chore: fix CI workflow

.arg

@@ -1,3 +1,4 @@
-DOCKERHUB_USER=earthly
+CR_HOST=ghcr.io
+CR_ORG=earthbuild
 IMAGE_NAME=dind
 EARTHLY_REPO_VERSION=0b28ef80785fd88df1ec7e674475b02e046d5b36

.github/CODEOWNERS

@@ -1,2 +1,2 @@
-# PRs require approval from the earthly core team
-* @earthly/core
+# PRs require approval from the EarthBuild admin team
+* @EarthBuild/fork-admins

.github/workflows/ci.yml

@@ -5,35 +5,46 @@ on:
   # push:
   #   branches: [ "main" ]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
-  
+
 jobs:
   test:
     name: test
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     env:
       FORCE_COLOR: 1
       EARTHLY_CONVERSION_PARALLELISM: "5"
-      EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}"
-      EARTHLY_INSTALL_ID: "earthly-dind-githubactions"
+      EARTHLY_INSTALL_ID: "earthbuild-dind-githubactions"
     steps:
-      - uses: earthly/actions/setup-earthly@v1
+      # The dind (common+alpine-kind-test and common+ubuntu-kind-test) detects
+      # the host's IPv6 capability and then requires IPv6 NAT to create networks
+      # for kind. So we load it here.
+      # Ref: https://github.com/moby/moby/pull/47062
+      - name: Load kernel module IPv6 NAT
+        run: sudo modprobe ip6table_nat
+      - name: Set up Docker Hub mirrors
+        run: |
+          sudo mkdir -p /etc/docker
+          echo '{"registry-mirrors": ["https://mirror.gcr.io", "https://public.ecr.aws"]}' | sudo tee /etc/docker/daemon.json
+          sudo systemctl restart docker
+      - name: Set up QEMU
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static binfmt-support
+          sudo update-binfmts --display
+      - uses: earthbuild/actions-setup@main
         with:
           version: v0.8.15
       - uses: actions/checkout@v4
-      - name: Docker login (non fork only)
-        run: |-
-          docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password "${{ secrets.DOCKERHUB_TOKEN }}"
-          docker login registry-1.docker.io.mirror.corp.earthly.dev --username "${{ secrets.DOCKERHUB_MIRROR_USERNAME }}" --password "${{ secrets.DOCKERHUB_MIRROR_PASSWORD }}"
-        if: github.event.pull_request.head.repo.full_name == github.repository
-      - name: Configure Earthly to use mirror (non fork only)
-        run: |-
-          earthly config global.buildkit_additional_config "'[registry.\"docker.io\"]
-          mirrors = [\"registry-1.docker.io.mirror.corp.earthly.dev\"]'"
+      - name: Log in to GitHub Container Registry (non fork only)
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
         if: github.event.pull_request.head.repo.full_name == github.repository
       - name: Run tests
-        run: earthly --ci -P --push --org earthly-technologies --satellite dind +test
+        run: earthly --ci -P --push +test

README.md

@@ -8,7 +8,7 @@ For information on how to use these images, please refer to [docker in earthly](
 
