Setting GIT_SSL_CAINFO gives error setting certificate verify locations in pipeline
In my pipeline I want to fetch an additional branch. Our GitLab server uses a certificate signed by a private CA, which doesn't seem to be trusted by default. I inform git about the certificate using the GIT_SSL_CAINFO environment variable to get it to trust the server.
The following works. As you can see I set the GIT_SSL_CAINFO variable to the value of the CI_SERVER_TLS_CA_FILE variable, which points to a PEM file.
semgrep-action:
image: returntocorp/semgrep-action:v1
variables:
CIRCLECI: "true"
script:
- export GIT_SSL_CAINFO="$CI_SERVER_TLS_CA_FILE"
- somescriptI would expect the following to be equivalent, but this doesn't work. It interferes with GitLab's own behaviour.
semgrep-action:
image: returntocorp/semgrep-action:v1
variables:
CIRCLECI: "true"
GIT_SSL_CAINFO: "$CI_SERVER_TLS_CA_FILE"
script:
- somescriptThe build fails with the following:
Running with gitlab-runner 13.0.1 (21cb397c)
on SonarQube bo5xxxr
Preparing the "docker" executor
Using Docker executor with image returntocorp/semgrep-action:v1 ...
Using locally found image version due to if-not-present pull policy
Using docker image sha256:6ed3fbc5770f0185584a52a4238c35ad6313f10b44033ba4b7a49cfe4faec2a4 for returntocorp/semgrep-action:v1 ...
Preparing environment
Running on runner-bo5xxxr-project-28-concurrent-0 via dc0dfe68fdae...
Getting source from Git repository
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /builds/myproject/myproject/.git/
fatal: unable to access 'https://git.myserver.nl/myproject/myproject.git/': error setting certificate verify locations:
CAfile: -----BEGIN CERTIFICATE-----?
MIIFyjCCBLKgAwIBAgIQV0f7Au950njSRnqwx7scUjANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCxxxxzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBM
Uploading artifacts for failed job
ERROR: Job failed: exit code 1Edited by Sjoerd Langkemper