Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Action fails due to docker: toomanyrequests #62

Open
emarchak opened this issue Jul 3, 2024 · 9 comments
Open

Action fails due to docker: toomanyrequests #62

emarchak opened this issue Jul 3, 2024 · 9 comments

Comments

@emarchak
Copy link

emarchak commented Jul 3, 2024

We're using this step in our gh actions and it failed due to the following error.

It looks like we're unauthenticated with docker when pulling the mongodb lib, and I can't see anything in this actions code/readme authenticating against docker. Plus we're only running a few actions a day (small company), so my assumption is that we hit a rate limit with a few other anonymous users.

Any thoughts on how to correct this?

Selecting correct MongoDB client
    - Using MongoDB client: [mongosh --quiet]
  
Starting MongoDB as single-node replica set
    - port [42069]
    - version [5.0]
    - replica set [rs0]
  
  Unable to find image 'mongo:5.0' locally
  5.0: Pulling from library/mongo
  docker: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit.
  See 'docker run --help'.
  Error starting MongoDB Docker container

Our config is the following:

      # Step: Start MongoDB
    - name: Start MongoDB
      uses: supercharge/[email protected]
      with:
        mongodb-version: "5.0"
        mongodb-port: 42069
        mongodb-replica-set: rs0
@marcuspoehls
Copy link
Member

I remember that Docker allows you to increase your rate limit when using authenticated requests. You may need to log in to Docker from your GitHub Actions. I don’t know how to do that in GitHub Actions, though 😬 please search for details on that topic yourself. Hope you find something related to Docker rate limiting when using GitHub Actions

@BioCarmen
Copy link

Hello. Seems like Login into Docker from github actions won't help in this case becasue Container pull happens at the first step of the build before docker login. https://docs.docker.com/docker-hub/download-rate-limit/#github-actions
Can we allow username and password for docker in this actions?

oliver-hohn added a commit to oliver-hohn/mongodb-github-action that referenced this issue Aug 6, 2024
What?
- Add 2 new optional inputs to the Github action:
  - `dockerhub-username`: the "docker ID" (aka username) for the
    Dockerhub account the action should log in as
  - `dockerhub-password`: the account password or a personal
    access token used to authorize the account login.
- Update the `./start-mongodb.sh` script to log into Dockerhub
  when these two inputs are provided.

Why?
- To allow users to authenticate with Dockerhub, and increase their
  rate limits.
  Otherwise, unauthorized requests can be rate limited, see:
  - https://www.docker.com/increase-rate-limits/
  - supercharge#62
@oliver-hohn
Copy link

oliver-hohn commented Aug 6, 2024

Hello 👋 We have encountered the issue today (something seems to have happened where Github runners were being rate limited: actions/runner-images#1445 (comment)). Thought I'd post our investigation and what we did in case it's useful to others.

We found that our Github Action runner (hosted by Github) had it's IP address rate limited by Dockerhub. Presumably because more than 100 pulls were made from that IP address within a 6 hour period: https://docs.docker.com/docker-hub/download-rate-limit/.
So I then forked this repo and added support for optional docker-login to be done before the MongoDB image is pulled, but, after more debugging, the rate limiting was happening when Github Actions builds the Docker image for this action (i.e. at the "Build supercharge/mongodb-github-action" step, which builds using the Dockerfile). Which makes it very difficult to run docker login, as this happens before any of the logic in our Github action workflow runs (@BioCarmen is this what you found as well?)

I think to address this long-term, and allow clients of this Github Action to setup docker login themselves, this Github Action would need to be switched to be a Javascript action (or any none Docker action). So that when it is pulled into Github workflows, there is no Docker build step to build the action itself (as those are subject to rate limits). Happy to help on this if that's useful!

In terms of addressing the issue in the short-term, we've opted to start the MongoDB docker container directly in our workflow:

- name: Start MongoDB
  id: start-mongodb
  run: |
    # Start MongoDB in a Docker container
    CONTAINER_ID=$(docker run --rm -p=27017:27017 --detach mongo:7 --replSet=rs0 --port=27017)
    echo "DOCKER_CONTAINER_ID=$CONTAINER_ID" >> "$GITHUB_OUTPUT"

    # Wait for MongoDB to be ready
    sleep 5

# etc...

- name: Shutdown MongoDB
  if: ${{always() && steps.start-mongodb.outputs.DOCKER_CONTAINER_ID}}
  run: docker stop ${{steps.start-mongodb.outputs.DOCKER_CONTAINER_ID}} 

Replica sets and other config can then be setup using similar logic to what is in start-mongodb.sh (using docker exec).

The MongoDB instance is then available at: mongodb://localhost:27017

@Sam-Bate-ITV
Copy link

Can we just get an option for specifying another docker repo. I'd like to just pull from Amazon's public ECR instead of docker hub. something like:

  with:
    repo: public.ecr.aws

So that I can use the bitnami image: public.ecr.aws/bitnami/mongodb:5.0

@marcuspoehls
Copy link
Member

@oliver-hohn Hey Oliver, thank you for your efforts in analyzing the Docker rate-limiting situation. I remember reading about Docker logins for GitHub Actions. But it sounds like this action would not use the Docker login because we’re building the container from scratch and skip the login. I’ll read up on this topic and get back here next week, possibly mid next week.

@marcuspoehls
Copy link
Member

@Sam-Bate-ITV Hey Sam, I never thought about using another Docker registry. Would you like to contribute this option as a pull request?

@oliver-hohn
Copy link

Hey @marcuspoehls, just flagging this in case it's useful:

But it sounds like this action would not use the Docker login because we’re building the container from scratch and skip the login

Correct, we can't log in because of how Docker based Github Actions work. The images seem to be built by Github Actions before any of the user defined steps are run. And, because the Github Action image here uses a Dockerhub image as the FROM, when this Github Action is being built, it will be subject to the anonymous rate limits of 100 pulls per IP address per 6 hours from Dockerhub. If the user is unlucky and gets a Github action runner instance that has already pulled many times from Dockerhub, that instance's IP may have been rate limited, which will cause their workflow to error.

For what it is worth, it's an issue that would impact most Docker based Github Actions, and seems to only appear when there are less Github Action runners available (presumably when there is some sort of downtime or intermittent issue with Github Action runners).

I think if we switch to a Javascript action rather than a Docker container action, we would bypass this issue: https://docs.github.com/en/actions/sharing-automations/creating-actions/about-custom-actions#javascript-actions. The Javascript could then run the start-mongodb.sh script, or we port that to JS.

@Sam-Bate-ITV
Copy link

@Sam-Bate-ITV Hey Sam, I never thought about using another Docker registry. Would you like to contribute this option as a pull request?

I can probably take a look at doing this on Friday

Sam-Bate-ITV added a commit to Sam-Bate-ITV/mongodb-github-action that referenced this issue Oct 25, 2024
@Sam-Bate-ITV
Copy link

@marcuspoehls please see #64 which provides a mechanism to work around this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants