Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE] Support self-signed certificates in builds #258

Open
1 task done
diksha1999 opened this issue Nov 21, 2024 · 3 comments
Open
1 task done

[FEATURE] Support self-signed certificates in builds #258

diksha1999 opened this issue Nov 21, 2024 · 3 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. ship-required
Milestone

Comments

@diksha1999
Copy link

diksha1999 commented Nov 21, 2024

Is there an existing feature request for this?

  • I have searched the existing feature requests

Is your feature request related to a problem or use-case? Please describe.

Shipwright builds are failing due to the issues while executing the first "source-default" step of ShipWright when a self-signed custom CA bundle is being used for a Git server.
Scenarios:

  1. Cloning source code from a private git server
  2. Pulling container images from a private container registry
  3. Pulling dependencies from a private repository (ex: Artifactory).

Describe the solution that you would like.

Support for self-signed enterprise certificates in shipwright builds.

In enterprise environments, TLS certificates are often issued by a "corporate" certificate authority that is not globally trusted by RHEL. Actions that use HTTPS as transport (ex: cloning git source, pulling container images, downloading dependencies) need to be able to find and utilize the correct certificate authority.

Describe alternatives you have considered.

No response

Anything else?

Related Openshift Builds epic link:
https://issues.redhat.com/browse/BUILD-1152

@diksha1999 diksha1999 added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 21, 2024
@diksha1999
Copy link
Author

Related Openshift Builds epic link:
https://issues.redhat.com/browse/BUILD-1152

@SaschaSchwarze0
Copy link
Member

Sounds like an optional secret reference in the Git Source where there referenced secret contains a ca.crt. Is that what you are looking for @diksha1999 ?

@adambkaplan
Copy link
Member

adambkaplan commented Jan 9, 2025

From refinement: we need a SHIP to work through the details and propose new API changes.

My personal preference is that whatever path we take, it complements workflows that utilize cert-manager, and it's newer trust-manager component in particular.

@adambkaplan adambkaplan transferred this issue from shipwright-io/build Jan 9, 2025
@adambkaplan adambkaplan added this to the Backlog milestone Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature. ship-required
Projects
Status: No status
Development

No branches or pull requests

3 participants