Sonarcloud-github-action registry hitting rate limit

Hello Sonar Community! We are facing an issue with docker registry rate limits on sonarcloud-github-action since it’s pointing to docker.io. It would be amazing to either set the Dockerfile to point to ghrc.io or have the possibility to set a different registry as a parameter within the action.

Thanks!

Hi,

Welcome to the community!

Are you using SonarQube or SonarCloud?

 
Ann

Hi Ann! Glad to be here!

We are using SonarCloud

Nahuel

1 Like

Hello @naldrey,

Thank you for reaching out. We’ll study your suggestion and see how we can move forward.
What is the exact limitation rate that you are experiencing today?

Thanks,
Nawar

Hello Nawar!

As we currently do not possess an enterprise Docker license for our GitHub Actions, we encounter a custom limitation of 200 image pulls every 6 hours. Consequently, considering that this setup is intended for use with GitHub Actions, it would be a good decision to move to ghrc.io. The ghrc.io registry does not impose any rate limits on image pulls related to GitHub Actions. It’s worth noting that several other projects have already made this transition, such as hadolint, as evident in this commit: Update hadolint to 2.10 · hadolint/hadolint-action@169ddcf · GitHub

Thanks for your reply,

Nahuel

1 Like

Hello @naldrey,

We’ve created a ticket to our backlog and we’ll try to investigate this feature in the future. Unfortunately, we cannot take quick action today to do that.
Thank you for your understanding!

Regards,
Nawar

2 Likes

Has there been any further thoughts on moving where you store the base image? We ran into this issue as well where Docker Hub throttled pulling images and Sonar scanning was affected.

Hi @ericprice,

Welcome to the community!

Unfortunately the ticket we created for this is still open.

 
Ann

Dear Community,

Can you confirm that this problem only occurs for people using a Docker Personal subscription?

Is anyone with a Pro+ subscription experiencing trouble?

Alex

Hi, can we please get an update on this?

Adding an input flag to specify the container registry is critical since this action runs before any container registry login step as part of github action setup.

Hey @john_doer123

What about responding to the questions @Alexandre_Gigleux posted?

1 Like

Hi Colin, thanks for replying, of course, I can’t speak for anyone with a different kind of subscription, but we don’t use a subscription to Docker.

I’ve troubleshooted this problem and here’s my findings…

The throttling is caused by using: docker in sonarcloud-github-action, which does the image pull from default registry i.e. docker registry during the setup step.

This is problematic for two reasons:

  1. The Sonar cli image pull runs during the “setup” step of GitHub actions. You can’t login to registry during setup. Docker login action needs to run first. So in any case users are left with an unauthenticated Docker pull.

  2. Does not allow users to specify the container registry to pull this image from → if you can’t specify the registry, you are forced into a Docker subscription

A solution is to rewrite this action and use simple run commands to build and run the image (instead of GitHub action using: docker!). This ensures that what needs to run, runs when it is expected to run.
The container registry can be added as a build arg / input option.

1 Like

Hello,

We are in the process of rewriting our GitHub Actions to get rid of the Docker dependency.
This is a hot topic on our side. As I speak, we are writing the community announcement that should be published next week.

Alex

2 Likes