Skip to content

Harden pull image action against GHA connectivity instability#7255

Draft
cbeauchesne wants to merge 3 commits into
mainfrom
cbeauchesne/APMSP-3622
Draft

Harden pull image action against GHA connectivity instability#7255
cbeauchesne wants to merge 3 commits into
mainfrom
cbeauchesne/APMSP-3622

Conversation

@cbeauchesne

Copy link
Copy Markdown
Collaborator

Motivation

Per title

Changes

  • Replace docker/login-action with a plain docker login --password-stdin call, passing credentials via env, as this action does not offer any retry logic
  • Add retry logic around both the Docker Hub login and docker compose pull, with exponential backoff (10s → 320s, capped, up to 16 attempts) to ride out transient GitHub Actions runner connectivity issues.
  • Skip retrying immediately on known non-retryable failures (bad credentials, unauthorized, missing/malformed compose file, unresolvable image reference, etc.) instead of burning through all retry attempts on errors that will never succeed.
  • Extract the login/pull/retry logic out of inline YAML run: blocks into .github/actions/pull_images/main.sh for readability and testability.

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • Anything but tests/ or manifests/ is modified ? I have the approval from R&P team
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added, removed or renamed?

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

CODEOWNERS have been resolved as:

.github/actions/pull_images/main.sh                                     @DataDog/system-tests-core
.github/actions/pull_images/action.yml                                  @DataDog/system-tests-core

@datadog-datadog-prod-us1

Copy link
Copy Markdown

Pipelines  Tests

Fix all issues with BitsAI

⚠️ Warnings

🚦 2 Pipeline jobs failed

Testing the test | System Tests (php, prod) / End-to-end #2 / laravel11x 2   View in Datadog   GitHub Actions

🧪 1 Test failed

tests.appsec.api_security.test_apisec_sampling.Test_API_Security_Sampling_Different_Endpoints.test_sampling_delay[laravel11x] from system_tests_suite   View in Datadog
assert False
 +  where False = all(<generator object Test_API_Security_Sampling_Different_Endpoints.test_sampling_delay.<locals>.<genexpr> at 0x7fdc6c22af80>)

self = <tests.appsec.api_security.test_apisec_sampling.Test_API_Security_Sampling_Different_Endpoints object at 0x7fdc87b621b0>

    def test_sampling_delay(self):
        assert self.request1.status_code == 200
        schema1 = get_schema(self.request1, "req.headers")
        assert schema1 is not None
    
...

Testing the test | all-jobs-are-green   View in Datadog   GitHub Actions

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 3a3307b | Docs | Datadog PR Page | Give us feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant