fix: add Docker Hub authentication to CI workflow #37
Conversation
Resolves Docker Hub rate limiting issues causing CI failures. - Add optional Docker Hub authentication to CI workflow - Configure DOCKERHUB_USERNAME and DOCKERHUB_TOKEN secrets - Add login step before jobs that pull Docker images (postgres, redis) - Make auth optional with continue-on-error for backward compatibility - Add documentation for setting up Docker Hub access tokens This prevents "unauthorized: authentication required" errors when pulling Docker images in GitHub Actions. The authentication is optional - CI will still work without credentials but with lower rate limits (100 vs 200 pulls per 6 hours). 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Summary of ChangesHello @zensgit, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses recurring CI failures caused by Docker Hub rate limiting by introducing an optional authentication mechanism for Docker image pulls. By allowing users to configure Docker Hub credentials, the CI workflow can leverage higher rate limits, ensuring more stable and reliable builds while maintaining compatibility for environments without configured credentials. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Pull Request Overview
This PR fixes Docker Hub rate limiting issues causing CI failures by adding optional Docker Hub authentication to the GitHub Actions workflow. The solution maintains backward compatibility while providing higher rate limits for authenticated users.
- Adds optional Docker Hub authentication to CI workflow with graceful fallback
- Configures environment variables for Docker Hub credentials using GitHub secrets
- Includes comprehensive documentation for setting up Docker Hub access tokens
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/ci.yml | Adds Docker Hub login steps to rust-test and rust-core-check jobs with optional authentication |
| .github/DOCKER_AUTH_SETUP.md | Provides setup instructions and documentation for Docker Hub authentication configuration |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Login to Docker Hub | ||
| if: env.DOCKER_USERNAME != '' && env.DOCKER_TOKEN != '' |
There was a problem hiding this comment.
The condition checks for non-empty strings, but GitHub Actions environment variables are undefined (not empty strings) when secrets don't exist. Use if: env.DOCKER_USERNAME && env.DOCKER_TOKEN instead to properly check for the existence of these variables.
| if: env.DOCKER_USERNAME != '' && env.DOCKER_TOKEN != '' | |
| if: env.DOCKER_USERNAME && env.DOCKER_TOKEN |
Copilot uses AI. Check for mistakes.
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Login to Docker Hub | ||
| if: env.DOCKER_USERNAME != '' && env.DOCKER_TOKEN != '' |
There was a problem hiding this comment.
Same issue as the previous Docker login step - the condition checks for non-empty strings, but GitHub Actions environment variables are undefined when secrets don't exist. Use if: env.DOCKER_USERNAME && env.DOCKER_TOKEN instead.
| if: env.DOCKER_USERNAME != '' && env.DOCKER_TOKEN != '' | |
| if: env.DOCKER_USERNAME && env.DOCKER_TOKEN |
Copilot uses AI. Check for mistakes.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces documentation for setting up Docker Hub authentication to resolve CI failures caused by rate limiting. The new DOCKER_AUTH_SETUP.md file clearly explains the problem, solution, and setup steps. My review focuses on improving this documentation for better clarity and adherence to common conventions. I've suggested clarifying a potential version inconsistency, adding an external reference for Docker's rate limits, and ensuring the file ends with a newline.
| unauthorized: authentication required | ||
| ``` | ||
|
|
||
| This happens when GitHub Actions tries to pull Docker images (postgres:15, redis:7) but hits Docker Hub rate limits for unauthenticated requests. |
There was a problem hiding this comment.
The PostgreSQL version postgres:15 mentioned here is inconsistent with the postgres:16-alpine version specified in the project's docker-compose.yml. While the CI environment might use a different version, this discrepancy can be confusing for developers. To improve clarity, please ensure the version number in the documentation is accurate for the context it describes (CI).
| 5. Copy the token and save it as `DOCKERHUB_TOKEN` secret in GitHub | ||
|
|
||
| ## Benefits | ||
| - Avoids Docker Hub rate limits (100 pulls/6hr for anonymous vs 200 pulls/6hr for authenticated) |
There was a problem hiding this comment.
To provide an authoritative source for the rate limit figures, it's helpful to link to the official Docker Hub documentation. This allows users to verify the information and stay informed about any changes to Docker's policies.
| - Avoids Docker Hub rate limits (100 pulls/6hr for anonymous vs 200 pulls/6hr for authenticated) | |
| - Avoids Docker Hub rate limits ([100 pulls/6hr for anonymous vs 200 pulls/6hr for authenticated](https://docs.docker.com/docker-hub/download-rate-limit/)) |
| - `.github/workflows/ci.yml`: Added Docker authentication steps | ||
|
|
||
| ## Testing | ||
| After adding the secrets, the CI will automatically use Docker Hub authentication for all Docker image pulls. No newline at end of file |
There was a problem hiding this comment.
It is a standard convention for text files to end with a single newline character. Some tools may have issues processing files that lack a final newline. Please add one to adhere to this best practice.
| After adding the secrets, the CI will automatically use Docker Hub authentication for all Docker image pulls. | |
| After adding the secrets, the CI will automatically use Docker Hub authentication for all Docker image pulls. | |
1 participant
Summary
Resolves Docker Hub rate limiting issues that were causing CI failures with "unauthorized: authentication required" errors.
Changes
continue-on-error: truefor backward compatibilityHow It Works
Setup Instructions
To enable Docker authentication:
DOCKERHUB_USERNAME(your Docker Hub username)DOCKERHUB_TOKEN(create at hub.docker.com → Account Settings → Security → New Access Token)See
.github/DOCKER_AUTH_SETUP.mdfor detailed instructions.Testing
rust-testandrust-core-checkjobs updated🤖 Generated with Claude Code