Description
Description
Currently, docker pull contacts Docker Hub (or another registry), even when the requested image is already present locally and up to date. This behavior:
- Triggers unauthenticated rate limits unnecessarily.
- Makes it unsafe to use
docker pullin CI environments without Docker Hub authentication.
Please consider adding a flag to docker pull that checks the local image cache first and skips contacting the registry if the image is already available locally.
Worst of all, docker pull is currently inconsistent—it sometimes succeeds and sometimes fails, even when the image is already cached locally.
Here is an example where both images are present locally:
Pulling atlassian/bamboo-server
docker pull atlassian/bamboo-server
Using default tag: latest
latest: Pulling from atlassian/bamboo-server
Digest: sha256:b3d33daee6667c15ae3f1a9225bd85f493a23183f4d33776aa7243822d0fa820
Status: Image is up to date for atlassian/bamboo-server:latest
docker.io/atlassian/bamboo-server:latest
Pulling buildkite/agent
docker pull buildkite/agent
Using default tag: latest
Error response from daemon: toomanyrequests: You have reached your unauthenticated pull rate limit. https://www.docker.com/increase-rate-limit
A common workaround is to explicitly check for the image before pulling:
if ! docker image inspect ubuntu:22.04 > /dev/null 2>&1; then
docker pull ubuntu:22.04
fiAlternatively, pulling by digest avoids the registry check:
docker pull ubuntu@sha256:<digest>But these approaches are manual and error-prone. A built-in option (e.g. --check-cache-first) would offer a simpler and more robust solution for both local workflows and CI pipelines.