developer/galaxy-game
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ci: drop GIT_SSL_NO_VERIFY now that runner is host-mode

Browse Source 
The act_runner now executes jobs natively on the host (no per-job
container), so actions/checkout uses the host's system CA store,
which already trusts the host-Caddy root CA. The workaround that
disabled TLS verification for `git fetch` is no longer needed and
just hides legitimate cert issues if they ever appear.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Ilia Denisov
2026-05-14 01:04:11 +02:00
parent fe8ad6a02a
commit 4a88b24f4b
5 changed files with 0 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/dev-deploy.yaml
-6
View File
@@ -24,12 +24,6 @@ on:
- '.gitea/workflows/dev-deploy.yaml' - '.gitea/workflows/dev-deploy.yaml'
- '!**/*.md' - '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
.gitea/workflows/go-unit.yaml
-9
View File
@@ -30,15 +30,6 @@ on:
- '.gitea/workflows/go-unit.yaml' - '.gitea/workflows/go-unit.yaml'
- '!**/*.md' - '!**/*.md'
env:
# The Gitea host serves https://gitea.iliadenisov.ru with a cert
# signed by host-Caddy's internal CA. The runner-image's CA bundle
# does not include that root, so actions/checkout fails on `git
# fetch`. Disabling SSL verify is acceptable for this LAN-only
# infrastructure; the long-term fix is to mount the Caddy root CA
# into the runner image.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
.gitea/workflows/integration.yaml
-6
View File
@@ -37,12 +37,6 @@ on:
- '.gitea/workflows/integration.yaml' - '.gitea/workflows/integration.yaml'
- '!**/*.md' - '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
integration: integration:
runs-on: ubuntu-latest runs-on: ubuntu-latest
.gitea/workflows/prod-build.yaml
-6
View File
@@ -21,12 +21,6 @@ on:
- '.gitea/workflows/prod-build.yaml' - '.gitea/workflows/prod-build.yaml'
- '!**/*.md' - '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
.gitea/workflows/ui-test.yaml
-6
View File
@@ -16,12 +16,6 @@ on:
- '.gitea/workflows/ui-test.yaml' - '.gitea/workflows/ui-test.yaml'
- '!**/*.md' - '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest