Developers and CI/CD pipelines using the checkmarx/ast-cli docker image frequently encounter docker hub pull rate limits, disrupting development and deployment workflows. This issue arises due to the unauthenticated use of the Docker Hub API, resulting in frequent rate limit hits.
#0 building with "default" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 301B done
#1 DONE 0.0s
#2 [internal] load metadata for docker.io/checkmarx/ast-cli:2.0.7[4]
#2 ERROR: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/checkmarx/ast-cli/manifests/sha2[5](https://github.concur.com/tripit/platform/actions/runs/8284225/job/56299894#step:2:5)6:e9f306a27cf2af7bedf6282681847b815bab15bd918650a29123acda7145a9ff: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
------
> [internal] load metadata for docker.io/checkmarx/ast-cli:2.0.74:
------
Dockerfile:2
--------------------
1 | #Use AST Base image
2 | >>> FROM checkmarx/ast-cli:2.0.74
3 |
4 | USER root
--------------------
ERROR: failed to solve: checkmarx/ast-cli:2.0.74: failed to resolve source metadata for docker.io/checkmarx/ast-cli:2.0.74: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/checkmarx/ast-cli/manifests/sha25[6]
429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
Warning: Docker build failed with exit code 1, back off 5.26 seconds before retry.
#0 building with "default" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 301B done
#1 DONE 0.0s
#2 [internal] load metadata for docker.io/checkmarx/ast-cli:2.0.74
#2 ERROR: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/checkmarx/ast-cli/manifests/sha256:e9f306a27cf2af7bedf62[8]
429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
------
> [internal] load metadata for docker.io/checkmarx/ast-cli:2.0.74:
------
Dockerfile:2
--------------------
1 | #Use AST Base image
2 | >>> FROM checkmarx/ast-cli:2.0.74
3 |
4 | USER root
--------------------
ERROR: failed to solve: checkmarx/ast-cli:2.0.74: failed to resolve source metadata for docker.io/checkmarx/ast-cli:2.0.74: failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/checkmarx/ast-cli/manifests/sha256:e9f306a27cf2af7bedf6282681847b815bab15bd918650a29123acda7145a9ff: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
Warning: Docker build failed with exit code 1, back off 7.71 seconds before retry.
Propose a solution
To resolve this issue, we propose that the checkmarx/ast-cli Docker image implement authentication with docker hub by using Docker Hub authentication tokens. This solution involves the following steps:
Implement Docker Hub Authentication: Modify the Docker image pull process to authenticate with docker hub using tokens obtained from the Docker Hub account.
https://www.docker.com/increase-rate-limits/
Enhance Documentation: Update documentation for users to include instructions on how to authenticate with Docker Hub and avoid rate limits.
Current Workaround: The current workaround involves users logging in to Docker Hub manually or using registry mirrors, which are not always feasible or efficient.
Alternative Solutions: Users can use a Docker registry mirror like Amazon ECR or Google Container Registry, but these require configuration changes and may not always be suitable.
Impact: This enhancement will improve the experience for developers and CI/CD pipelines using the checkmarx/ast-cli docker image, reducing interruptions due to Docker Hub rate limits.
This enhancement request aims to improve the usability and reliability of the ast-github-action github action benefiting all users who rely on it for their development and deployment needs.
Is your request related to a workflow problem?
Developers and CI/CD pipelines using the
checkmarx/ast-cli
docker image frequently encounter docker hub pull rate limits, disrupting development and deployment workflows. This issue arises due to the unauthenticated use of the Docker Hub API, resulting in frequent rate limit hits.Propose a solution
To resolve this issue, we propose that the checkmarx/ast-cli Docker image implement authentication with docker hub by using Docker Hub authentication tokens. This solution involves the following steps:
Implement Docker Hub Authentication: Modify the Docker image pull process to authenticate with docker hub using tokens obtained from the Docker Hub account. https://www.docker.com/increase-rate-limits/
Enhance Documentation: Update documentation for users to include instructions on how to authenticate with Docker Hub and avoid rate limits.
Notification System: Implement a notification system to alert users when they are nearing their docker hub pull rate limits. https://www.docker.com/blog/checking-your-current-docker-pull-rate-limits-and-status/
Additional comments
Current Workaround: The current workaround involves users logging in to Docker Hub manually or using registry mirrors, which are not always feasible or efficient.
Alternative Solutions: Users can use a Docker registry mirror like Amazon ECR or Google Container Registry, but these require configuration changes and may not always be suitable.
Impact: This enhancement will improve the experience for developers and CI/CD pipelines using the
checkmarx/ast-cli
docker image, reducing interruptions due to Docker Hub rate limits.This enhancement request aims to improve the usability and reliability of the
ast-github-action
github action benefiting all users who rely on it for their development and deployment needs.