fix: Handle login for skopeo during rechunk flow #478
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Earthly main branch +all | |
| concurrency: | |
| group: ${{ github.workflow }}-main | |
| cancel-in-progress: true | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| FORCE_COLOR: 1 | |
| CLICOLOR_FORCE: 1 | |
| RUST_LOG_STYLE: always | |
| jobs: | |
| test: | |
| timeout-minutes: 20 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| ref: ${{github.event.pull_request.head.ref}} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| - name: Run build | |
| id: build | |
| run: | | |
| earthly --ci +test | |
| lint: | |
| timeout-minutes: 20 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| ref: ${{github.event.pull_request.head.ref}} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| - name: Run build | |
| id: build | |
| run: | | |
| earthly --ci +test | |
| arm64-prebuild: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'blue-build/cli' | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| env: | |
| EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} | |
| if: env.EARTHLY_SAT_TOKEN == null | |
| - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 | |
| - name: Earthly login | |
| env: | |
| EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} | |
| if: env.EARTHLY_SAT_TOKEN != null | |
| run: | | |
| earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null | |
| earthly org s blue-build | |
| earthly sat s arm | |
| # Setup repo and add caching | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| if: github.token != null | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Run build | |
| id: build | |
| run: | | |
| earthly --ci --push -P +prebuild | |
| amd64-prebuild: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'blue-build/cli' | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| env: | |
| EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} | |
| if: env.EARTHLY_SAT_TOKEN == null | |
| - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 | |
| - name: Earthly login | |
| env: | |
| EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} | |
| if: env.EARTHLY_SAT_TOKEN != null | |
| run: | | |
| earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null | |
| earthly org s blue-build | |
| earthly sat s amd | |
| # Setup repo and add caching | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| if: github.token != null | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Run build | |
| id: build | |
| run: | | |
| earthly --ci --push -P +prebuild | |
| build-scripts: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'blue-build/cli' | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| env: | |
| EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} | |
| if: env.EARTHLY_SAT_TOKEN == null | |
| - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 | |
| - name: Earthly login | |
| env: | |
| EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} | |
| if: env.EARTHLY_SAT_TOKEN != null | |
| run: | | |
| earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null | |
| earthly org s blue-build | |
| earthly sat s main | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| ref: ${{github.event.pull_request.head.ref}} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Run build | |
| id: build | |
| run: | | |
| earthly --ci --push -P +build-scripts-all | |
| build-images: | |
| permissions: | |
| packages: write | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| needs: | |
| - arm64-prebuild | |
| - amd64-prebuild | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| env: | |
| EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} | |
| if: env.EARTHLY_SAT_TOKEN == null | |
| - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 | |
| - name: Earthly login | |
| env: | |
| EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} | |
| if: env.EARTHLY_SAT_TOKEN != null | |
| run: | | |
| earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null | |
| earthly org s blue-build | |
| earthly sat s main | |
| # Setup repo and add caching | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run build | |
| if: github.repository == 'blue-build/cli' | |
| run: earthly --push --ci -P +build-images-all | |
| - name: Run build fork | |
| if: github.repository != 'blue-build/cli' | |
| run: earthly --ci -P +build-images-all | |
| integration-tests: | |
| permissions: | |
| packages: write | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'blue-build/cli' | |
| needs: | |
| - build-scripts | |
| - amd64-prebuild | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 | |
| # Setup repo and add caching | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - name: Run integration tests | |
| if: github.repository == 'blue-build/cli' | |
| run: | | |
| earthly bootstrap | |
| earthly --ci -P ./integration-tests+all | |
| docker-build: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| if: github.repository == 'blue-build/cli' | |
| needs: | |
| - build-scripts | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| with: | |
| install: true | |
| - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| # Setup repo and add caching | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| - name: Run Build | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| BB_BUILDKIT_CACHE_GHA: true | |
| run: just test-docker-build | |
| rechunk-build: | |
| timeout-minutes: 20 | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| with: | |
| install-dir: /usr/bin | |
| use-sudo: true | |
| - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| - name: Run Build | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| run: | | |
| export CARGO_HOME=$HOME/.cargo | |
| just test-fresh-rechunk-build | |
| just test-rechunk-build | |
| arm64-build: | |
| timeout-minutes: 40 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| if: github.repository == 'blue-build/cli' | |
| needs: | |
| - build-scripts | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| with: | |
| install: true | |
| - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| ref: ${{github.event.pull_request.head.ref}} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| - name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| - name: Run Build | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| BB_BUILDKIT_CACHE_GHA: true | |
| run: just test-arm64-build | |
| docker-build-external-login: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| if: github.repository == 'blue-build/cli' | |
| needs: | |
| - build-scripts | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| with: | |
| install: true | |
| - name: Docker Login | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| # Setup repo and add caching | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| - name: Run Build | |
| env: | |
| GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| BB_BUILDKIT_CACHE_GHA: true | |
| run: just test-docker-build-external-login | |
| # Free trial is over | |
| # docker-build-oauth-login: | |
| # timeout-minutes: 60 | |
| # runs-on: ubuntu-latest | |
| # permissions: | |
| # contents: read | |
| # packages: write | |
| # id-token: write | |
| # needs: | |
| # - build-scripts | |
| # if: github.repository == 'blue-build/cli' | |
| # steps: | |
| # - name: Google Auth | |
| # id: auth | |
| # uses: "google-github-actions/auth@v2" | |
| # with: | |
| # token_format: "access_token" | |
| # service_account: ${{ secrets.SERVICE_ACCOUNT }} | |
| # project_id: bluebuild-oidc | |
| # create_credentials_file: false | |
| # workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY }} | |
| # - name: Maximize build space | |
| # uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| # - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| # - name: Set up Docker Buildx | |
| # uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| # with: | |
| # install: true | |
| # - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| # - name: Docker Auth | |
| # id: docker-auth | |
| # uses: "docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0" | |
| # with: | |
| # username: "oauth2accesstoken" | |
| # password: "${{ steps.auth.outputs.access_token }}" | |
| # registry: us-east1-docker.pkg.dev | |
| # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # with: | |
| # ref: main | |
| # - name: Expose GitHub Runtime | |
| # uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
| # - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| # - name: Run Build | |
| # env: | |
| # GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| # COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| # BB_BUILDKIT_CACHE_GHA: true | |
| # run: just test-docker-build-oauth-login | |
| podman-build: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| if: github.repository == 'blue-build/cli' | |
| needs: | |
| - build-scripts | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| # Setup repo and add caching | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| - name: Run Build | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| run: just test-podman-build | |
| buildah-build: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| if: github.repository == 'blue-build/cli' | |
| needs: | |
| - build-scripts | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| # Setup repo and add caching | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| ref: main | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| - name: Run Build | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| run: just test-buildah-build | |
| iso-from-image: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| needs: | |
| - build-scripts | |
| if: github.repository == 'blue-build/cli' | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| with: | |
| install: true | |
| - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| ref: ${{github.event.pull_request.head.ref}} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| - name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| - name: Run Build | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| BB_BUILDKIT_CACHE_GHA: true | |
| run: just test-generate-iso-image | |
| iso-from-recipe: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| needs: | |
| - build-scripts | |
| if: github.repository == 'blue-build/cli' | |
| steps: | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@e3843c85f5f9b73626845de0f5d44fb78ce22e12 # v6 | |
| - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.3.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| with: | |
| install: true | |
| - uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| ref: ${{github.event.pull_request.head.ref}} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| - name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1 | |
| - name: Run Build | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GH_PR_EVENT_NUMBER: ${{ github.event.number }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} | |
| BB_BUILDKIT_CACHE_GHA: true | |
| run: just test-generate-iso-image |