You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Probably a bit of a niche usecase, but unlike type=registry, it doesn't appear to be possible to pass additional root CAs when using a cache-from/cache-to of type=gha — for example when running the buildkit action against an on-prem GitHub Enterprise Server that has a certificate issued by an internal root CA
Using the registry config in buildkitd.toml does correctly copy the certs into the builder to /etc/buildkit/certs/example.com/ca-certificates.crt, but these aren't used on the gha remotecache codepaths. Ideally they would also apply if the hostname matches or else it would useful if the copied certs were added to the main /etc/ssl/certs via update-ca-certificates in the container so they applied generally to any Go-based tls performed by buildkit
The text was updated successfully, but these errors were encountered:
Probably a bit of a niche usecase, but unlike
type=registry
, it doesn't appear to be possible to pass additional root CAs when using a cache-from/cache-to oftype=gha
— for example when running the buildkit action against an on-prem GitHub Enterprise Server that has a certificate issued by an internal root CAUsing the registry config in buildkitd.toml does correctly copy the certs into the builder to /etc/buildkit/certs/example.com/ca-certificates.crt, but these aren't used on the gha remotecache codepaths. Ideally they would also apply if the hostname matches or else it would useful if the copied certs were added to the main /etc/ssl/certs via update-ca-certificates in the container so they applied generally to any Go-based tls performed by buildkit
The text was updated successfully, but these errors were encountered: