Certificate validation failing at Build step in self managed Gitlab.

Summary

Failing to build the mirrored Component Catalog project on a self-managed GitLab instance with a custom CA. Pipeline fails with a certificate verification error when the component executes the Build job.

Steps to reproduce

Mirror the Component Catalog project to a self-managed GitLab instance. Configure the project to build using a custom CA by setting the CUSTOM_CA CI/CD file variable. Build the project for the current tag version 3.12.0. Build Job fails with

Error: authenticating creds for "internal-gitlab.example.com:443": pinging container registry internal-gitlab.example.com:443: Get "https://internal-gitlab.example.com:443/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority

What is the expected correct behavior?

The job should authenticate to the registry and be able to build the container.

Relevant logs and/or screenshots

CI/CD Variables of the project using the component:

image

Job Failure

++ export CI_REGISTRY=internal-gitlab.example.com:5050 ++ CI_REGISTRY=internal-gitlab.example.com:5050 ++ mkdir -p /builds/components/opentofu.tmp ++ printf %s $'-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----' ++ export CUSTOM_CA=/builds/components/opentofu.tmp/CUSTOM_CA ++ CUSTOM_CA=/builds/components/opentofu.tmp/CUSTOM_CA ++ export GITLAB_TOFU_TESTING_TOKEN=[MASKED] ++ GITLAB_TOFU_TESTING_TOKEN=[MASKED] ++ export SKIP_TESTS=True ++ SKIP_TESTS=True ++ export CI_PAGES_URL=http://components.example.com/opentofu ++ CI_PAGES_URL=http://components.example.com/opentofu ++ export CI_DISPOSABLE_ENVIRONMENT=true ++ CI_DISPOSABLE_ENVIRONMENT=true ++ export CI_RUNNER_VERSION=18.6.1 ++ CI_RUNNER_VERSION=18.6.1 ++ export CI_RUNNER_REVISION=b5e9c6d0 ++ CI_RUNNER_REVISION=b5e9c6d0 ++ export CI_RUNNER_EXECUTABLE_ARCH=linux/amd64 ++ CI_RUNNER_EXECUTABLE_ARCH=linux/amd64 ++ export RUNNER_TEMP_PROJECT_DIR=/builds/components/opentofu.tmp ++ RUNNER_TEMP_PROJECT_DIR=/builds/components/opentofu.tmp ++ export GITLAB_ENV=/builds/components/opentofu.tmp/gitlab_runner_env ++ GITLAB_ENV=/builds/components/opentofu.tmp/gitlab_runner_env ++ mkdir -p /builds/components/opentofu.tmp ++ touch /builds/components/opentofu.tmp/gitlab_runner_env ++ read -r line $ if [ -f "${CUSTOM_CA}" ]; then # collapsed multi-line command ++ cd /builds/components/opentofu ++ echo $'\E[32;1m$ if [ -f "${CUSTOM_CA}" ]; then # collapsed multi-line command\E[0;m' ++ '[' -f /builds/components/opentofu.tmp/CUSTOM_CA ']' ++ cp /builds/components/opentofu.tmp/CUSTOM_CA /usr/share/pki/ca-trust-source/anchors/custom-ca.pem ++ update-ca-trust ++ echo $'\E[32;1m$ if [ -n "$CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX" ]; then # collapsed multi-line command\E[0;m' ++ '[' -n internal-gitlab.example.com:443/components/dependency_proxy/containers ']' ++ echo 'Detected GitLab Dependency Proxy at '\''internal-gitlab.example.com:443/components/dependency_proxy/containers'\'', configuring it for buildah ...' ++ cat $ if [ -n "$CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX" ]; then # collapsed multi-line command Detected GitLab Dependency Proxy at 'internal-gitlab.example.com:443/components/dependency_proxy/containers', configuring it for buildah ... ++ buildah login -u gitlab-ci-token -p [MASKED] internal-gitlab.example.com:443 Error: authenticating creds for "internal-gitlab.example.com:443": pinging container registry crd-git.dfeh.ca.gov:443: Get "https://internal-gitlab.example.com:443/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority