Overactive version checking / alerting

[fracai]

Bug description

Every page refresh pops a notification at the bottom right stating: Cannot check for new updates. See the browser console.
The browser console says: [Error] Failed to load resource: the server responded with a status of 403 () (latest, line 0)
and: [Error] Got status code 403 from Github API with response {"message":"API rate limit exceeded for 123.123.123.123. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}

I can see from version-notification.riot:46 and version-notification.riot:62 that the UI is trying to check to see if there's a newer version and apparently hitting the GitHub rate limits.

How to Reproduce

1. Go to a registry-ui page.
2. Refresh until you've used up the GitHub API limits.
3. Check the browser console to verify.

Expected behavior

This error should either be handled internally or there should be an option to disable version checks.
Maybe also provide an Environment Variable to set an API key.

System information

• OS: Docker
• Browser:
  • Name: Safari
  • Version: 17.3
• Docker registry UI:
  • Version: latest (2.5.6)
  • Server: docker
  • Docker version: Docker version 25.0.2, build 29cf629
  • Docker registry ui tag: latest
  • OS/Arch: Debian
  • Tools: docker-compose

[Joxit]

Hello,

Thank you for using my project and submitting issues.

The project should not hit GitHub rate limit, as stated

Unauthenticated requests are associated with the originating IP address, not with the user or application that made the request. The primary rate limit for unauthenticated requests is 60 requests per hour.

So you are allowed to 60 requests per hour and the expiry is set to 24 hours... Meaning the UI should check GitHub once a day (the result is stored in your local storage).

Are you using the project in private mode or deleting your localstorage each time ?

[fracai]

Thanks for helping out here. I'm guessing it's an issue with the localStorage. … I'm just realizing that "localStorage" is "browser storage".

I opened the Web Inspector and watched the local storage section. I also took a look at the response headers from a GitHub request with curl. When the rate limit reset I refreshed the Registry UI a few times and saw the local storage update. The GitHub response headers also look like the UI isn't making further requests.

So, there's something on my network that's making too many API requests (I'll have to track that down).

I do think there should be a way to skip the check entirely. Should I change the title? Or close this and open a feature request?

Thanks for your help.

[Joxit]

You're welcome, I think you do have something else hitting the API limits 😅.

I just released a fix where you will be notified only once a day, even if there is an issue with GitHub API.
Checking the version is not critical, so a failure is not a big deal, no need to retry each time.

If you really want a feature to deactivate the version checking (I don't think this will be really used by others), feel free to open a feature request.