rusackas opened a new pull request, #40875: URL: https://github.com/apache/superset/pull/40875
### SUMMARY A scan of recent `master` CI runs showed that nearly all non-build failures trace to **anonymous Docker Hub pulls of service containers** timing out or 502-ing — Docker Hub rate-limits anonymous pulls per shared runner IP. Examples from `master`: - **E2E** (`cypress-matrix`): `docker pull postgres:17-alpine` → *Docker pull failed*, retries exhausted, job fails. - **Python-Integration** (`test-postgres`): `registry-1.docker.io/v2/` → *net/http: request canceled (Client.Timeout exceeded)*. - **Python Presto/Hive**: `bde2020/hive-metastore-postgresql` → *HTTP 502 Bad Gateway*. The integration workflow already documents the intended fix in a comment — ```yaml # Authenticated pulls use our higher Docker Hub rate limit. Empty on # fork PRs (secrets unavailable) -> runner falls back to anonymous. ``` — but the corresponding `credentials:` block was never actually present on the service definitions, so every pull is anonymous. This PR adds `credentials:` (using the existing `DOCKERHUB_USER` / `DOCKERHUB_TOKEN` secrets already used by the `docker-build` workflow) to every Docker Hub service container across the three affected workflows: - `superset-python-integrationtest.yml` — mysql, redis, postgres - `superset-e2e.yml` — postgres, redis - `superset-python-presto-hive.yml` — postgres, presto, redis ### Fork-PR behavior On fork PRs the secrets evaluate to empty and the runner falls back to anonymous pulls, so **fork behavior is unchanged**. Only push / same-repo PR builds (where the flakes were observed) gain the higher authenticated rate limit. This matches the contract the existing in-repo comment already describes. > Note: this covers service containers declared in `services:`. The `bde2020` hive metastore pulled via `docker compose` in the Presto/Hive job is a separate follow-up (it'd need `docker login` before `docker compose up`). ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF N/A — CI reliability change. ### TESTING INSTRUCTIONS Exercised by the existing integration / E2E / Presto-Hive workflows. No change to test behavior; only how the service images are pulled. ### ADDITIONAL INFORMATION - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration - [ ] Introduces new feature or API - [ ] Removes existing feature or API 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
