From a92f0be9c8aee0a92f817d6f32973ecb48637a2e Mon Sep 17 00:00:00 2001
From: andrew <andrew@collectivelab.io>
Date: Mon, 20 Apr 2026 13:46:23 +0300
Subject: [PATCH] Dockerfile: switch base from Docker Hub to ECR Public

AWS CodeBuild shares an outbound IP pool with many other AWS customers,
so anonymous Docker Hub pulls (100/6h per IP) rate-limit quickly. The
aws-feature variant in Package run 24642508475 hit 429 on debian:bookworm-slim.

ECR Public hosts the same official Debian images at
public.ecr.aws/debian/debian, has no pull rate limit, and is
anonymously accessible. Same upstream image, just mirrored on AWS.
---
 Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 67dd0eb..e49a6c7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,7 @@
-FROM debian:bookworm-slim
+# Pulled from ECR Public (the Debian team mirrors official images there)
+# instead of Docker Hub to avoid anonymous-pull rate limits from AWS
+# CodeBuild, which shares an outbound IP pool with many other accounts.
+FROM public.ecr.aws/debian/debian:bookworm-slim
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends ca-certificates curl \