Ilia Denisov
c6c5f3c8dd
The Gitea host serves https://gitea.iliadenisov.ru with a cert signed by host-Caddy's internal CA, which the runner-image's CA bundle does not trust. actions/checkout@v4 fails on `git fetch` as a result, so every workflow on gitea.lan has been failing — visible only now that we made gitea.lan the primary CI target. Sets GIT_SSL_NO_VERIFY=true on every workflow as a quick fix. Safe in practice because both endpoints sit on the same LAN. The long-term fix is to bake the Caddy root CA into the runner image and drop this env. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>