ci: harden CI against Docker Hub registry flakes (retries + auth) (#40700)

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 18:49:15 +00:00 · 2026-06-03 05:53:24 -07:00
parent e3ba85b1a5
commit c914df5a67
3 changed files with 52 additions and 1 deletions
--- a/.github/workflows/check-python-deps.yml
+++ b/.github/workflows/check-python-deps.yml
@@ -38,6 +38,19 @@ jobs:
        if: steps.check.outputs.python
        uses: ./.github/actions/setup-backend/

+      # Authenticate the Docker daemon so the python:slim pull in
+      # uv-pip-compile.sh uses our (much higher) authenticated rate limit
+      # instead of the shared-runner anonymous one. Best-effort: on fork PRs the
+      # secrets are unavailable, so this no-ops and the pull falls back to
+      # anonymous (covered by the retry loop in the script).
+      - name: Login to Docker Hub
+        if: steps.check.outputs.python
+        continue-on-error: true
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
      - name: Run uv
        if: steps.check.outputs.python
        run: ./scripts/uv-pip-compile.sh