search

tektoncd / catalog

Catalog of shared Tasks and Pipelines.
Apache License 2.0
663 stars 576 forks source link

github-open-pr Task private git server support #1288

Open the-it-jaeger opened 3 months ago

the-it-jaeger commented 3 months ago

Expected Behavior

github-open-pr Task should be able to inject CA certificates for private git servers or allow insecure connections via ... , context = ssl._create_unverified_context()

Actual Behavior

You cannot connect to private git servers with private CA-signed certificates.

Steps to Reproduce the Problem

  1. Try to connect to a private git server by specifying it in the GITHUB_HOST_URL parameter
  2. Observe "certificate not trusted error" in Task output

Additional Info

You can work around this but customizing the Task and adding import ssl and then adding this to line 131: ... , context = ssl._create_unverified_context()

the-it-jaeger commented 3 months ago

The work around could be optional and controlled by a boolean parameter.

It would be best to go a step further and add a ca-certs workspace that would allow the user to inject private CA certs so security is maintained.

the-it-jaeger commented 3 months ago

I'll try to work on this if I get time, but it may not be for a while.