Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[REQ] Implement docker hub authentication for checkmarx/ast-cli docker image to avoid pull rate limits #182

Open
PavanTatikonda opened this issue May 29, 2024 · 1 comment
Open

[REQ] Implement docker hub authentication for checkmarx/ast-cli docker image to avoid pull rate limits #182

PavanTatikonda opened this issue May 29, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@PavanTatikonda
Copy link

Is your request related to a workflow problem?

Developers and CI/CD pipelines using the checkmarx/ast-cli docker image frequently encounter docker hub pull rate limits, disrupting development and deployment workflows. This issue arises due to the unauthenticated use of the Docker Hub API, resulting in frequent rate limit hits.

  #0 building with "default" instance using docker driver
  
  #1 [internal] load build definition from Dockerfile
  #1 transferring dockerfile: 301B done
  #1 DONE 0.0s
  
  #2 [internal] load metadata for docker.io/checkmarx/ast-cli:2.0.7[4]
  #2 ERROR: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/checkmarx/ast-cli/manifests/sha2[5](https://github.concur.com/tripit/platform/actions/runs/8284225/job/56299894#step:2:5)6:e9f306a27cf2af7bedf6282681847b815bab15bd918650a29123acda7145a9ff: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  ------
   > [internal] load metadata for docker.io/checkmarx/ast-cli:2.0.74:
  ------
  Dockerfile:2
  --------------------
     1 |     #Use AST Base image
     2 | >>> FROM checkmarx/ast-cli:2.0.74
     3 |     
     4 |     USER root
  --------------------
  ERROR: failed to solve: checkmarx/ast-cli:2.0.74: failed to resolve source metadata for docker.io/checkmarx/ast-cli:2.0.74: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/checkmarx/ast-cli/manifests/sha25[6]
  429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  Warning: Docker build failed with exit code 1, back off 5.26 seconds before retry.
  
  #0 building with "default" instance using docker driver
  
  #1 [internal] load build definition from Dockerfile
  #1 transferring dockerfile: 301B done
  #1 DONE 0.0s
  
  #2 [internal] load metadata for docker.io/checkmarx/ast-cli:2.0.74
  #2 ERROR: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/checkmarx/ast-cli/manifests/sha256:e9f306a27cf2af7bedf62[8]
  429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  ------
   > [internal] load metadata for docker.io/checkmarx/ast-cli:2.0.74:
  ------
  Dockerfile:2
  --------------------
     1 |     #Use AST Base image
     2 | >>> FROM checkmarx/ast-cli:2.0.74
     3 |     
     4 |     USER root
  --------------------
  ERROR: failed to solve: checkmarx/ast-cli:2.0.74: failed to resolve source metadata for docker.io/checkmarx/ast-cli:2.0.74: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/checkmarx/ast-cli/manifests/sha256:e9f306a27cf2af7bedf6282681847b815bab15bd918650a29123acda7145a9ff: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  Warning: Docker build failed with exit code 1, back off 7.71 seconds before retry.

Propose a solution

To resolve this issue, we propose that the checkmarx/ast-cli Docker image implement authentication with docker hub by using Docker Hub authentication tokens. This solution involves the following steps:

Implement Docker Hub Authentication: Modify the Docker image pull process to authenticate with docker hub using tokens obtained from the Docker Hub account.
https://www.docker.com/increase-rate-limits/

Enhance Documentation: Update documentation for users to include instructions on how to authenticate with Docker Hub and avoid rate limits.

Notification System: Implement a notification system to alert users when they are nearing their docker hub pull rate limits.
https://www.docker.com/blog/checking-your-current-docker-pull-rate-limits-and-status/

Additional comments

Current Workaround: The current workaround involves users logging in to Docker Hub manually or using registry mirrors, which are not always feasible or efficient.

Alternative Solutions: Users can use a Docker registry mirror like Amazon ECR or Google Container Registry, but these require configuration changes and may not always be suitable.

Impact: This enhancement will improve the experience for developers and CI/CD pipelines using the checkmarx/ast-cli docker image, reducing interruptions due to Docker Hub rate limits.

This enhancement request aims to improve the usability and reliability of the ast-github-action github action benefiting all users who rely on it for their development and deployment needs.
@PavanTatikonda PavanTatikonda added the enhancement New feature or request label May 29, 2024
@PavanTatikonda
Copy link
Author

I guess, internal jira automation workflow failed ?
https://github.com/Checkmarx/ast-github-action/actions/runs/9293886662/workflow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PavanTatikonda