Skip to content

Commit 0140acb

Browse files
colliviermartin-mat
collivier
authored and
martin-mat
committed
Login to Docker Hub
Bitnami moved to Docker Hub [1] which forces us to login to Docker Hub (the workflow pulls too much Bitnami helm charts for the anon pull request limit). Please note the Docker Hub secrets are accessible only via project branches. So PR from fork would no longer work. It also updates and simplifies the Docker Hub account logics as we have a single Docker Hub account now. It also debugs ratelimit both with registered account and anon to track incorrect Docker Hub calls by cnf-testsuite. [1] bitnami/containers#75671 Signed-off-by: Cédric Ollivier <[email protected]>
1 parent b938c63 commit 0140acb

File tree

1 file changed

+79
-22
lines changed

1 file changed

+79
-22
lines changed

.github/workflows/actions.yml

Lines changed: 79 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,10 @@
11
name: Crystal Specs
22
on:
33
push:
4-
paths:
4+
branches:
5+
- main
6+
tags:
57
- '**'
6-
- '!**.md'
7-
- '!docs/*'
8-
- '!doc-lint/*'
98
pull_request:
109
paths:
1110
- '**'
@@ -61,6 +60,11 @@ jobs:
6160
fail-fast: false
6261
matrix: ${{fromJson(needs.tests.outputs.matrix)}}
6362
steps:
63+
- name: Login to Docker Hub
64+
uses: docker/login-action@v3
65+
with:
66+
username: ${{ secrets.DOCKERHUB_USERNAME }}
67+
password: ${{ secrets.DOCKERHUB_PASSWORD }}
6468
- name: Cleanup Tmp DIR
6569
run: |
6670
sudo rm -rf /tmp/*
@@ -153,26 +157,23 @@ jobs:
153157
- name: Run Crystal Spec
154158
env:
155159
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
156-
DOCKERHUB_USERNAMES: ${{ secrets.DOCKERHUB_USERNAMES }}
157-
DOCKERHUB_PASSWORDS: ${{ secrets.DOCKERHUB_PASSWORDS }}
160+
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
161+
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
158162
DOCKERHUB_EMAIL: ${{ secrets.DOCKERHUB_EMAIL }}
159163
IMAGE_REPO: ${{ secrets.IMAGE_REPO }}
160164
run: |
161-
USERNAME_ARRAY=($DOCKERHUB_USERNAMES)
162-
PASSWORD_ARRAY=($DOCKERHUB_PASSWORDS)
163165
EMAIL_ARRAY=($DOCKERHUB_EMAIL)
164166
IMAGE_ARRAY=($IMAGE_REPO)
165-
166167
RANDOMIZER=$(( 0 + $RANDOM % 3 ))
167-
168-
export DOCKERHUB_USERNAME=${USERNAME_ARRAY[$RANDOMIZER]}
169-
export DOCKERHUB_PASSWORD=${PASSWORD_ARRAY[$RANDOMIZER]}
170-
171168
export PROTECTED_DOCKERHUB_USERNAME=$DOCKERHUB_USERNAME
172169
export PROTECTED_DOCKERHUB_PASSWORD=$DOCKERHUB_PASSWORD
173170
export PROTECTED_DOCKERHUB_EMAIL=${EMAIL_ARRAY[$RANDOMIZER]}
174171
export PROTECTED_IMAGE_REPO=${IMAGE_ARRAY[$RANDOMIZER]}
175172
173+
echo get ratelimit anonymously
174+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
175+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
176+
176177
source cluster.env
177178
export KUBECONFIG=$(pwd)/$CLUSTER.conf
178179
until [[ $(kubectl get pods -l app=local-path-provisioner --namespace=local-path-storage -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do
@@ -186,10 +187,13 @@ jobs:
186187
#done
187188
crystal build src/cnf-testsuite.cr
188189
./cnf-testsuite setup
189-
190190
LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.spec }} -v
191-
192-
191+
echo get ratelimit anonymously
192+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
193+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
194+
echo get ratelimit with a user account $DOCKERHUB_USERNAME
195+
TOKEN=$(curl --user "$DOCKERHUB_USERNAME:$DOCKERHUB_PASSWORD" "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
196+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
193197
- name: Delete Cluster
194198
if: ${{ always() }}
195199
run: |
@@ -200,6 +204,7 @@ jobs:
200204
kubectl get all -A || true
201205
kind delete cluster --name $CLUSTER --verbosity 1
202206
continue-on-error: true
207+
203208
- name: upload artifact
204209
if: ${{ always() }}
205210
uses: actions/upload-artifact@v4
@@ -216,6 +221,11 @@ jobs:
216221
matrix:
217222
tag: ["pod_delete", "pod_io_stress", "pod_memory_hog", "pod_network_latency", "disk_fill", "pod_network_corruption", "pod_network_duplication", "zombie", "oran"]
218223
steps:
224+
- name: Login to Docker Hub
225+
uses: docker/login-action@v3
226+
with:
227+
username: ${{ secrets.DOCKERHUB_USERNAME }}
228+
password: ${{ secrets.DOCKERHUB_PASSWORD }}
219229
- name: Checkout code
220230
uses: actions/checkout@v4
221231
with:
@@ -274,14 +284,20 @@ jobs:
274284
echo "RUNNER: $RUNNER_NAME"
275285
- name: Run Crystal Spec
276286
run: |
277-
echo "Current path: $(echo pwd)"
287+
echo get ratelimit anonymously
288+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
289+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
290+
278291
source cluster.env
279292
export KUBECONFIG=$(pwd)/$CLUSTER.conf
280293
until [[ $(kubectl get pods -l app=kindnet --namespace=kube-system -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do
281294
echo "Waiting for kindnet"
282295
sleep 1
283296
done
284297
LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.tag }} -v
298+
echo get ratelimit anonymously
299+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
300+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
