Closed remi closed 1 year ago
Thank you for reporting it. Is it ubuntu based runner?
What I found during development that different language runtimes use different env variables for using the registered self signed certificate, like NODE_EXTRA_CA_CERTS for Node.js or REQUESTS_CA_BUNDLE for Python requests library: https://github.com/GitHubSecurityLab/actions-permissions/blob/a1f1ca6cc96c0f59f3ddcf212cc6493e9c73cdfb/monitor/setup.sh#L111-L114
Is the deps.get
written in Erlang? If it has a similar env to set, then it is something the Monitor action should do. But it is sad not everyone is detecting locally installed CA:
https://github.com/GitHubSecurityLab/actions-permissions/blob/a1f1ca6cc96c0f59f3ddcf212cc6493e9c73cdfb/monitor/setup.sh#L108-L110
There is! HEX_CACERTS_PATH
🎉
I’ll send a pull request with the change.
When using the
GitHubSecurityLab/actions-permissions/monitor@v1
action in a simple Elixir workflow:The
mix deps.get
action (which fetches package information from https://repo.hex.pm) fails with this error:When removing the
GitHubSecurityLab/actions-permissions/monitor@v1
action,mix deps.get
works as expected.My guess is that it’s related to the way
mitmproxy
intercepts HTTPS requests.Is there any more information I can provide to help you guys fix this?
Thank you! ✌️