Skip to content

Github actions docker build fails with curl SSL error for get.helm.sh #63

New issue
New issue
Open
Open
Github actions docker build fails with curl SSL error for get.helm.sh#63
@solsson

Description

@solsson
solsson
opened on Nov 12, 2024

While docker buildx build -f runner.Dockerfile . works fine locally, builds fail in github actions. Output with added debug:

#54 [linux/arm64 bin  7/19] RUN nslookup get.helm.sh;   curl -v -I https://get.helm.sh/helm-v3.16.1-linux-arm64.tar.gz;   curl -k -v -I https://get.helm.sh/helm-v3.16.1-linux-arm64.tar.gz;   export CURL_SSL_VERIFYPEER=0;   y-helm version --client=true
#54 0.496 Server:		168.63.129.16
#54 0.496 Address:	168.63.129.16#53
#54 0.496 
#54 0.496 Non-authoritative answer:
#54 0.496 get.helm.sh	canonical name = get-helm-front-door-cdn-c9drhfggd8ewfzck.z03.azurefd.net.
#54 0.496 get-helm-front-door-cdn-c9drhfggd8ewfzck.z03.azurefd.net	canonical name = shed.dual-low.s-part-0023.t-0009.t-msedge.net.
#54 0.496 shed.dual-low.s-part-0023.t-0009.t-msedge.net	canonical name = s-part-0023.t-0009.t-msedge.net.
#54 0.496 Name:	s-part-0023.t-0009.t-msedge.net
#54 0.496 Address: 13.107.246.51
#54 0.496 Name:	s-part-0023.t-0009.t-msedge.net
#54 0.496 Address: 2620:1ec:bdf::51
#54 0.496 
#54 0.612   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
#54 0.615                                  Dload  Upload   Total   Spent    Left  Speed
#54 0.619 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host get.helm.sh:443 was resolved.
#54 0.669 * IPv6: 2620:1ec:bdf::51
#54 0.669 * IPv4: 13.107.246.51
#54 0.671 *   Trying 13.107.246.51:443...
#54 0.674 * Connected to get.helm.sh (13.107.246.51) port 443
#54 0.909 * ALPN: curl offers h2,http/1.1
#54 0.927 } [5 bytes data]
#54 0.929 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
#54 0.929 } [512 bytes data]
#54 5.971 *  CAfile: /etc/ssl/certs/ca-certificates.crt
#54 5.971 *  CApath: /etc/ssl/certs
#54 5.972 
  0     0    0     0    0     0      0      0 --:--:--  0:00:05 --:--:--     0{ [5 bytes data]
#54 5.975 * TLSv1.3 (IN), TLS handshake, Server hello (2):
#54 5.975 { [88 bytes data]
#54 5.979 * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
#54 5.979 } [1 bytes data]
#54 5.992 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
#54 5.992 } [512 bytes data]
#54 5.994 * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to get.helm.sh:443 
#54 5.995 
  0     0    0     0    0     0      0      0 --:--:--  0:00:05 --:--:--     0
#54 5.996 * Closing connection
#54 6.078 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to get.helm.sh:443

curl -k downloads from get.helm.sh work, but that's unsafe

8e502e5 is a workaround but tricky to maintain when new helm versions arrive

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions