Add support for custom CA certs using ADDITIONAL_CA_CERT_BUNDLE
Problem to Solve
It is very common to use custom SSL certificates. Self-managed users can use the release_cli image only if they have public certificate, but they can't use the image with their own certificate.
Additional info:
SAST, DAST and other scanners support ADDITIONAL_CA_CERT_BUNDLE as an environment variable where users can provide their own Certificate Authority, most commonly used with self-signed SSL certificates. This certificate is used in HTTPS connections that allow a client to verify that the server they are talking to is legitimate. In case of the release-cliit will read the ADDITIONAL_CA_CERT_BUNDLE as environment variable as well, and will allow self-managed customers use the release yaml node (or the standalone release-cli ) in their private networks that use custom SSL certificates, not signed by public CA.
Summary
Using custom CA's is challenging - the current best option is to use a before_script as described in this workaround
It would be useful if GitLab Release supported the ADDITIONAL_CA_CERT_BUNDLE variable as defined for:
Possible fixes
The Merge Request for those three may provide a useful model.
/cc @jaime @ogolowinski