From 761c7508957b67e0e4d98d88347e3b7083bb7b84 Mon Sep 17 00:00:00 2001
From: forbes-0023 <joseph.forbes@kindred-systems.com>
Date: Mon, 9 Feb 2026 11:19:11 -0600
Subject: [PATCH] fix(ci): add CA certificate update before checkout

The job containers don't trust the Cloudflare origin cert by
default. Install and update ca-certificates as the first step
so git can clone over HTTPS before actions/checkout runs.
---
 .gitea/workflows/build.yml   |  6 ++++++
 .gitea/workflows/release.yml | 12 ++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 62d19ae11d..cd65e72532 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -22,6 +22,12 @@ jobs:
       DEBIAN_FRONTEND: noninteractive
 
     steps:
+      - name: Trust Cloudflare origin CA
+        run: |
+          apt-get update -qq
+          apt-get install -y --no-install-recommends ca-certificates
+          update-ca-certificates
+
       - name: Free disk space
         run: |
           echo "=== Disk usage before cleanup ==="
diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 376dc02cc5..7a42021948 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -31,6 +31,12 @@ jobs:
       DEBIAN_FRONTEND: noninteractive
 
     steps:
+      - name: Trust Cloudflare origin CA
+        run: |
+          apt-get update -qq
+          apt-get install -y --no-install-recommends ca-certificates
+          update-ca-certificates
+
       - name: Free disk space
         run: |
           echo "=== Disk usage before cleanup ==="
@@ -319,6 +325,12 @@ jobs:
       BUILD_TAG: ${{ github.ref_name || inputs.tag }}
 
     steps:
+      - name: Trust Cloudflare origin CA
+        run: |
+          apt-get update -qq
+          apt-get install -y --no-install-recommends ca-certificates
+          update-ca-certificates
+
       - name: Download all artifacts
         uses: https://git.kindred-systems.com/actions/download-artifact.git@v3
         with:
-- 
2.49.1