You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A lot of our base container images use images from Docker Hub. Unfortunately, Docker Hub has quite restrictive rate limits1 and we frequently hit them when running tests2.
Copying the base images that we rely on, on a regular basis, into a container registry that we have more control of, like GitHub Container Registry or an Azure Container Registry instance, would prevent flaky test failures due to rate limits.
There are two main concerns I have about an approach like this:
Currently we rely a lot on mutable container tags and implicitly get updates i.e. python:3.9 is mutable. If we start copying images into our own registry, we'd have to take care to stay on top of any updates to tags we rely on
Do the licenses of the container images allow for us to copy them to our own registry?
An alternative to this would be to use something like docker/login-action to authenticate with Docker Hub and get a higher rate limit. But that requires us to manage credentials.
All of them are either based on Debian 12 (Bookworm) or Ubuntu 22.04 (Jammy).
Another alternative that I didn't mention in the initial post is migrating to the Microsoft Container Registry, and a Linux distribution hosted there, such as Mariner. There are already equivalent base images for most of the Ubuntu/Debian images we currently rely on:
The only equivalent that is missing in a golang base image. Golang is packaged for Mariner1, so it may just be a matter of requesting a base image be created
Code improvement description
A lot of our base container images use images from Docker Hub. Unfortunately, Docker Hub has quite restrictive rate limits1 and we frequently hit them when running tests2.
Copying the base images that we rely on, on a regular basis, into a container registry that we have more control of, like GitHub Container Registry or an Azure Container Registry instance, would prevent flaky test failures due to rate limits.
There are two main concerns I have about an approach like this:
python:3.9
is mutable. If we start copying images into our own registry, we'd have to take care to stay on top of any updates to tags we rely onAn alternative to this would be to use something like
docker/login-action
to authenticate with Docker Hub and get a higher rate limit. But that requires us to manage credentials.Footnotes
https://docs.docker.com/docker-hub/download-rate-limit/ ↩
https://github.com/dependabot/dependabot-core/pull/9042#issuecomment-1942050753 ↩
The text was updated successfully, but these errors were encountered: