From 891240c0bf6c1ffab998e7d7de2784ca1b14ae67 Mon Sep 17 00:00:00 2001 From: Mariusz Jozala Date: Wed, 19 Mar 2025 12:49:31 +0100 Subject: [PATCH 1/2] [CI] Sign in to Docker Hub for Buildkite pipelines Unauthenticated pulls from Docker Hub are heavily rate-limited. After this change, we will use authenticated Docker Hub user so that we can pull public images for tests without being rate-limited. --- .buildkite/hooks/pre-command | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index 13f5ffa6a0d5a..6387af4f368a2 100644 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -94,6 +94,13 @@ if [[ "${USE_PROD_DOCKER_CREDENTIALS:-}" == "true" ]]; then fi fi +if which docker > /dev/null 2>&1; then + DOCKERHUB_REGISTRY_USERNAME="$(vault read -field=username secret/ci/elastic-elasticsearch/docker_hub_public_ro_credentials)" + DOCKERHUB_REGISTRY_PASSWORD="$(vault read -field=password secret/ci/elastic-elasticsearch/docker_hub_public_ro_credentials)" + + docker login --username "$DOCKERHUB_REGISTRY_USERNAME" --password "$DOCKERHUB_REGISTRY_PASSWORD" docker.io +fi + if [[ "$BUILDKITE_AGENT_META_DATA_PROVIDER" != *"k8s"* ]]; then # Run in the background, while the job continues nohup .buildkite/scripts/setup-monitoring.sh /dev/null 2>&1 & From 14cc1af3250c212f045bc1782bbb61da63624360 Mon Sep 17 00:00:00 2001 From: Mariusz Jozala Date: Wed, 19 Mar 2025 13:32:24 +0100 Subject: [PATCH 2/2] Use stdin to provide password --- .buildkite/hooks/pre-command | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index 6387af4f368a2..6bb549df8a1fb 100644 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -94,11 +94,12 @@ if [[ "${USE_PROD_DOCKER_CREDENTIALS:-}" == "true" ]]; then fi fi +# Authenticate to the Docker Hub public read-only registry if which docker > /dev/null 2>&1; then DOCKERHUB_REGISTRY_USERNAME="$(vault read -field=username secret/ci/elastic-elasticsearch/docker_hub_public_ro_credentials)" DOCKERHUB_REGISTRY_PASSWORD="$(vault read -field=password secret/ci/elastic-elasticsearch/docker_hub_public_ro_credentials)" - docker login --username "$DOCKERHUB_REGISTRY_USERNAME" --password "$DOCKERHUB_REGISTRY_PASSWORD" docker.io + echo "$DOCKERHUB_REGISTRY_PASSWORD" | docker login --username "$DOCKERHUB_REGISTRY_USERNAME" --password-stdin docker.io fi if [[ "$BUILDKITE_AGENT_META_DATA_PROVIDER" != *"k8s"* ]]; then