285301
- name: Delete Cluster
286302
if: ${{ always() }}
287303
run: |
@@ -304,7 +320,12 @@ jobs:
304320
runs-on: ubuntu-24.04
305321
env:
306322
CRYSTAL_IMAGE: "conformance/crystal:1.6.2-alpine"
307-
steps:
323+
steps:
324+
- name: Login to Docker Hub
325+
uses: docker/login-action@v3
326+
with:
327+
username: ${{ secrets.DOCKERHUB_USERNAME }}
328+
password: ${{ secrets.DOCKERHUB_PASSWORD }}
308329
- name: Checkout code
309330
uses: actions/checkout@v4
310331
with:
@@ -332,7 +353,12 @@ jobs:
332353
test_binary_configuration_lifecycle:
333354
name: Test Binary Without Source(config_lifecycle)
334355
runs-on: [v1.0.0]
335-
steps:
356+
steps:
357+
- name: Login to Docker Hub
358+
uses: docker/login-action@v3
359+
with:
360+
username: ${{ secrets.DOCKERHUB_USERNAME }}
361+
password: ${{ secrets.DOCKERHUB_PASSWORD }}
336362
- name: Cleanup Tmp DIR
337363
run: |
338364
sudo rm -rf /tmp/*
@@ -383,6 +409,10 @@ jobs:
383409
kubectl get nodes
384410
- name: Run Test Suite without source(config_lifecycle)
385411
run: |
412+
echo get ratelimit anonymously
413+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
414+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
415+
386416
source cluster.env
387417
echo "SHARDS_INSTALL_PATH: $SHARDS_INSTALL_PATH"
388418
export KUBECONFIG=/tmp/$CLUSTER.conf
@@ -396,6 +426,9 @@ jobs:
396426
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml
397427
./cnf-testsuite cnf_install cnf-config=./cnf-testsuite.yml
398428
LOG_LEVEL=info ./cnf-testsuite all ~compatibility ~resilience ~reasonable_startup_time ~reasonable_image_size ~platform ~increase_capacity ~decrease_capacity ~install_script_helm ~helm_chart_valid ~helm_chart_published verbose
429+
echo get ratelimit anonymously
430+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
431+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
399432
- name: Delete Cluster
400433
if: ${{ always() }}
401434
run: |
@@ -416,7 +449,12 @@ jobs:
416449
test_binary_microservice:
417450
name: Test Binary Without Source(microservice)
418451
runs-on: [v1.0.0]
419-
steps:
452+
steps:
453+
- name: Login to Docker Hub
454+
uses: docker/login-action@v3
455+
with:
456+
username: ${{ secrets.DOCKERHUB_USERNAME }}
457+
password: ${{ secrets.DOCKERHUB_PASSWORD }}
420458
- name: Cleanup Tmp DIR
421459
run: |
422460
sudo rm -rf /tmp/*
@@ -464,6 +502,10 @@ jobs:
464502
kubectl get nodes
465503
- name: Run Test Suite without source(microservice)
466504
run: |
505+
echo get ratelimit anonymously
506+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
507+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
508+
467509
source cluster.env
468510
export KUBECONFIG=/tmp/$CLUSTER.conf
469511
helm repo add stable https://cncf.gitlab.io/stable
@@ -476,6 +518,9 @@ jobs:
476518
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml
477519
./cnf-testsuite cnf_install cnf-config=./cnf-testsuite.yml
478520
LOG_LEVEL=info ./cnf-testsuite all ~resilience ~compatibility ~pod_network_latency ~platform ~increase_capacity ~decrease_capacity ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~install_script_helm ~helm_chart_valid ~helm_chart_published ~rollback ~secrets_used ~immutable_configmap verbose
521+
echo get ratelimit anonymously
522+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
523+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
479524
- name: Delete Cluster
480525
if: ${{ always() }}
481526
run: |
@@ -496,7 +541,12 @@ jobs:
496541
test_binary_all:
497542
name: Test Binary Without Source(all)
498543
runs-on: [v1.0.0]
499-
steps:
544+
steps:
545+
- name: Login to Docker Hub
546+
uses: docker/login-action@v3
547+
with:
548+
username: ${{ secrets.DOCKERHUB_USERNAME }}
549+
password: ${{ secrets.DOCKERHUB_PASSWORD }}
500550
- name: Cleanup Tmp DIR
501551
run: |
502552
sudo rm -rf /tmp/*
@@ -544,6 +594,10 @@ jobs:
544594
kubectl get nodes
545595
- name: Run Test Suite without source(all)
546596
run: |
597+
echo get ratelimit anonymously
598+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
599+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
600+
547601
source cluster.env
548602
export KUBECONFIG=/tmp/$CLUSTER.conf
549603
helm repo add stable https://cncf.gitlab.io/stable
@@ -556,6 +610,9 @@ jobs:
556610
wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml
557611
./cnf-testsuite cnf_install cnf-config=./cnf-testsuite.yml
558612
LOG_LEVEL=info ./cnf-testsuite all ~resilience ~platform ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~rollback ~secrets_used ~immutable_configmap ~reasonable_startup_time ~reasonable_image_size verbose
613+
echo get ratelimit anonymously
614+
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
615+
curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest
559616
- name: Delete Cluster
560617
if: ${{ always() }}
561618
run: |
@@ -577,7 +634,7 @@ jobs:
577634
name: Publish Release
578635
needs: [spec, build]
579636
runs-on: ubuntu-24.04
580-
steps:
637+
steps:
581638
- name: Checkout code
582639
uses: actions/checkout@v4
583640
with:

0 commit comments

Comments
 (0)