kindred/create
1
1
Fork 0
Code Issues 53 Pull Requests Actions Packages Projects 9 Releases 2 Wiki Activity

CI: Remove sudo commands from certificate setup

Browse Source 
- Skip system trust store installation (requires sudo)
- Rely on NODE_EXTRA_CA_CERTS for Node.js actions
- Use --cacert for curl verification
This commit is contained in:
forbes
2026-01-28 10:01:53 -06:00
parent 97f6bee3a6
commit 65db9ce93c
2 changed files with 6 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.gitea/workflows/build.yml
View File

@@ -31,16 +31,12 @@ jobs:
echo "Verifying certificate..."
openssl x509 -in /tmp/ipa-ca.crt -subject -dates -noout
# Install to system trust store
sudo cp /tmp/ipa-ca.crt /usr/local/share/ca-certificates/ipa-ca.crt
sudo update-ca-certificates
# Set NODE_EXTRA_CA_CERTS for Node.js-based actions
# Set NODE_EXTRA_CA_CERTS for Node.js-based actions (used by upload-artifact)
echo "NODE_EXTRA_CA_CERTS=/tmp/ipa-ca.crt" >> $GITHUB_ENV
# Verify SSL connection to Gitea works
# Verify SSL connection to Gitea works with the CA cert
echo "Testing SSL connection to Gitea..."
curl -fsSL https://gitea.kindred.internal/api/v1/version
curl -fsSL --cacert /tmp/ipa-ca.crt https://gitea.kindred.internal/api/v1/version
echo ""
echo "SSL certificate setup complete"

10
.gitea/workflows/release.yml
View File

@@ -39,16 +39,12 @@ jobs:
echo "Verifying certificate..."
openssl x509 -in /tmp/ipa-ca.crt -subject -dates -noout
# Install to system trust store
sudo cp /tmp/ipa-ca.crt /usr/local/share/ca-certificates/ipa-ca.crt
sudo update-ca-certificates
# Set NODE_EXTRA_CA_CERTS for Node.js-based actions
# Set NODE_EXTRA_CA_CERTS for Node.js-based actions (used by upload-artifact)
echo "NODE_EXTRA_CA_CERTS=/tmp/ipa-ca.crt" >> $GITHUB_ENV
# Verify SSL connection to Gitea works
# Verify SSL connection to Gitea works with the CA cert
echo "Testing SSL connection to Gitea..."
curl -fsSL https://gitea.kindred.internal/api/v1/version
curl -fsSL --cacert /tmp/ipa-ca.crt https://gitea.kindred.internal/api/v1/version
echo ""
echo "SSL certificate setup complete"