diff --git a/.github/actions/build-sign-publish-chainlink/action.yml b/.github/actions/build-sign-publish-chainlink/action.yml index 55c682bc8d9..fe4ef858f58 100644 --- a/.github/actions/build-sign-publish-chainlink/action.yml +++ b/.github/actions/build-sign-publish-chainlink/action.yml @@ -13,6 +13,12 @@ inputs: description: Path to the Dockerfile (relative to the repo root) default: core/chainlink.Dockerfile required: false + dockerhub_username: + description: Username for Docker Hub to avoid rate limits when pulling public images + required: false + dockerhub_password: + description: Password for Docker Hub to avoid rate limits when pulling public images + required: false ecr-hostname: description: The ECR registry scope default: public.ecr.aws @@ -126,6 +132,14 @@ runs: type=semver,pattern={{version}},suffix=${{ inputs.ecr-tag-suffix }}-root type=sha,format=short,suffix=${{ inputs.ecr-tag-suffix }}-root + # To avoid rate limiting from Docker Hub, we login with a paid user account. + - name: Login to Docker Hub + if: inputs.dockerhub_username && inputs.dockerhub_password + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ inputs.dockerhub_username }} + password: ${{ inputs.dockerhub_password }} + - name: Build and push root docker image id: buildpush-root uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 @@ -159,6 +173,14 @@ runs: images: ${{ env.shared-images }} tags: ${{ env.shared-tag-list }} + # To avoid rate limiting from Docker Hub, we login with a paid user account. + - name: Login to Docker Hub + if: inputs.dockerhub_username && inputs.dockerhub_password + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ inputs.dockerhub_username }} + password: ${{ inputs.dockerhub_password }} + - name: Build and push non-root docker image id: buildpush-nonroot uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 diff --git a/.github/workflows/build-publish-develop.yml b/.github/workflows/build-publish-develop.yml index 076fdf817df..b8859722378 100644 --- a/.github/workflows/build-publish-develop.yml +++ b/.github/workflows/build-publish-develop.yml @@ -52,6 +52,8 @@ jobs: ecr-image-name: chainlink ecr-tag-suffix: ${{ matrix.image.tag-suffix }} dockerfile: ${{ matrix.image.dockerfile }} + dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }} + dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }} git-commit-sha: ${{ steps.git-ref.outputs.checked-out || github.sha }} - name: Collect Metrics if: always() diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index 4d5a42a369f..1bda6957a2a 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -1,17 +1,17 @@ -name: 'Build Chainlink and Publish' +name: "Build Chainlink and Publish" on: # Mimics old circleci behaviour push: tags: - - 'v*' + - "v*" branches: - master - - 'release/**' + - "release/**" jobs: checks: - name: 'Checks' + name: "Checks" runs-on: ubuntu-20.04 steps: - name: Checkout repository @@ -42,10 +42,12 @@ jobs: aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS }} aws-region: ${{ secrets.AWS_REGION }} sign-images: true - sign-method: 'keypair' + sign-method: "keypair" cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }} cosign-public-key: ${{ secrets.COSIGN_PUBLIC_KEY }} cosign-password: ${{ secrets.COSIGN_PASSWORD }} + dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }} + dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }} verify-signature: true - name: Collect Metrics if: always() diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0f9a8ea8b35..6282e2168d8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: 'Build Chainlink' +name: "Build Chainlink" on: pull_request: @@ -7,7 +7,6 @@ on: - master jobs: - build-chainlink: runs-on: ubuntu-20.04 steps: @@ -17,6 +16,8 @@ jobs: - name: Build chainlink image uses: ./.github/actions/build-sign-publish-chainlink with: + dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }} + dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }} publish: false sign-images: false - name: Collect Metrics