Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHTAPSRE-405: Custom CA bundle for git-clone #845

Merged
merged 6 commits into from
Mar 5, 2024
Merged

RHTAPSRE-405: Custom CA bundle for git-clone #845

merged 6 commits into from
Mar 5, 2024

Conversation

gbenhaim
Copy link
Member

Support custom CA bundle in the git-clone task.
Required when cloning using HTTPs from an SCM that has self-signed certificate.

@gbenhaim
RHTAPSRE-405: Custom CA bundle for git-clone
e55a8e3 
Support custom CA bundle in the git-clone task.
Required when cloning using HTTPs from an SCM that
has self-signed certificate.

Signed-off-by: gbenhaim <[email protected]>
@gbenhaim
Copy link
Member Author

gbenhaim commented Mar 4, 2024

/test

chmeliik
chmeliik reviewed Mar 4, 2024
View reviewed changes
Copy link
Contributor

@chmeliik chmeliik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a more generic way to do this? We will end up having to respect custom CAs in every task that communicates with an internal host, e.g. prefetch-dependencies (it sometimes fetches git tags from the repo)

@gbenhaim
Copy link
Member Author

gbenhaim commented Mar 4, 2024

@chmeliik I didn't find any other way to do it.

@gbenhaim
Copy link
Member Author

gbenhaim commented Mar 4, 2024

@chmeliik here is the openshift documentation I followed https://docs.openshift.com/container-platform/4.14/networking/configuring-a-custom-pki.html#nw-proxy-configure-object_configuring-a-custom-pki

@chmeliik
Copy link
Contributor

chmeliik commented Mar 4, 2024

@chmeliik I didn't find any other way to do it.

Ok. Just beware that other tasks will need corresponding changes too.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 5, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@MartinBasti
Copy link
Contributor

Technically users could define pod templates in pipeline definition and mount CA there for every pod, but that's not something we should have at task level though.

@MartinBasti
Copy link
Contributor

https://tekton.dev/docs/pipelines/podtemplates/ it seems that volumeMounts are not supported :(

@gbenhaim gbenhaim merged commit 63e1607 into konflux-ci:main Mar 5, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chmeliik chmeliik chmeliik approved these changes

@MartinBasti MartinBasti MartinBasti approved these changes

@mmorhun mmorhun Awaiting requested review from mmorhun

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gbenhaim @chmeliik @MartinBasti