[Bug]: Frequent CI fails due to Docker Hub throttling

[clemlesne]

Problem

When Cosign signs containers (after build and push), it downloads layers and publishes an attestation. Cosign doesn't seem to authenticate pull requests to the container registry, which leads to error from Docker Hub.

GitHub registry is not impacted as the throttling is set higher.

Tried to fix with 793908a but hasn't worked.

See:

• https://www.docker.com/increase-rate-limit
• cosign sign does not use local image registry credentials sigstore/cosign#587 (comment)

Impact

CI fails after 2 runs within 1 hour. Then, cannot retry for more than one hour.

Short logs

error during command execution: signing [docker.io/xxx]: accessing entity: GET https://index.docker.io/v2/clemlesne/xxx: TOOMANYREQUESTS: You have reached your pull rate limit.

Full logs

Signing docker.io/clemlesne/blue-agent:bookworm-7.0.1
WARNING: Image reference docker.io/clemlesne/blue-agent:bookworm-7.0.1 uses a tag, not a digest, to identify the image to sign.
This can lead you to sign a different image than the intended one. Please use a
digest (example.com/ubuntu@sha256:abc123...) rather than tag
(example.com/ubuntu:latest) for the input to cosign. The ability to refer to
images by tag will be removed in a future release.

Error: signing [docker.io/clemlesne/blue-agent:bookworm-7.0.1]: accessing entity: GET https://index.docker.io/v2/clemlesne/blue-agent/manifests/bookworm-7.0.1: TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
main.go:74: error during command execution: signing [docker.io/clemlesne/blue-agent:bookworm-7.0.1]: accessing entity: GET https://index.docker.io/v2/clemlesne/blue-agent/manifests/bookworm-7.0.1: TOOMANYREQUESTS: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

Deployment

na

Version

b478735