sciurus
commented
4 years ago @jwhitlock I don't think i can drop that. In MLS your workflow only has one job, but this one has three jobs- build, test, and deploy. Each job starts in a fresh CI worker, so the login in build will no longer be in effect during deploy.
pjenvey
NOTICE
See https://github.com/mozilla-services/Dockerflow/blob/8aa28daed38aa55de42e9248e1e0ac4bac33b0c8/.circleci/config.yml for the proper example.
Description
Beginning 2020-11-2 Docker Hub is rate limiting anonymous image pulls per IP address. This will impact our jobs that run on CircleCI. We have a paid account with Docker Hub, which is not subject to rate limiting. To avoid the limits, we need to log in before we pull. That happens in two places
1) In all job to fetch the image that the CircleCI jobs run in. This is what the new
authblock handles.2) In the build job to pull the base image defined in the application's dockerfile. This is that the new "login to dockerhub" step handles
We still have to log in during the deploy job before pushing to docker hub, since there is no shared state between jobs.
Logging in will only work for the main repo, it will not work for forks. For security reasons, CircleCI does not share environment variables with jobs run in forks.
h/t to @jwhitlock who figured most of this out in https://github.com/mozilla/ichnaea/compare/6655b9b...f8da96dc28