ci(build): pull base images via mirror.gcr.io to dodge Docker Hub 429 (JEF-78)#28
Merged
Conversation
… (JEF-78) Tag builds were failing with `429 … unauthenticated pull rate limit` — the homelab buildkit's shared egress IP exhausts Docker Hub's anonymous quota. Route the base-image pulls through mirror.gcr.io (Google's Docker Hub pull-through cache): unauthenticated, no per-IP anon limit, no secret needed. Rewrites all four Hub FROMs (cargo-chef, debian x2, rust). Verified all three resolve on the mirror (incl. the non-library cargo-chef). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VtjoJttCvBY4dzCoE4f9vP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tag builds 429 on Docker Hub's anonymous pull limit (homelab buildkit's shared IP). Route all four Hub
FROMs (cargo-chef, debian ×2, rust) through mirror.gcr.io — Google's Docker Hub pull-through cache: unauthenticated, no per-IP anon limit, no secret. Verified all three images (incl. non-librarycargo-chef) resolve on the mirror. CI's image build pulls through it → end-to-end validation. 🤖