CA not updating/passing through to container #916
Description
How are you running Renovate:
Self-hosted (GitHub)
Please Tell us more about your question or problem:
Issue: UNABLE_TO_GET_ISSUER_CERT_LOCALLY
I have the following workflow that runs on a self-hosted runner that I'm trying to get renovate to do some automated upgrades to some helm charts hosted in a private ChartMuseum instance. The runner also runs in the same environment as ChartMuseum meaning it can inherently access which I tested within a job and confirmed it does return successfully, I just can't seem to Renovate working when passing in the certificates from the runner. I'm not sure what it is I'm doing wrong here, setting NODE_TLS_REJECT_UNAUTHORIZED to 0 it does work which is great but not something we want to have to set.
jobs:
run_renovate:
runs-on: ds-test
steps:
- uses: actions/checkout@v4
- name: Generate GitHub App Token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.RENOVATE_APP_ID }}
private_key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
- name: Run Renovate
uses: renovatebot/github-action@v41.0.14
env:
RENOVATE_LOG_LEVEL: "debug"
RENOVATE_REPOSITORIES: "my_org/helm_upgrade_test"
RENOVATE_NODE_EXTRA_CA_CERTS: "/usr/local/share/ca-certificates/self-signed-certificate.crt"
with:
token: ${{ steps.generate_token.outputs.token }}
configurationFile: renovate.json
docker-volumes: /etc/ssl/certs/ca-certificates.crt:/usr/local/share/ca-certificates/self-signed-certificate.crt
Error Log:
DEBUG: GET https://chartmuseum.shared.com/application-charts/index.yaml = (code=UNABLE_TO_GET_ISSUER_CERT_LOCALLY, statusCode=-1 retryCount=0, duration=18) (repository=disclosurescotland/helm_upgrade_test)
DEBUG: Datasource connection error (repository=my_org/helm_upgrade_test)
"datasource": "helm",
"packageName": "application-namespace",
"url": undefined,
"errCode": "UNABLE_TO_GET_ISSUER_CERT_LOCALLY"
If anyone could be of assistance that would be great!
Thanks,
Taylor