kindred/create
1
1
Fork 0
Code Issues 53 Pull Requests Actions Packages Projects 9 Releases 2 Wiki Activity

fix: set NODE_EXTRA_CA_CERTS for artifact upload/download actions #127

Merged
forbes merged 1 commits from fix/build-artifact-ca-cert into main 2026-02-09 18:59:47 +00:00
Conversation 0 Commits 1 Files Changed 2 +3
forbes commented 2026-02-09 18:59:35 +00:00
Owner
Copy Link

Summary

Fixes unable to verify the first certificate error when uploading/downloading build artifacts.

Problem

Node.js actions (checkout, cache, upload-artifact, download-artifact) use their own TLS stack and don't trust the system CA store populated by update-ca-certificates. The Cloudflare origin CA cert is installed at the OS level but Node.js never sees it.

Fix

Sets NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt as a job-level env var in:

  • build.yml (build job)
  • release.yml (build-linux and publish-release jobs)

This points Node.js to the system CA bundle, which includes the Cloudflare origin CA after update-ca-certificates runs.

## Summary Fixes `unable to verify the first certificate` error when uploading/downloading build artifacts. ## Problem Node.js actions (checkout, cache, upload-artifact, download-artifact) use their own TLS stack and don't trust the system CA store populated by `update-ca-certificates`. The Cloudflare origin CA cert is installed at the OS level but Node.js never sees it. ## Fix Sets `NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt` as a job-level env var in: - `build.yml` (build job) - `release.yml` (build-linux and publish-release jobs) This points Node.js to the system CA bundle, which includes the Cloudflare origin CA after `update-ca-certificates` runs.
forbes added 1 commit 2026-02-09 18:59:35 +00:00
fix: set NODE_EXTRA_CA_CERTS for artifact upload/download actions
Some checks failed
Build and Test / build (pull_request) Has been cancelled
Details
44b9b4e8df 
Node.js actions (checkout, cache, upload-artifact, download-artifact)
use their own TLS stack and don't trust the system CA store. Setting
NODE_EXTRA_CA_CERTS points Node to the system bundle which includes
the Cloudflare origin CA.
forbes merged commit f8a9fa0103 into main 2026-02-09 18:59:47 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
UX
branding
bug
ci/cd
CI/CD workflows and deployment
 defaults
documentation
Developer documentation
 enhancement
high-priority
low-priority
theme
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
forbes
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: kindred/create#127
Delete Branch "fix/build-artifact-ca-cert"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?