Skip to content

Commit

Permalink
Avoid rate limiting when pulling public docker hub images (#11153)
Browse files Browse the repository at this point in the history
  • Loading branch information
@chainchad
chainchad authored Nov 2, 2023
1 parent 388b267 commit 206fb8b
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 7 deletions.
22 changes: 22 additions & 0 deletions .github/actions/build-sign-publish-chainlink/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@ inputs:
description: Path to the Dockerfile (relative to the repo root)
default: core/chainlink.Dockerfile
required: false
dockerhub_username:
description: Username for Docker Hub to avoid rate limits when pulling public images
required: false
dockerhub_password:
description: Password for Docker Hub to avoid rate limits when pulling public images
required: false
ecr-hostname:
description: The ECR registry scope
default: public.ecr.aws
Expand Down Expand Up @@ -126,6 +132,14 @@ runs:
type=semver,pattern={{version}},suffix=${{ inputs.ecr-tag-suffix }}-root
type=sha,format=short,suffix=${{ inputs.ecr-tag-suffix }}-root
# To avoid rate limiting from Docker Hub, we login with a paid user account.
- name: Login to Docker Hub
if: inputs.dockerhub_username && inputs.dockerhub_password
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
username: ${{ inputs.dockerhub_username }}
password: ${{ inputs.dockerhub_password }}

- name: Build and push root docker image
id: buildpush-root
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
Expand Down Expand Up @@ -159,6 +173,14 @@ runs:
images: ${{ env.shared-images }}
tags: ${{ env.shared-tag-list }}

# To avoid rate limiting from Docker Hub, we login with a paid user account.
- name: Login to Docker Hub
if: inputs.dockerhub_username && inputs.dockerhub_password
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
username: ${{ inputs.dockerhub_username }}
password: ${{ inputs.dockerhub_password }}

- name: Build and push non-root docker image
id: buildpush-nonroot
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/build-publish-develop.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ jobs:
ecr-image-name: chainlink
ecr-tag-suffix: ${{ matrix.image.tag-suffix }}
dockerfile: ${{ matrix.image.dockerfile }}
dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }}
git-commit-sha: ${{ steps.git-ref.outputs.checked-out || github.sha }}
- name: Collect Metrics
if: always()
Expand Down
12 changes: 7 additions & 5 deletions .github/workflows/build-publish.yml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
name: 'Build Chainlink and Publish'
name: "Build Chainlink and Publish"

on:
# Mimics old circleci behaviour
push:
tags:
- 'v*'
- "v*"
branches:
- master
- 'release/**'
- "release/**"

jobs:
checks:
name: 'Checks'
name: "Checks"
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
Expand Down Expand Up @@ -42,10 +42,12 @@ jobs:
aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS }}
aws-region: ${{ secrets.AWS_REGION }}
sign-images: true
sign-method: 'keypair'
sign-method: "keypair"
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-public-key: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }}
verify-signature: true
- name: Collect Metrics
if: always()
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: 'Build Chainlink'
name: "Build Chainlink"

on:
pull_request:
Expand All @@ -7,7 +7,6 @@ on:
- master

jobs:

build-chainlink:
runs-on: ubuntu-20.04
steps:
Expand All @@ -17,6 +16,8 @@ jobs:
- name: Build chainlink image
uses: ./.github/actions/build-sign-publish-chainlink
with:
dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }}
publish: false
sign-images: false
- name: Collect Metrics
Expand Down

0 comments on commit 206fb8b

Please sign in to comment.