dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago verified publisher icon dependabot

Migrate base container images away from Docker Hub

Open JamieMagee opened this issue 1 year ago • 1 comments

Code improvement description

A lot of our base container images use images from Docker Hub. Unfortunately, Docker Hub has quite restrictive rate limits^1 and we frequently hit them when running tests^2.

Copying the base images that we rely on, on a regular basis, into a container registry that we have more control of, like GitHub Container Registry or an Azure Container Registry instance, would prevent flaky test failures due to rate limits.

There are two main concerns I have about an approach like this:

  • Currently we rely a lot on mutable container tags and implicitly get updates i.e. python:3.9 is mutable. If we start copying images into our own registry, we'd have to take care to stay on top of any updates to tags we rely on
  • Do the licenses of the container images allow for us to copy them to our own registry?

An alternative to this would be to use something like docker/login-action to authenticate with Docker Hub and get a higher rate limit. But that requires us to manage credentials.

JamieMagee avatar Feb 13 '24 17:02 JamieMagee

#9044 is related, as it makes any dependencies on Docker Hub explicit instead of implicit.

JamieMagee avatar Feb 13 '24 17:02 JamieMagee

Here's a list of the dependencies we have:

All of them are either based on Debian 12 (Bookworm) or Ubuntu 22.04 (Jammy).

Another alternative that I didn't mention in the initial post is migrating to the Microsoft Container Registry, and a Linux distribution hosted there, such as Mariner. There are already equivalent base images for most of the Ubuntu/Debian images we currently rely on:

The only equivalent that is missing in a golang base image. Golang is packaged for Mariner^1, so it may just be a matter of requesting a base image be created

JamieMagee avatar Mar 04 '24 20:03 JamieMagee