 ## Supported Distributions
 
-There are currently 3 supported dind distributions available: 
+There are currently 4 supported dind distributions available:
 - `alpine`
 - `ubuntu:20.04`
 - `ubuntu:23.04`
@@ -30,7 +30,7 @@ dependencies that will trigger new versions of the dind images such as the docke
 
 ```bash
 .
-├── Earthfile // Targets that apply to all images (e.g. +test) 
+├── Earthfile // Targets that apply to all images (e.g. +test)
 ├── common
 │   └── Earthfile // A library of common helper targets
 └── os // Each directory contains an Earthfile with targets to maintain the specific os (e.g. +test, +build)
@@ -65,7 +65,7 @@ earthly --push -P +test
 
 #### Community members
 
-Community members do not have permissions to push a built image and run the tests against it. However, they can easily set a different dockerhub repository by changing the `DOCKERHUB_USER` ARG value in [.arg](.arg) to a private repository or by passing the arg in the earthly command, e.g. `earthly --push -P +test --DOCKERHUB_USER=<your-user>`.
+Community members do not have permissions to push a built image and run the tests against it. However, they can easily set a different container registry repository by changing the `CR_HOST` (default: ghcr.io) and `CR_ORG` ARG values in [.arg](.arg) to a private container registry repository or by passing the args in the earthly command, e.g. `earthly --push -P +test --CR_HOST=<your-container-registry> --CR_ORG=<your-organization>`.
 
 ## Deployment
 

common/Earthfile

@@ -6,14 +6,14 @@ FROM alpine
 # EARTHLY_REPO_VERSION specifies a branch and/or commit of earthly/earthly (it defaults to the earthly cli version if left empty)
 ARG EARTHLY_REPO_VERSION
 
-IMPORT github.com/earthly/earthly/buildkitd:$EARTHLY_REPO_VERSION AS earthly
-IMPORT github.com/earthly/earthly/tests/with-docker:$EARTHLY_REPO_VERSION AS with-docker
-IMPORT github.com/earthly/earthly/tests/with-docker-compose:$EARTHLY_REPO_VERSION AS with-docker-compose
-IMPORT github.com/earthly/earthly/tests/with-docker-kind:$EARTHLY_REPO_VERSION AS with-docker-kind
-IMPORT github.com/earthly/earthly/tests/dind-auto-install:$EARTHLY_REPO_VERSION AS dind-auto-install
+IMPORT github.com/EarthBuild/earthbuild/buildkitd:$EARTHLY_REPO_VERSION AS earthly
+IMPORT github.com/EarthBuild/earthbuild/tests/with-docker:$EARTHLY_REPO_VERSION AS with-docker
+IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-compose:$EARTHLY_REPO_VERSION AS with-docker-compose
+IMPORT github.com/EarthBuild/earthbuild/tests/with-docker-kind:$EARTHLY_REPO_VERSION AS with-docker-kind
+IMPORT github.com/EarthBuild/earthbuild/tests/dind-auto-install:$EARTHLY_REPO_VERSION AS dind-auto-install
 
-# DOCKERHUB_USER is the organization name in docker hub (default: earthly)
-ARG --global DOCKERHUB_USER
+# CR_ORG is the organization name in a container registry (default: earthbuild)
+ARG --global CR_ORG
 # IMAGE_NAME is the image repository in docker hub (default: dind)
 ARG --global IMAGE_NAME
 
@@ -26,22 +26,31 @@ build:
     # DOCKER_VERSION is the version of docker to use, e.g. 20.10.14
     ARG --required DOCKER_VERSION
     FROM $OS_IMAGE:$OS_VERSION
+    # Ubuntu 23.04 has reached EOL
+    IF [ "$OS_VERSION" = "23.04" ]
+        RUN sed -i \
+            -e 's/archive.ubuntu.com\/ubuntu/old-releases.ubuntu.com\/ubuntu/g' \
+            -e 's/ports.ubuntu.com\/ubuntu-ports/old-releases.ubuntu.com\/ubuntu/g' \
+            -e 's/security.ubuntu.com\/ubuntu/old-releases.ubuntu.com\/ubuntu/g' \
+            /etc/apt/sources.list
+    END
     COPY earthly+export-docker-script/docker-auto-install.sh /usr/local/bin/docker-auto-install.sh
     RUN docker-auto-install.sh
     LET DOCKER_VERSION_TAG=$DOCKER_VERSION
     IF [ "$OS_IMAGE" = "alpine" ]
         RUN apk add iptables-legacy # required for older kernels
     END
-    # DOCKERHUB_USER is the organization name in docker hub (default: earthly)
-    ARG DOCKERHUB_USER
+    # CR_ORG is the organization name in container registry (default: earthbuild)
+    ARG CR_ORG
     # IMAGE_NAME is the image repository in docker hub (default: dind)
     ARG IMAGE_NAME
     COPY --dir --pass-args +get-image-info/image-info .
     LET image_name=$(cat image-info/name)
     LET image_tag=$(cat image-info/tag)
     RUN rm -rf image-info
     ENV OTEL_TRACES_EXPORTER=none # disabled for speed improvement; see https://github.com/earthly/earthly/issues/4066
-    SAVE IMAGE --push $image_name:$image_tag
+    ARG --required CR_HOST
+    SAVE IMAGE --push $CR_HOST/$image_name:$image_tag
 
 # get-image-info generates the image name and tag as a saved artifact so it can be used by multiple targets
 get-image-info:
@@ -59,11 +68,12 @@ get-image-info:
         RUN if echo $DOCKER_VERSION_TAG | grep "[^0-9.-]"; then echo "DOCKER_VERSION_TAG looks bad; got $DOCKER_VERSION_TAG" && exit 1; fi
     END
     LET TAG=$OS_IMAGE-$OS_VERSION-docker-$DOCKER_VERSION_TAG
-    # DOCKERHUB_USER is the organization name in docker hub (default: earthly)
-    ARG --required DOCKERHUB_USER
+    # CR_ORG is the organization name in container registry (default: earthbuild)
+    ARG --required CR_ORG
     # IMAGE_NAME is the image repository in docker hub (default: dind)
     ARG --required IMAGE_NAME
-    LET image_full_name=$DOCKERHUB_USER/$IMAGE_NAME
+    # image_full_name excludes container registry host
+    LET image_full_name=$CR_ORG/$IMAGE_NAME
     ARG SUFFIX
     IF [ -n "$SUFFIX" ]
         SET TAG="$TAG-$SUFFIX"
@@ -75,7 +85,7 @@ get-image-info:
 
 # test runs tests against the specified image (DIND_IMAGE) or otherwise uses the image specified in earthly/earthly repo
 test:
-    # DIND_IMAGE is the full docker image name & tag to run the tests against. The image must exist in the remote docker registry
+    # DIND_IMAGE is the full container image name & tag to run the tests against. The image must exist in the remote container registry
     ARG DIND_IMAGE
     BUILD --pass-args with-docker+all --DIND_IMAGE=$DIND_IMAGE
     BUILD --pass-args dind-auto-install+test --BASE_IMAGE=$DIND_IMAGE
@@ -95,11 +105,12 @@ build-and-test:
     COPY --dir --pass-args +get-image-info/image-info .
     LET image_name=$(cat image-info/name)
     LET image_tag=$(cat image-info/tag)
+    ARG --required CR_HOST
     WAIT
         # EARTHLY_PUSH is a builtin arg that helps determine if the tests should run
         ARG EARTHLY_PUSH
         IF [ "$EARTHLY_PUSH" = "true" ]
-            BUILD --pass-args ../os/$DIR_PATH+test --DIND_IMAGE=$image_name:$image_tag
+            BUILD --pass-args ../os/$DIR_PATH+test --DIND_IMAGE=$CR_HOST/$image_name:$image_tag
         END
     END
 
@@ -114,12 +125,12 @@ push-new-tag:
             exit 1
         END
     END
-    FROM $DOCKERHUB_USER/$IMAGE_NAME:$TAG_WITH_DATE
+    FROM $CR_ORG/$IMAGE_NAME:$TAG_WITH_DATE
     LET new_tag="$(echo ${TAG_WITH_DATE%-*})"
     IF [ "$new_tag" = "$TAG_WITH_DATE" ]
        RUN --no-cache echo "failed to remove date from tag $TAG_WITH_DATE" && exit 1
     END
-    SAVE IMAGE --push $DOCKERHUB_USER/$IMAGE_NAME:$new_tag
+    SAVE IMAGE --push $CR_ORG/$IMAGE_NAME:$new_tag
 
 # push-new-tag-multi-platform builds push-new-tag using both amd64 & arm64 platforms.
 push-new-tag-multi-platform: