fix(dockerfile): install ca certs

[nyannyacha]

What kind of change does this PR introduce?

Bug fix

Description

Fixes #663

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Summary by CodeRabbit

Release Notes

• Chores
  • Improved TLS/CA certificate handling in the deployment images so certificates are installed and refreshed during both build and runtime stages, ensuring secure network communications across environments.

Walkthrough

This change updates the Dockerfile to install the ca-certificates package in both the build stage and the final edge-runtime image, and runs update-ca-certificates. The modifications ensure the system CA store is present and updated at build and runtime, addressing TLS certificate availability for processes running inside the container.

Sequence Diagram(s)

Assessment against linked issues

Objective	Addressed	Explanation
Add ca-certificates package and invoke update-ca-certificates in Dockerfile [#663]	✅

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

58-63: ⚠️ Potential issue | 🟠 Major

Install CA certificates in the CUDA runtime image too.

edge-runtime-cuda is built from nvidia/cuda, so the CA store added in edge-runtime-base isn’t present. TLS in the CUDA image can still fail with “no CA certificates found.” Install/update certs (or copy /etc/ssl/certs from the base stage).

💡 Suggested fix

 FROM nvidia/cuda:11.8.0-cudnn8-runtime-ubuntu22.04 as edge-runtime-cuda
+
+RUN apt-get update && apt-get install -y ca-certificates \
+    && update-ca-certificates \
+    && rm -rf /var/lib/apt/lists/*

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 58 - 63, The CUDA runtime stage edge-runtime-cuda is
missing system CA certs (the edge-runtime-base stage added them), causing TLS
failures; fix by ensuring certs are present in the edge-runtime-cuda
stage—either run the distro's cert update/install command (e.g., install
ca-certificates and update-ca-certificates) inside the edge-runtime-cuda stage
or copy the certificate store from edge-runtime-base (e.g., COPY
--from=edge-runtime-base /etc/ssl/certs /etc/ssl/certs and related files);
update the Dockerfile near the edge-runtime-cuda stage (the lines referencing
FROM nvidia/cuda:11.8.0-cudnn8-runtime-ubuntu22.04 and COPY
--from=edge-runtime-base ...) to include one of these steps so TLS can find CA
certificates at runtime.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@Dockerfile`:
- Around line 58-63: The CUDA runtime stage edge-runtime-cuda is missing system
CA certs (the edge-runtime-base stage added them), causing TLS failures; fix by
ensuring certs are present in the edge-runtime-cuda stage—either run the
distro's cert update/install command (e.g., install ca-certificates and
update-ca-certificates) inside the edge-runtime-cuda stage or copy the
certificate store from edge-runtime-base (e.g., COPY --from=edge-runtime-base
/etc/ssl/certs /etc/ssl/certs and related files); update the Dockerfile near the
edge-runtime-cuda stage (the lines referencing FROM
nvidia/cuda:11.8.0-cudnn8-runtime-ubuntu22.04 and COPY --from=edge-runtime-base
...) to include one of these steps so TLS can find CA certificates at runtime.