this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix certs

+65 -3
+65 -3
.tangled/workflows/build.yml
··· 6 6 7 7 engine: "nixery" 8 8 9 + # Skip the automatic clone — the Nixery container needs SSL_CERT_FILE 10 + # and GIT_SSL_CAINFO set for TLS verification, but environment vars 11 + # only take effect during steps, not during the built-in clone phase. 12 + # We clone manually in the first step instead. 9 13 clone: 10 - depth: 0 14 + skip: true 11 15 12 16 dependencies: 13 17 nixpkgs: ··· 38 42 PIPENV_VENV_IN_PROJECT: "1" 39 43 PIPENV_CACHE_DIR: "/tmp/pipenv-cache" 40 44 PIP_CACHE_DIR: "/tmp/pip-cache" 41 - NIX_SSL_CERT_FILE: "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" 42 - SSL_CERT_FILE: "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" 45 + NIX_SSL_CERT_FILE: "/etc/ssl/certs/ca-bundle.crt" 46 + SSL_CERT_FILE: "/etc/ssl/certs/ca-bundle.crt" 47 + GIT_SSL_CAINFO: "/etc/ssl/certs/ca-bundle.crt" 43 48 44 49 steps: 50 + - name: "Clone repository" 51 + command: | 52 + echo "=== Cloning repository ===" 53 + 54 + # Debug: find where cacert placed the CA bundle 55 + CERT_CANDIDATES=( 56 + "/etc/ssl/certs/ca-bundle.crt" 57 + "/etc/ssl/certs/ca-certificates.crt" 58 + ) 59 + FOUND_CERT="" 60 + for c in "${CERT_CANDIDATES[@]}"; do 61 + if [ -f "$c" ]; then 62 + FOUND_CERT="$c" 63 + break 64 + fi 65 + done 66 + 67 + # Also search the nix store as a fallback 68 + if [ -z "$FOUND_CERT" ]; then 69 + FOUND_CERT=$(find /nix/store -maxdepth 3 -name 'ca-bundle.crt' -path '*/etc/ssl/*' 2>/dev/null | head -1) 70 + fi 71 + 72 + if [ -n "$FOUND_CERT" ]; then 73 + echo "Found CA bundle at: ${FOUND_CERT}" 74 + export SSL_CERT_FILE="$FOUND_CERT" 75 + export GIT_SSL_CAINFO="$FOUND_CERT" 76 + export NIX_SSL_CERT_FILE="$FOUND_CERT" 77 + else 78 + echo "WARNING: No CA bundle found, TLS verification may fail" 79 + ls -la /etc/ssl/certs/ 2>/dev/null || echo "/etc/ssl/certs/ does not exist" 80 + fi 81 + 82 + KNOT="${TANGLED_REPO_KNOT:-}" 83 + DID="${TANGLED_REPO_DID:-}" 84 + REPO="${TANGLED_REPO_NAME:-}" 85 + SHA="${TANGLED_SHA:-}" 86 + 87 + if [ -z "$KNOT" ] || [ -z "$DID" ] || [ -z "$REPO" ]; then 88 + echo "ERROR: Missing repo coordinates (KNOT=$KNOT, DID=$DID, REPO=$REPO)" 89 + exit 1 90 + fi 91 + 92 + CLONE_URL="https://${KNOT}/${DID}/${REPO}" 93 + echo "Clone URL: ${CLONE_URL}" 94 + echo "Target SHA: ${SHA:-HEAD}" 95 + 96 + # Shallow fetch of the exact commit — lightweight and sufficient 97 + git init 98 + git remote add origin "${CLONE_URL}" 99 + git fetch --depth=1 origin "${SHA}" 100 + git checkout FETCH_HEAD 101 + 102 + echo "" 103 + echo "=== Clone complete ===" 104 + git log --oneline -1 105 + echo "" 106 + 45 107 - name: "Print build info" 46 108 command: | 47 109 echo "=== CARE Build Pipeline ==="