From a2fa311a5d5462ae08f193ba4ad1c172bdad9335 Mon Sep 17 00:00:00 2001
From: nurdotnet <278048682+nurdotnet@users.noreply.github.com>
Date: Thu, 23 Apr 2026 00:49:33 +0500
Subject: [PATCH] ci(docker): add retries for login and push on flaky network

Our upstream is dropping TCP SYNs to github.com/ghcr.io often enough
that single docker login/push attempts time out. Wrap in a 5-attempt
retry loop with 15s backoff.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/docker.yml | 40 ++++++++++++++++++++++++++++++------
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 924ab03..6b8dec2 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -29,7 +29,15 @@ jobs:
         env:
           TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ACTOR: ${{ github.actor }}
-        run: echo "$TOKEN" | docker login ghcr.io -u "$ACTOR" --password-stdin
+        run: |
+          for i in 1 2 3 4 5; do
+            if echo "$TOKEN" | docker login ghcr.io -u "$ACTOR" --password-stdin; then
+              exit 0
+            fi
+            echo "login attempt $i failed, retrying in 15s"
+            sleep 15
+          done
+          exit 1
 
       - name: Build + push api
         env:
@@ -37,8 +45,14 @@ jobs:
           SHA: ${{ github.sha }}
         run: |
           docker build -f deploy/Dockerfile.api -t ghcr.io/$OWNER/food-market-api:$SHA -t ghcr.io/$OWNER/food-market-api:latest .
-          docker push ghcr.io/$OWNER/food-market-api:$SHA
-          docker push ghcr.io/$OWNER/food-market-api:latest
+          for tag in $SHA latest; do
+            for i in 1 2 3 4 5; do
+              if docker push ghcr.io/$OWNER/food-market-api:$tag; then break; fi
+              echo "push $tag attempt $i failed, retrying in 15s"
+              sleep 15
+              [ $i -eq 5 ] && exit 1
+            done
+          done
 
   web:
     name: Web image
@@ -50,7 +64,15 @@ jobs:
         env:
           TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ACTOR: ${{ github.actor }}
-        run: echo "$TOKEN" | docker login ghcr.io -u "$ACTOR" --password-stdin
+        run: |
+          for i in 1 2 3 4 5; do
+            if echo "$TOKEN" | docker login ghcr.io -u "$ACTOR" --password-stdin; then
+              exit 0
+            fi
+            echo "login attempt $i failed, retrying in 15s"
+            sleep 15
+          done
+          exit 1
 
       - name: Build + push web
         env:
@@ -58,5 +80,11 @@ jobs:
           SHA: ${{ github.sha }}
         run: |
           docker build -f deploy/Dockerfile.web -t ghcr.io/$OWNER/food-market-web:$SHA -t ghcr.io/$OWNER/food-market-web:latest .
-          docker push ghcr.io/$OWNER/food-market-web:$SHA
-          docker push ghcr.io/$OWNER/food-market-web:latest
+          for tag in $SHA latest; do
+            for i in 1 2 3 4 5; do
+              if docker push ghcr.io/$OWNER/food-market-web:$tag; then break; fi
+              echo "push $tag attempt $i failed, retrying in 15s"
+              sleep 15
+              [ $i -eq 5 ] && exit 1
+            done
+          done