Closed merlinpaypal closed 8 months ago
Issue is stale and will be closed in 14 days unless there is new activity
I have the same thing
bug report output:
act version: 0.2.59
GOOS: darwin
GOARCH: arm64
NumCPU: 10
Docker host: unix:///Users/dzoljom/.colima/default/docker.sock
Sockets found:
$HOME/.colima/docker.sock
Config files:
/Users/dzoljom/Library/Application Support/act/actrc:
-P ubuntu-latest=catthehacker/ubuntu:act-latest
-P ubuntu-22.04=catthehacker/ubuntu:act-22.04
-P ubuntu-20.04=catthehacker/ubuntu:act-20.04
-P ubuntu-18.04=catthehacker/ubuntu:act-18.04
Build info:
Go version: go1.21.6
Module path: command-line-arguments
Main version:
Main path:
Main checksum:
Build settings:
-buildmode: exe
-compiler: gc
-ldflags: -X main.version=0.2.59
DefaultGODEBUG: panicnil=1
CGO_ENABLED: 1
CGO_CFLAGS:
CGO_CPPFLAGS:
CGO_CXXFLAGS:
CGO_LDFLAGS:
GOARCH: arm64
GOOS: darwin
Docker Engine:
Engine version: 24.0.9
Engine runtime: runc
Cgroup version: 2
Cgroup driver: systemd
Storage driver: overlay2
Registry URI: https://index.docker.io/v1/
OS: Ubuntu 23.10
OS type: linux
OS version: 23.10
OS arch: aarch64
OS kernel: 6.5.0-15-generic
OS CPU: 2
OS memory: 1895 MB
Security options:
name=apparmor
name=seccomp,profile=builtin
name=cgroupns
The problem is that I am running act
on a company laptop that inspects the TLS connections in the corporate network, so original certificates are replaced by the company ones.
How do I add the company CA to my root CA that will be passed to act
?
The bizzare thing is, when I exec into the container created by act
cbe1fd82d5dc catthehacker/ubuntu:act-latest "tail -f /dev/null" 3 minutes ago Up 3 minutes act-Continuous-integration-checks-Syntax-errors-checks-8107544da945bdaf257e405c888977a9c013e14f50edbf39d04e06d933c87ea6
I can run the composer just fine 🤷🏼♂️
I tried running the command act -j phpcs --container-architecture linux/amd64 --container-options "-v /etc/ssl/certs:/etc/ssl/certs:ro"
but I'm still getting the same error.
I know the issue is stale, but am hoping one of you found a solution to your problem and wouldn't mind posting back here! I am also on a company laptop and suspect the same issue.
I had to ping my IT department to allow certain URLs, there was no other way.
I'm experiencing the same issue on a corporate machine that has Netskope.
INFO[0000] Using docker host 'unix:///Users/miles/.colima/default/docker.sock', and daemon socket 'unix:///Users/miles/.colima/default/docker.sock'
[Deploy/deploy] 🚀 Start image=catthehacker/ubuntu:act-latest
[Deploy/deploy] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform=linux/amd64 username= forcePull=true
[Deploy/deploy] 🐳 docker create image=catthehacker/ubuntu:act-latest platform=linux/amd64 entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[Deploy/deploy] 🐳 docker run image=catthehacker/ubuntu:act-latest platform=linux/amd64 entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[Deploy/deploy] 🐳 docker exec cmd=[node --no-warnings -e console.log(process.execPath)] user= workdir=
[Deploy/deploy] ☁ git clone 'https://github.com/actions/setup-python' # ref=v2
[Deploy/deploy] Non-terminating error while running 'git clone': some refs were not updated
[Deploy/deploy] ⭐ Run Main Checkout code
[Deploy/deploy] 🐳 docker cp src=/Users/miles/work/github.com/Tractor-Supply-EA/athena-servers/. dst=/Users/miles/work/github.com/Tractor-Supply-EA/athena-servers
[Deploy/deploy] ✅ Success - Main Checkout code
[Deploy/deploy] ⭐ Run Main Set up Python
[Deploy/deploy] 🐳 docker cp src=/Users/miles/.cache/act/actions-setup-python@v2/ dst=/var/run/act/actions/actions-setup-python@v2/
[Deploy/deploy] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.4/x64/bin/node /var/run/act/actions/actions-setup-python@v2/dist/setup/index.js] user= workdir=
[Deploy/deploy] 💬 ::debug::Semantic version spec of 3.x is 3.x
[Deploy/deploy] 💬 ::debug::isExplicit:
[Deploy/deploy] 💬 ::debug::explicit? false
[Deploy/deploy] 💬 ::debug::evaluating 0 versions
[Deploy/deploy] 💬 ::debug::match not found
| Version 3.x was not found in the local cache
[Deploy/deploy] ❗ ::error::self-signed certificate in certificate chain
[Deploy/deploy] ❌ Failure - Main Set up Python
[Deploy/deploy] exitcode '1': failure
[Deploy/deploy] 🏁 Job failed
Error: Job 'deploy' failed
Has anyone found a workaround?
@mileserickson node is ignoring the system cert store
I suggest to add env NODE_EXTRA_CA_CERTS
to point to your cert bundle file
can be done via --env
as well, if you put it into your repo dir depends on chevkoit beeing the first doing network stuff
so act --env NODE_EXTRA_CA_CERTS=/Users/miles/work/github.com/Tractor-Supply-EA/athena-servers/certs.pem
There is some env to skip tls validation in node as well, don't rember it as it is unsecure.
Tbh. you should create your own docker image with all the certs and that env and use --pull=false to use it
Bug report info
Command used with act
Describe issue
Erroring out with
::error::self signed certificate in certificate chain
on a fairly simple step ofactions/setup-node@v3
.I've turned off any VPN that I was using and I still get this same issue. I also disabled setting
NODE_EXTRA_CA_CERTS
. Though I wouldn't expect that to affect this runner either.Link to GitHub repository
https://github.com/paypal/paypal-messaging-components/blob/develop/.github/workflows/core.yml
Workflow content
Relevant log output
Additional information
.actrc file