Add Docker Hub auth to rate-limited CI workflows (#5373)

.github/workflows/backend_checks.yml

@@ -15,6 +15,9 @@ on:
 env:
   IMAGE: ethyca/fides:local
   DEFAULT_PYTHON_VERSION: "3.10.13"
+  # Docker auth with read-only permissions.
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
+  DOCKER_RO_TOKEN: ${{ secrets.DOCKER_RO_TOKEN }}
 
 jobs:
   ###############
@@ -143,6 +146,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run Performance Tests
         run: nox -s performance_tests
 
@@ -175,6 +184,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run test suite
         run: nox -s check_container_startup
 
@@ -213,6 +228,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run test suite
         run: nox -s "${{ matrix.test_selection }}"
 
@@ -256,6 +277,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run test suite
         run: nox -s "pytest(${{ matrix.test_selection }})"
 
@@ -296,6 +323,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Run external test suite
         run: nox -s "pytest(ctl-external)"
         env:
@@ -336,6 +369,12 @@ jobs:
       - name: Install Nox
         run: pip install nox>=2022
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Integration Tests (External)
         env:
           BIGQUERY_DATASET: fidesopstest
@@ -413,6 +452,12 @@ jobs:
           role: ${{ secrets.VAULT_ROLE }}
           exportToken: True
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: SaaS Connector Tests
         env:
           VAULT_ADDR: ${{ secrets.VAULT_ADDR }}

.github/workflows/cypress_e2e.yml

@@ -11,6 +11,10 @@ on:
 
 env:
   CI: true
+  env:
+  # Docker auth with read-only permissions.
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
+  DOCKER_RO_TOKEN: ${{ secrets.DOCKER_RO_TOKEN }}
 
 jobs:
   Cypress-E2E:
@@ -30,6 +34,12 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_USER }}
+          password: ${{ env.DOCKER_RO_TOKEN }}
+
       - name: Start test environment in the background
         run: nox -s "fides_env(test)" -- keep_alive
 

.github/workflows/publish_docker.yaml

@@ -8,7 +8,8 @@ on:
       - "*"
 
 env:
-  DOCKER_USER: ethycaci
+  # Docker auth with read-write (publish) permissions. Set as env in workflow root as auth is required in multiple jobs.
+  DOCKER_USER: ${{ secrets.DOCKER_USER }}
   DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
 
 jobs:
@@ -71,7 +72,7 @@ jobs:
           fetch-depth: 0 # This is required to properly tag images
 
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ env.DOCKER_USER }}
           password: ${{ env.DOCKER_TOKEN }}