 runs-on: ubuntu-latest steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 # Setup repo and add caching - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Run integration tests run: | earthly bootstrap earthly --ci -P ./integration-tests+all test: timeout-minutes: 10 runs-on: ubuntu-latest steps: - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Run test id: build run: | earthly --ci +test lint: timeout-minutes: 10 runs-on: ubuntu-latest steps: - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Run lint id: build run: | earthly --ci +lint docker-build: timeout-minutes: 30 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-docker-build rechunk-build: timeout-minutes: 30 runs-on: ubuntu-24.04 permissions: contents: read packages: write id-token: write steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 with: install-dir: /usr/bin use-sudo: true - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} run: | export CARGO_HOME=$HOME/.cargo just test-fresh-rechunk-build just test-rechunk-build arm64-build: timeout-minutes: 60 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-arm64-build docker-build-external-login: timeout-minutes: 30 runs-on: ubuntu-latest if: github.repository == github.event.pull_request.head.repo.full_name permissions: contents: read packages: write id-token: write steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - name: Docker Login uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-docker-build-external-login podman-build: timeout-minutes: 30 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} run: just test-podman-build buildah-build: timeout-minutes: 30 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} run: just test-buildah-build iso-from-image: timeout-minutes: 30 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-generate-iso-image iso-from-recipe: timeout-minutes: 30 runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 with: install: true - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 - name: Run Build env: GH_TOKEN: ${{ github.token }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} BB_BUILDKIT_CACHE_GHA: true run: just test-generate-iso-recipe