Docker Hub rate limit (429) blocks container builds #22

New Issue

Closed

opened 2026-03-20 02:03:15 +00:00 by ghost · 1 comment

ghost commented 2026-03-20 02:03:15 +00:00 (Migrated from github.com)

Copy Link

Copy Source

Problem

The build-and-push CI job fails with Docker Hub 429 (Too Many Requests) when pulling nginx:stable-alpine base image.

429 Too Many Requests: You have reached your unauthenticated pull rate limit

Fix needed

Add Docker Hub authentication before the Docker build step in .github/workflows/ci.yml. If DOCKERHUB_USERNAME and DOCKERHUB_TOKEN org secrets exist (infra#18 was closed), use docker/login-action to authenticate with Docker Hub before building.

If the secrets were never provisioned despite infra#18 being closed, this needs board action to set them up.

Impact

Blocks all container image builds for the cartsnitch frontend. No images can be pushed to ghcr.io.

## Problem The `build-and-push` CI job fails with Docker Hub 429 (Too Many Requests) when pulling `nginx:stable-alpine` base image. ``` 429 Too Many Requests: You have reached your unauthenticated pull rate limit ``` ## Fix needed Add Docker Hub authentication before the Docker build step in `.github/workflows/ci.yml`. If `DOCKERHUB_USERNAME` and `DOCKERHUB_TOKEN` org secrets exist (infra#18 was closed), use `docker/login-action` to authenticate with Docker Hub before building. If the secrets were never provisioned despite infra#18 being closed, this needs board action to set them up. ## Impact Blocks all container image builds for the cartsnitch frontend. No images can be pushed to ghcr.io.

ghost commented 2026-03-20 02:05:57 +00:00 (Migrated from github.com)

Copy Link

Copy Source

Fix submitted in #23 — adds docker/login-action for Docker Hub before the build step using DOCKERHUB_USERNAME/DOCKERHUB_TOKEN org secrets. Runs unconditionally since both PR and push builds pull nginx:stable-alpine from Docker Hub.

Note: receiptwitness and api repos may also benefit from Docker Hub auth if they pull Docker Hub base images, but that's separate from this issue.

Fix submitted in #23 — adds `docker/login-action` for Docker Hub before the build step using `DOCKERHUB_USERNAME`/`DOCKERHUB_TOKEN` org secrets. Runs unconditionally since both PR and push builds pull `nginx:stable-alpine` from Docker Hub. Note: `receiptwitness` and `api` repos may also benefit from Docker Hub auth if they pull Docker Hub base images, but that's separate from this issue.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

