github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-08 06:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Install proxy cert on GitHub-hosted Ubuntu runners

Browse Source
This commit is contained in:
Michael B. Gale
2026-01-27 14:01:29 +00:00
parent 766eeaa42e
commit 3b4b23a7ad
3 changed files with 388 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/start-proxy-action.js
Generated
+335 -251
View File
File diff suppressed because it is too large Load Diff
src/start-proxy-action.ts
+3
View File
@@ -14,6 +14,7 @@ import {
Credential,
getCredentials,
getDownloadUrl,
installProxyCertificate,
parseLanguage,
UPDATEJOB_PROXY,
} from "./start-proxy";
@@ -285,6 +286,8 @@ async function startProxy(
url: credential.url,
}));
core.setOutput("proxy_urls", JSON.stringify(registry_urls));
await installProxyCertificate(logger, config.ca.cert);
}
async function getProxyBinaryPath(logger: Logger): Promise<string> {
src/start-proxy.ts
+50
View File
@@ -1,5 +1,9 @@
import * as fs from "fs";
import * as path from "path";
import * as core from "@actions/core";
import { isSelfHostedRunner, runTool } from "./actions-util";
import { getApiClient } from "./api-client";
import * as defaults from "./defaults.json";
import { KnownLanguage } from "./languages";
@@ -256,3 +260,49 @@ export async function getDownloadUrl(
version: UPDATEJOB_PROXY_VERSION,
};
}
// The standard path for certificates on Ubuntu.
const certPath = "/usr/local/share/ca-certificates/";
/**
* If we are running on a GitHub-hosted Ubuntu runner, this function attempts to
* install the `cert` into the system-wide certificate store.
*
* This function does nothing on other platforms.
*
* @param logger The logger to use.
* @param cert The certificate to install.
*/
export async function installProxyCertificate(logger: Logger, cert: string) {
// On GitHub-hosted linux runners, install the certificate system-wide.
if (process.platform === "linux" && !isSelfHostedRunner()) {
try {
// Don't continue if the certificate path doesn't already exist in the expected location.
if (!fs.existsSync(certPath)) {
logger.debug(
"Certificate path does not exist in the expected location.",
);
return;
}
// Create a sub-directory for our certificates.
const certSubPath = path.join(certPath, "codeql-action");
fs.mkdirSync(certSubPath);
// Write the certificate
const certFilePath = path.join(certSubPath, "proxy.crt");
fs.writeFileSync(certFilePath, cert);
// Update the certificates.
await runTool("sudo", ["update-ca-certificates"]);
logger.info(
`Successfully installed proxy certificate to ${certFilePath}`,
);
} catch (e) {
logger.info(
`Unable to install proxy certificate system-wide: ${getErrorMessage(e)}`,
);
}
}
}