From 226425ca546f962a286d32bd3a3c2448220d7863 Mon Sep 17 00:00:00 2001
From: forbes <zoe.forbes@kindred-systems.com>
Date: Tue, 3 Feb 2026 18:06:50 -0600
Subject: [PATCH] ci: remove internal CA dependency for DMZ-compatible public
 branch

Strip ipa.kindred.internal CA trust steps. The public Gitea instance
uses a publicly-trusted certificate. Trigger CI on both main and
public branches.
---
 .gitea/workflows/ci.yaml | 32 ++++----------------------------
 1 file changed, 4 insertions(+), 28 deletions(-)

diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index c59dba5..06b88ce 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -2,9 +2,9 @@ name: CI
 
 on:
   push:
-    branches: [main]
+    branches: [main, public]
   pull_request:
-    branches: [main]
+    branches: [main, public]
   workflow_dispatch:
     inputs:
       run_datagen:
@@ -37,12 +37,6 @@ jobs:
     env:
       PATH: /tmp/solver-venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     steps:
-      - name: Trust internal CA
-        run: |
-          curl -sk https://ipa.kindred.internal/ipa/config/ca.crt \
-            -o /usr/local/share/ca-certificates/kindred-internal.crt
-          update-ca-certificates
-
       - name: Checkout
         uses: https://github.com/actions/checkout@v4
 
@@ -66,12 +60,6 @@ jobs:
     env:
       PATH: /tmp/solver-venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     steps:
-      - name: Trust internal CA
-        run: |
-          curl -sk https://ipa.kindred.internal/ipa/config/ca.crt \
-            -o /usr/local/share/ca-certificates/kindred-internal.crt
-          update-ca-certificates
-
       - name: Checkout
         uses: https://github.com/actions/checkout@v4
 
@@ -97,12 +85,6 @@ jobs:
     env:
       PATH: /tmp/solver-venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     steps:
-      - name: Trust internal CA
-        run: |
-          curl -sk https://ipa.kindred.internal/ipa/config/ca.crt \
-            -o /usr/local/share/ca-certificates/kindred-internal.crt
-          update-ca-certificates
-
       - name: Checkout
         uses: https://github.com/actions/checkout@v4
 
@@ -120,23 +102,17 @@ jobs:
         run: pytest tests/ freecad/tests/ -v --tb=short
 
   # ---------------------------------------------------------------------------
-  # Dataset generation — manual trigger or on main push
+  # Dataset generation — manual trigger or on main/public push
   # ---------------------------------------------------------------------------
   datagen:
     runs-on: ubuntu-latest
     if: >-
       (github.event_name == 'workflow_dispatch' && inputs.run_datagen == true) ||
-      (github.event_name == 'push' && github.ref == 'refs/heads/main')
+      (github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/public'))
     needs: [test]
     env:
       PATH: /tmp/solver-venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     steps:
-      - name: Trust internal CA
-        run: |
-          curl -sk https://ipa.kindred.internal/ipa/config/ca.crt \
-            -o /usr/local/share/ca-certificates/kindred-internal.crt
-          update-ca-certificates
-
       - name: Checkout
         uses: https://github.com/actions/checkout@v4