Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using images from Docker Hub in CI #1667

Closed
felixfontein opened this issue Oct 28, 2024 · 10 comments · Fixed by #1722
Closed

Stop using images from Docker Hub in CI #1667

felixfontein opened this issue Oct 28, 2024 · 10 comments · Fixed by #1722
Labels
area/CI

Comments

@felixfontein
Copy link
Contributor

Docker Hub's rate limits make CI fail from time to time, see for example https://github.com/getsops/sops/actions/runs/11560893288/attempts/1.
@felixfontein
Copy link
Contributor Author

@getsops/maintainers what do you think about creating another repository and pushing the images we need into that repository's package registry? (We could also push them into the package registry associated with this repository, but that doesn't look great. I've done that in another project and now it looks like the test images there are similar to release artifacts...)

@onedr0p
Copy link
Contributor

onedr0p commented Dec 24, 2024

I would totally be fine with deprecating pushing to dockerhub and continue using ghcr instead.

@felixfontein
Copy link
Contributor Author

I don't mean the releases, just the Docker images we use in the CI tests: docker.io/nsmithuk/local-kms (https://github.com/getsops/sops/blob/main/kms/keysource_test.go#L36) and vault (https://github.com/getsops/sops/blob/main/hcvault/keysource_test.go#L44)

@felixfontein
Copy link
Contributor Author

(I don't think we publish SOPS versions to Docker Hub anyway, from https://github.com/getsops/sops/blob/main/.goreleaser.yaml#L144-L257 it seems we publish images to GHCR and Quay.io. The GHCR images are here: https://github.com/getsops/sops/pkgs/container/sops and the Quay.io images are here: https://quay.io/repository/getsops/sops?tab=tags&tag=latest)

@onedr0p
Copy link
Contributor

onedr0p commented Dec 24, 2024

Ah, sorry. I believe we can use the following instead?

https://gallery.ecr.aws/nsmithuk/local-kms
https://gallery.ecr.aws/hashicorp/vault

@felixfontein felixfontein mentioned this issue Dec 24, 2024
Closed
@felixfontein
Copy link
Contributor Author

Well, that didn't help: 2024/12/24 19:55:21 could not start resource: toomanyrequests: Rate exceeded

I guess GHCR is our best bet.

@sabre1041
Copy link

@felixfontein for images that are currently hosted on Docker Hub, would it make sense to add a sync job and source it from GHCR?

@felixfontein
Copy link
Contributor Author

@sabre1041 that's basically what I would do. I'd create a repository https://github.com/getsops/ci-container-images for that (or something like that) and set up a workflow there that does the mirroring and pushes the images to that repository's container registry.

@onedr0p
Copy link
Contributor

onedr0p commented Dec 25, 2024

@felixfontein I've done something like that in the past. Take a look here. https://github.com/onedr0p/containers-mirror

@felixfontein felixfontein mentioned this issue Dec 25, 2024
Merged
@felixfontein
Copy link
Contributor Author

I created https://github.com/getsops/ci-container-images and set up basic mirroring for the images we need, and created #1722 to use them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/CI
Projects
None yet
Milestone
No milestone
3 participants
@onedr0p @sabre1041 @felixfontein