Skip to content

feat: trusted CA #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
pernydev wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

feat: trusted CA #17

pernydev wants to merge 6 commits into from

Conversation

@pernydev
Copy link
Member

@pernydev pernydev commented Oct 25, 2025
edited
Loading

fixes #15

@pernydev pernydev requested a review from Copilot October 27, 2025 00:04
Copilot AI reviewed Oct 27, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for custom trusted Certificate Authorities (CAs) by introducing a STABLE_CA build argument that allows passing CA certificates to be trusted at runtime.

Key Changes:

  • Added STABLE_CA build argument and environment variable to both Deno and Bun Dockerfiles
  • CA certificate is written to a file and configured for runtime use in each environment

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
tails/javascript-deno.tail.dockerfile Added STABLE_CA support with certificate file creation and --cert flag for Deno
tails/javascript-bun.tail.dockerfile Added STABLE_CA support with certificate file creation and NODE_EXTRA_CA_CERTS for Bun

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

tails/javascript-deno.tail.dockerfile
ARG STABLE_CA
ENV STABLE_CA=${STABLE_CA}

RUN echo "${STABLE_CA}" > /stable.crt
Copy link

Copilot AI Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The certificate file is being written to the root directory without proper validation. If STABLE_CA is empty or malformed, this could create an invalid certificate file that fails silently. Consider adding validation to check if STABLE_CA is set and contains valid certificate data before writing the file, or make the certificate optional by conditionally writing it only when STABLE_CA is provided.

Copilot uses AI. Check for mistakes.
tails/javascript-bun.tail.dockerfile
ARG STABLE_CA
ENV STABLE_CA=${STABLE_CA}

RUN echo "${STABLE_CA}" > /home/bun/stable.crt
Copy link

Copilot AI Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The certificate file is being written without validation. If STABLE_CA is empty or malformed, this could create an invalid certificate file that fails silently. Consider adding validation to check if STABLE_CA is set and contains valid certificate data before writing the file, or make the certificate optional by conditionally writing it only when STABLE_CA is provided.

Suggested change
RUN echo "${STABLE_CA}" > /home/bun/stable.crt
RUN if [ -n "${STABLE_CA}" ]; then echo "${STABLE_CA}" > /home/bun/stable.crt; fi

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: trusted CA

2 participants

@pernydev