mirror of
https://github.com/drone-plugins/drone-docker.git
synced 2026-07-16 16:21:18 +08:00
d10b5ea8b8
The plugin now reads a HARNESS_CA_PATH environment variable pointing to a PEM CA file and installs it into the host system trust store before starting the Docker daemon. This solves x509 errors when builds run behind TLS-intercepting egress proxies that re-sign upstream TLS with their own CA. - Linux: installs into distro anchor directory (/usr/local/share/ca-certificates or /etc/pki/ca-trust/source/anchors) and refreshes system bundle via update-ca-certificates/update-ca-trust, with direct bundle append fallback - Windows: imports via certutil -addstore Root - macOS: logged no-op (not currently supported) - Best-effort, idempotent, documented in README.md with usage examples - New platform-specific source files: ca_linux.go, ca_windows.go, ca_other.go - Comprehensive tests added: ca_test.go, ca_linux_test.go Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> AI-Session-Id: fe2aa5fe-1bf5-4257-ab76-2c862c5637fe AI-Tool: claude-code AI-Model: unknown
13 lines
399 B
Go
13 lines
399 B
Go
//go:build !linux && !windows
|
|
// +build !linux,!windows
|
|
|
|
package docker
|
|
|
|
import "fmt"
|
|
|
|
// installHarnessCA is a no-op on platforms where egress control is not yet
|
|
// supported (e.g. macOS). HARNESS_CA_PATH is honored on Linux and Windows.
|
|
func installHarnessCA(caPEM []byte) {
|
|
fmt.Println("HARNESS_CA_PATH is set but egress-proxy CA trust injection is not supported on this platform; skipping.")
|
|
}
|