Skip to content

ci: add Docker Hub authentication to mitigate pull rate limits #2393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yongwww merged 3 commits into from
Jan 21, 2026
Merged

ci: add Docker Hub authentication to mitigate pull rate limits #2393

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f209597
ci: add Docker Hub authentication to mitigate pull rate limits
yongwww Jan 21, 2026
cbd06d3
allow failure if secret unavailable
yongwww Jan 21, 2026
04fd84d
trigger CI
yongwww Jan 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .github/workflows/pr-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,13 @@ jobs:
with:
submodules: recursive

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: flashinfer
password: ${{ secrets.DOCKERHUB_TOKEN }}
continue-on-error: true # Don't fail if secret is unavailable (e.g., fork PRs)

Comment on lines +124 to +130
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Login will fail for fork PRs due to inaccessible secrets.

GitHub Actions does not expose repository secrets to workflows triggered by pull requests from forked repositories. This causes the login step to fail for external contributors, breaking their CI.

Add a condition to skip login for fork PRs (they'll fall back to anonymous rate limits):

πŸ”§ Proposed fix 
      - name: Login to Docker Hub
+       if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: flashinfer
          password: ${{ secrets.DOCKERHUB_TOKEN }}

Apply this same fix to all three login steps in this file.

πŸ“ Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: flashinfer
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Docker Hub
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: flashinfer
password: ${{ secrets.DOCKERHUB_TOKEN }}
πŸ€– Prompt for AI Agents 
In @.github/workflows/pr-test.yml around lines 124 - 129, The Docker Hub login
step ("Login to Docker Hub" using docker/login-action@v3 with username
flashinfer and password ${{ secrets.DOCKERHUB_TOKEN }}) will fail for forked PRs
because secrets are not exposed; update that step to run only when the PR is not
from a fork (i.e., skip login for pull_request events where head repo differs
from the base repo) so anonymous pulls are used instead, and apply the same
conditional guard to the other two docker/login-action@v3 login steps in the
workflow.

- name: Show Node Info
run: ./scripts/task_show_node_info.sh
env:
Expand Down Expand Up @@ -164,6 +171,13 @@ jobs:
with:
submodules: recursive

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: flashinfer
password: ${{ secrets.DOCKERHUB_TOKEN }}
continue-on-error: true # Don't fail if secret is unavailable (e.g., fork PRs)

Comment on lines +174 to +180
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Apply the same conditional fix here.

Same fork PR issue as noted above. Add the if condition to prevent failures for external contributors.

πŸ€– Prompt for AI Agents 
In @.github/workflows/pr-test.yml around lines 173 - 178, The "Login to Docker
Hub" step using docker/login-action@v3 should be skipped for external-fork PRs;
add an if condition to the step to only run when the repository owner is the
org/user (e.g., github.repository_owner == 'flashinfer'). Modify the step that
currently uses docker/login-action@v3 (named "Login to Docker Hub") to include
if: ${{ github.repository_owner == 'flashinfer' }} so external contributors'
workflows don't attempt to use the repo secrets.

- name: Show Node Info
run: ./scripts/task_show_node_info.sh
env:
Expand Down Expand Up @@ -203,6 +217,13 @@ jobs:
with:
submodules: recursive

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: flashinfer
password: ${{ secrets.DOCKERHUB_TOKEN }}
continue-on-error: true # Don't fail if secret is unavailable (e.g., fork PRs)

Comment on lines +220 to +226
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Apply the same conditional fix here.

Same fork PR issue as noted above. Add the if condition to prevent failures for external contributors.

πŸ€– Prompt for AI Agents 
In @.github/workflows/pr-test.yml around lines 218 - 223, The Docker Hub login
step ("Login to Docker Hub" using docker/login-action@v3 with username
flashinfer) needs the same fork-PR guard as earlier; add an if condition to the
step (e.g. if: ${{ github.event.pull_request.head.repo.full_name ==
github.repository }}) so the docker/login step is skipped for external/forked
PRs to avoid failing when secrets are unavailable.

- name: Show Node Info
run: ./scripts/task_show_node_info.sh
env:
Expand Down
Loading