uat

dev

barcode-betty/car-1374-checkout-ref-match-base

barcode-betty/car-1370-deploy-base-dev

barcode-betty/car-1303-widen-alembic-via-migration

betty/car-1078-email-worker-dragonfly-reset

betty/car-1218-lighthouse-ci

betty/car-1319-sha-tag-fix

betty/car-1318-frontend-kustomize-bump-target

betty/car-1276-auth-image-build-fix

betty/car-1276-auth-health-error-log

betty/car-1216-deploy-non-fail-merge

betty/car-1215-react-router-audit

barcode-betty/car-1078-email-worker-dragonfly-reset

betty/car-964-gitea-registry-v2

barcode-betty/gitea-registry

fix/dispose-engine-import

carl/car-933-gitea-registry

barcode-betty/fix-dispose-engine-import

betty/fix-dead-dispose-engine-import

betty/car-900-gitea-workflows

barcode-betty/move-workflows-to-gitea

betty/fix-gitea-ci-secrets

betty/car-869-gitea-actions-cartsnitch

betty/car-862-fix-auth-build

betty/car-812-uat-seed-tooling

betty/car-555-health-check-db

feature/dragonfly-rate-limiting

betty/car-749-remove-auth-ci

fix/car-741-login-redirect-race-clean

fix/car-741-login-redirect-race-v2

fix/car-741-login-redirect-race

fix/car-709-receiptwitness-grype-cves

fix/car-620-grype-ignore-and-cache-bust

fix/car-656-deploy-commit-guard

fix/car-663-bcrypt-cost-factor

fix/car-676-axe-color-contrast

betty/car-673-fix-e2e-playwright-mock-auth

fix/car-665-eslint-unused-vars

betty/car-548-email-verification

betty/car-552-redis-rate-limiting

fix/car-620-remaining-docker-cves

fix/car-620-grype-only-fixed

fix/car-616-remediate-docker-cves

feature/grype-image-scanning

fix/car-608-auth-health-check

fix/auth-config-validation

betty/car-553-redis-cache

betty/car-554-audit-logging

betty/car-551-remove-mock-auth

feature/trivy-image-scanning

betty/car-599-vite-audit-fix

betty/car-580-n1-normalization-query

fix/receiptwitness-config-validation

feature/cart-550-api-lifespan-pooling

fix/cors-security-headers

feature/public-endpoint-validation

fix/rate-limit-token-hash

fix/hardcoded-secrets

betty/fix-alembic-create-all-commit

betty/car-517-domain-tables-migration

betty/fix-alembic-model-import

betty/fix-session-cookie-parsing

betty/fix-api-database-url-fallback

betty/revert-sha256-session-hash

betty/fix-session-token-hash

betty/fix-secure-session-cookie

fix/alembic-version-table-width

betty/fix-uat-users-table-bootstrap

betty/fix-alembic-fresh-db

betty/fix-libpq5-dockerfile

fix/alembic-percent-escape

betty/fix-email-inbound-token-server-default

betty/fix-sha-tag-format-long

betty/fix-ci-dev-uat-branches

betty/fix-alembic-dockerfile

betty/fix-uat-trustedorigins

feat/sync-common-email-inbound-token

fix/ci-api-dockerfile-path

fix/ci-deploy-race

fix/email-in-address-hotfix

feat/ci-deploy-uat

fix/npm-audit-vulnerabilities

pr108

fix/inbound-email-500

fix/email-in-address-routing

feat/email-in-settings

sync/api-2026-04-03

sync/receiptwitness-2026-04-03

fix/api-date-schema-types

fix/dashboard-hardcoded-product-ids

fix/remove-timestamp-mixin-from-mismatched-models

feature/dev-seed-script

fix/user-id-str-type

fix/signed-cookie-parsing

fix/restore-token-hash

fix/secure-cookie-name

fix/frontend-api-routes

fix/session-token-hash

fix/api-v1-prefix

fix/registration-redirect

fix/lighthouse-ci-crash

fix/api-auto-migration

feat/e2e-journey-tests

fix/users-id-text

feat/lighthouse-ci

feat/axe-core-playwright

fix/deploy-dev-resilient

feat/ci-npm-audit

fix/dockerhub-login-cicd

fix/deploy-dev-resilient-v2

fix/auth-session-table-mapping

fix/api-dockerfile-libpq

fix/deploy-dev-resilience

feat/ci-api-image-build-v3

feat/ci-api-image-build-v2

feat/playwright-setup

feat/msw-integration-tests

feat/ci-api-image-build

fix/remove-polyrepo-ci-leftovers

fix/receiptwitness-local-common

feat/api-alembic-dockerfile

feat/ci-receiptwitness-build

fix/alembic-in-dockerfile

docs/uat-runbook

fix/hashed-password-nullable

feat/utility-functions-tests

fix/auth-url-same-origin

fix/auth-contract-mismatch

feat/add-auth-image-to-deploy-dev

fix/deploy-dev-kustomize-install-clean

feat/uat-seed-user

fix/seed-uat-ctofixes

feature/better-auth

fix/deploy-dev-install-kustomize

fix/deploy-dev-github-app-token-cross-repo

remove-trigger-uat

charlie/ci-remove-trigger-uat

feat/deploy-dev-uat-trigger

feature/repo-consolidation

content/shrinkflation-consumer-faq

content/launch-marketing-pages

debbie/proper-cache-and-dockerhub-cleanup

debbie/fix-frontend-docker-cache

fix/dockerfile-numeric-uid

fix/frontend-dockerfile-user-101

content/what-is-unit-price

content/cartsnitch-vs-flipp

fix/non-root-nginx

content/shrinkflation-series-social-copy

content/shrinkflation-top-10

content/fix-launch-stats

content/email-welcome-sequence-links

content/pre-launch-social-mar25-26

content/shrinkflation-series-alignment

content/shrinkflation-series-1-cereal

content/founder-blog-post

content/launch-calendar

content/seo-comparison-article

content/phase-2-onboarding-faq

fix/dockerhub-auth-rate-limit

test/arc-runner-validation

calver-tagging

frankie/add-marketing-content

fix/runner-label

fix/ci-runner-and-mirrors

fix/ci-runner-label

revert-ghcr-mirrors

fix/dockerfile-use-dockerhub-images

fix/ghcr-mirror-base-images

fix/ci-remove-dockerhub-login

fix/ci-docker-ratelimit

feature/dockerfile

feature/core-screens

feature/renovate-config

ci/add-github-actions

v2026.06.08

v2026.06.07

v2026.06.06

v2026.06.04

v2026.05.04

v2026.04.20

v2026.04.19.4

v2026.04.19.3

v2026.04.19.2

v2026.04.19

v2026.04.15.2

v2026.04.15

v2026.04.14.4

v2026.04.14.3

v2026.04.14.2

v2026.04.14

v2026.04.05

v2026.04.03.8

v2026.04.03.7

v2026.04.03.6

v2026.04.03.5

v2026.04.03.4

v2026.04.03.3

v2026.04.03.2

v2026.04.03

v2026.04.02

v2026.04.01.9

v2026.04.01.8

v2026.04.01.7

v2026.04.01.6

v2026.04.01.5

v2026.04.01.4

v2026.04.01.3

v2026.04.01.2

v2026.04.01

v2026.03.31.8

v2026.03.31.7

v2026.03.31.6

v2026.03.31.5

v2026.03.31.4

v2026.03.31.3

v2026.03.31.2

v2026.03.31

v2026.03.30.10

v2026.03.30.9

v2026.03.30.8

v2026.03.30.7

v2026.03.30.6

v2026.03.30.5

v2026.03.30.4

v2026.03.30.3

v2026.03.30.2

v2026.03.30

v2026.03.29.5

v2026.03.29.4

v2026.03.29.3

v2026.03.29.2

v2026.03.29

v2026.03.28.6

v2026.03.28.5

v2026.03.28.4

v2026.03.28.3

v2026.03.28.2

v2026.03.28

v2026.03.24.2

v2026.03.24

v2026.03.22.2

v2026.03.22

v2026.03.21.4

v2026.03.21.3

v2026.03.21.2

v2026.03.21

v2026.03.20.3

v2026.03.20.2

v2026.03.20

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

marketing

Marketing content

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

ai-review (AI Review) cs_betty (Barcode Betty) cs_charlie (Checkout Charlie) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) cs_carl (Coupon Carl) cs_dottie (Deal Dottie) flux (Flux CD) admin (Gitea Admin) cs_martha (Markdown Martha) renovate (Mend Renovate) cs_savannah (Savannah Savings) cs_steve (Stockboy Steve)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: cartsnitch/cartsnitch#22