From 0140acb7a3a49290875f680da9ca6ae105a83b48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Ollivier?= Date: Tue, 14 Jan 2025 11:14:08 +0100 Subject: [PATCH] Login to Docker Hub MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bitnami moved to Docker Hub [1] which forces us to login to Docker Hub (the workflow pulls too much Bitnami helm charts for the anon pull request limit). Please note the Docker Hub secrets are accessible only via project branches. So PR from fork would no longer work. It also updates and simplifies the Docker Hub account logics as we have a single Docker Hub account now. It also debugs ratelimit both with registered account and anon to track incorrect Docker Hub calls by cnf-testsuite. [1] https://github.com/bitnami/containers/issues/75671 Signed-off-by: Cédric Ollivier --- .github/workflows/actions.yml | 101 ++++++++++++++++++++++++++-------- 1 file changed, 79 insertions(+), 22 deletions(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index d428b3418..1bfaed663 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -1,11 +1,10 @@ name: Crystal Specs on: push: - paths: + branches: + - main + tags: - '**' - - '!**.md' - - '!docs/*' - - '!doc-lint/*' pull_request: paths: - '**' @@ -61,6 +60,11 @@ jobs: fail-fast: false matrix: ${{fromJson(needs.tests.outputs.matrix)}} steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Cleanup Tmp DIR run: | sudo rm -rf /tmp/* @@ -153,26 +157,23 @@ jobs: - name: Run Crystal Spec env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DOCKERHUB_USERNAMES: ${{ secrets.DOCKERHUB_USERNAMES }} - DOCKERHUB_PASSWORDS: ${{ secrets.DOCKERHUB_PASSWORDS }} + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} DOCKERHUB_EMAIL: ${{ secrets.DOCKERHUB_EMAIL }} IMAGE_REPO: ${{ secrets.IMAGE_REPO }} run: | - USERNAME_ARRAY=($DOCKERHUB_USERNAMES) - PASSWORD_ARRAY=($DOCKERHUB_PASSWORDS) EMAIL_ARRAY=($DOCKERHUB_EMAIL) IMAGE_ARRAY=($IMAGE_REPO) - RANDOMIZER=$(( 0 + $RANDOM % 3 )) - - export DOCKERHUB_USERNAME=${USERNAME_ARRAY[$RANDOMIZER]} - export DOCKERHUB_PASSWORD=${PASSWORD_ARRAY[$RANDOMIZER]} - export PROTECTED_DOCKERHUB_USERNAME=$DOCKERHUB_USERNAME export PROTECTED_DOCKERHUB_PASSWORD=$DOCKERHUB_PASSWORD export PROTECTED_DOCKERHUB_EMAIL=${EMAIL_ARRAY[$RANDOMIZER]} export PROTECTED_IMAGE_REPO=${IMAGE_ARRAY[$RANDOMIZER]} + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest + source cluster.env export KUBECONFIG=$(pwd)/$CLUSTER.conf until [[ $(kubectl get pods -l app=local-path-provisioner --namespace=local-path-storage -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do @@ -186,10 +187,13 @@ jobs: #done crystal build src/cnf-testsuite.cr ./cnf-testsuite setup - LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.spec }} -v - - + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest + echo get ratelimit with a user account $DOCKERHUB_USERNAME + TOKEN=$(curl --user "$DOCKERHUB_USERNAME:$DOCKERHUB_PASSWORD" "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest - name: Delete Cluster if: ${{ always() }} run: | @@ -200,6 +204,7 @@ jobs: kubectl get all -A || true kind delete cluster --name $CLUSTER --verbosity 1 continue-on-error: true + - name: upload artifact if: ${{ always() }} uses: actions/upload-artifact@v4 @@ -216,6 +221,11 @@ jobs: matrix: tag: ["pod_delete", "pod_io_stress", "pod_memory_hog", "pod_network_latency", "disk_fill", "pod_network_corruption", "pod_network_duplication", "zombie", "oran"] steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Checkout code uses: actions/checkout@v4 with: @@ -274,7 +284,10 @@ jobs: echo "RUNNER: $RUNNER_NAME" - name: Run Crystal Spec run: | - echo "Current path: $(echo pwd)" + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest + source cluster.env export KUBECONFIG=$(pwd)/$CLUSTER.conf until [[ $(kubectl get pods -l app=kindnet --namespace=kube-system -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') == "True" ]]; do @@ -282,6 +295,9 @@ jobs: sleep 1 done LOG_LEVEL=info crystal spec --warnings none --tag ${{ matrix.tag }} -v + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest - name: Delete Cluster if: ${{ always() }} run: | @@ -304,7 +320,12 @@ jobs: runs-on: ubuntu-24.04 env: CRYSTAL_IMAGE: "conformance/crystal:1.6.2-alpine" - steps: + steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Checkout code uses: actions/checkout@v4 with: @@ -332,7 +353,12 @@ jobs: test_binary_configuration_lifecycle: name: Test Binary Without Source(config_lifecycle) runs-on: [v1.0.0] - steps: + steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Cleanup Tmp DIR run: | sudo rm -rf /tmp/* @@ -383,6 +409,10 @@ jobs: kubectl get nodes - name: Run Test Suite without source(config_lifecycle) run: | + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest + source cluster.env echo "SHARDS_INSTALL_PATH: $SHARDS_INSTALL_PATH" export KUBECONFIG=/tmp/$CLUSTER.conf @@ -396,6 +426,9 @@ jobs: wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml ./cnf-testsuite cnf_install cnf-config=./cnf-testsuite.yml LOG_LEVEL=info ./cnf-testsuite all ~compatibility ~resilience ~reasonable_startup_time ~reasonable_image_size ~platform ~increase_capacity ~decrease_capacity ~install_script_helm ~helm_chart_valid ~helm_chart_published verbose + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest - name: Delete Cluster if: ${{ always() }} run: | @@ -416,7 +449,12 @@ jobs: test_binary_microservice: name: Test Binary Without Source(microservice) runs-on: [v1.0.0] - steps: + steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Cleanup Tmp DIR run: | sudo rm -rf /tmp/* @@ -464,6 +502,10 @@ jobs: kubectl get nodes - name: Run Test Suite without source(microservice) run: | + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest + source cluster.env export KUBECONFIG=/tmp/$CLUSTER.conf helm repo add stable https://cncf.gitlab.io/stable @@ -476,6 +518,9 @@ jobs: wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml ./cnf-testsuite cnf_install cnf-config=./cnf-testsuite.yml LOG_LEVEL=info ./cnf-testsuite all ~resilience ~compatibility ~pod_network_latency ~platform ~increase_capacity ~decrease_capacity ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~install_script_helm ~helm_chart_valid ~helm_chart_published ~rollback ~secrets_used ~immutable_configmap verbose + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest - name: Delete Cluster if: ${{ always() }} run: | @@ -496,7 +541,12 @@ jobs: test_binary_all: name: Test Binary Without Source(all) runs-on: [v1.0.0] - steps: + steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Cleanup Tmp DIR run: | sudo rm -rf /tmp/* @@ -544,6 +594,10 @@ jobs: kubectl get nodes - name: Run Test Suite without source(all) run: | + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest + source cluster.env export KUBECONFIG=/tmp/$CLUSTER.conf helm repo add stable https://cncf.gitlab.io/stable @@ -556,6 +610,9 @@ jobs: wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/${GITHUB_SHA}/example-cnfs/coredns/cnf-testsuite.yml ./cnf-testsuite cnf_install cnf-config=./cnf-testsuite.yml LOG_LEVEL=info ./cnf-testsuite all ~resilience ~platform ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~rollback ~secrets_used ~immutable_configmap ~reasonable_startup_time ~reasonable_image_size verbose + echo get ratelimit anonymously + TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token) + curl --head -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest - name: Delete Cluster if: ${{ always() }} run: | @@ -577,7 +634,7 @@ jobs: name: Publish Release needs: [spec, build] runs-on: ubuntu-24.04 - steps: + steps: - name: Checkout code uses: actions/checkout@v4 with: