Hello Sonar Community! We are facing an issue with docker registry rate limits on sonarcloud-github-action since it’s pointing to docker.io. It would be amazing to either set the Dockerfile to point to ghrc.io or have the possibility to set a different registry as a parameter within the action.
Thank you for reaching out. We’ll study your suggestion and see how we can move forward.
What is the exact limitation rate that you are experiencing today?
As we currently do not possess an enterprise Docker license for our GitHub Actions, we encounter a custom limitation of 200 image pulls every 6 hours. Consequently, considering that this setup is intended for use with GitHub Actions, it would be a good decision to move to ghrc.io. The ghrc.io registry does not impose any rate limits on image pulls related to GitHub Actions. It’s worth noting that several other projects have already made this transition, such as hadolint, as evident in this commit: Update hadolint to 2.10 · hadolint/hadolint-action@169ddcf · GitHub
We’ve created a ticket to our backlog and we’ll try to investigate this feature in the future. Unfortunately, we cannot take quick action today to do that.
Thank you for your understanding!
Has there been any further thoughts on moving where you store the base image? We ran into this issue as well where Docker Hub throttled pulling images and Sonar scanning was affected.
Adding an input flag to specify the container registry is critical since this action runs before any container registry login step as part of github action setup.
Hi Colin, thanks for replying, of course, I can’t speak for anyone with a different kind of subscription, but we don’t use a subscription to Docker.
I’ve troubleshooted this problem and here’s my findings…
The throttling is caused by using: docker in sonarcloud-github-action, which does the image pull from default registry i.e. docker registry during the setup step.
This is problematic for two reasons:
The Sonar cli image pull runs during the “setup” step of GitHub actions. You can’t login to registry during setup. Docker login action needs to run first. So in any case users are left with an unauthenticated Docker pull.
Does not allow users to specify the container registry to pull this image from → if you can’t specify the registry, you are forced into a Docker subscription
A solution is to rewrite this action and use simple run commands to build and run the image (instead of GitHub action using: docker!). This ensures that what needs to run, runs when it is expected to run.
The container registry can be added as a build arg / input option.
We are in the process of rewriting our GitHub Actions to get rid of the Docker dependency.
This is a hot topic on our side. As I speak, we are writing the community announcement that should be published next week.