Open ievgennaida opened 1 month ago
Have a look here https://github.com/semantic-release/gitlab/issues/568. Might be the same reason
@JonasSchubert Thanks for the reference. Related issue is closed I have the up to date version. But what is the current working setup?
@JonasSchubert Thanks for the reference. Related issue is closed I have the up to date version. But what is the current working setup?
https://github.com/semantic-release/gitlab/issues/489#issuecomment-1970473115 this flag might help you
@JonasSchubert Thanks for the reference. Related issue is closed I have the up to date version. But what is the current working setup?
https://github.com/semantic-release/gitlab/issues/489#issuecomment-1970473115 this flag might help you
You might have to change NODE_OPTION to NODE_OPTIONS in your variables
@JonasSchubert Thanks for the reference. Related issue is closed I have the up to date version. But what is the current working setup?
#489 (comment) this flag might help you
You might have to change NODE_OPTION to NODE_OPTIONS in your variables
@JonasSchubert Thanks for the reference. Related issue is closed I have the up to date version. But what is the current working setup?
#489 (comment) this flag might help you
You might have to change NODE_OPTION to NODE_OPTIONS in your variables
Thank you for spotting, but just tested only NODE_OPTIONS in 13.0.1 and 10.1.4 and both are giving UNABLE_TO_GET_ISSUER_CERT unless NODE_TLS_REJECT_UNAUTHORIZED: 0 is used for version 10.1.4
Did you try this approach: https://github.com/semantic-release/gitlab/issues/489#issuecomment-1481225666
Another way without completely disabling security.
OS: Debian 11 (node:19 docker image)
If you have own CA and certificates signed with it.
Add CA to system trusted certs inside
/usr/local/share/ca-certificates/
, for example/usr/local/share/ca-certificates/MyCA.crt
If you have selfsigned certificates.
Add selfsigned cert:
echo | openssl s_client -servername mydomain.local -connect mydomain.local:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/mydomain.local.crt
And then
* run `update-ca-certificates` * This is enough for usual tools like `curl`. Don't know why, but not enough for `got`. * We can add `NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt` variable to env, and now all is working
This is really strange, why got not use system list of trusted certs. If any body know, please tell me =)
@JonasSchubert
Yes, this is exactly what I am doing:
Docker image:
COPY *.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
Than env is added to the gitlab variables like: variables: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt NO_PROXY: {my.gitlab.com}
Versions checked:
"@semantic-release/gitlab": "13.1.0",
"@semantic-release/gitlab": "10.1.4",
Certs are valid because other tools are ok to use them.
So far only NODE_TLS_REJECT_UNAUTHORIZED: 0 and version 10.1.4 works.
You need to force Node to use the system certificate store, see https://github.com/semantic-release/gitlab/issues/489#issuecomment-1970473115
@fgreinacher Node options are set.
@ievgennaida Can you share a minimal project that reproduces this issue? That would help a lot.
Hi @ievgennaida, I see you reached out to sindresorhus/got. Did you manage to find a solution?
Hello @JonasSchubert, unfortunately no, only old version works and issue was postponed. But I plan to test additionally direct verbose "http" and "got" module calls in the future to find a problem.
I am not able to use self-signed certificates using this plugin.
Version: "@semantic-release/gitlab": "13.1.0",
Error: UNABLE_TO_GET_ISSUER_CERT
I have tried to set next variables:
Certs are installed in the container
Error:
I would appreciate any suggestion how to use self-signed certificates.