developer/galaxy-game
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ci: skip TLS verify for actions/checkout on LAN Gitea
go-unit / test (push) Successful in 2m28s
Details
go-unit / test (pull_request) Successful in 2m30s
Details
integration / integration (pull_request) Successful in 2m20s
Details
ui-test / test (push) Successful in 13m5s
Details
ui-test / test (pull_request) Successful in 14m31s
Details

Browse Source 
The Gitea host serves https://gitea.iliadenisov.ru with a cert signed
by host-Caddy's internal CA, which the runner-image's CA bundle does
not trust. actions/checkout@v4 fails on `git fetch` as a result, so
every workflow on gitea.lan has been failing — visible only now that
we made gitea.lan the primary CI target.

Sets GIT_SSL_NO_VERIFY=true on every workflow as a quick fix. Safe in
practice because both endpoints sit on the same LAN. The long-term
fix is to bake the Caddy root CA into the runner image and drop this
env.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Ilia Denisov
2026-05-13 23:43:51 +02:00
parent f00c8efd18
commit c6c5f3c8dd
5 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/integration.yaml
+6
View File
@@ -37,6 +37,12 @@ on:
- '.gitea/workflows/integration.yaml'
- '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs:
integration:
runs-on: ubuntu-latest