Support for registries with self-signed certificates #869
-
DescriptionI'm trying to publish to my own (Harbor) registry, which has a self-signed certificate. I have my CA root certificate, but there's no way to add that to this action. Can we please add this support? Here's the error I get in my Github action runs: Also, I'd greatly appreciate any workaround in the meantime as I'm blocked on this... |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
This action is just a wrapper around As runners have a hard dependency on the docker engine to startup service containers, we shouldn't have to manage certificates and interact with docker systemd unit as it would have unattended behavior if services are setup. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, @crazy-max. That helped... For self hosted Linux runners, adding the ca cert to |
Beta Was this translation helpful? Give feedback.
This action is just a wrapper around
docker loginand does not trust self-signed certificates by default. If you're using a GitHub public runner you can have a step before the login one that copies the self-signed cert to/etc/docker/certs.d/registry.x-force.int/ca.crtand restart docker withsystemctl restart docker.As runners have a hard dependency on the docker engine to startup service containers, we shouldn't have to manage certificates and interact with docker systemd unit as it would have unattended behavior if services are setup.