Custom signed CA certificates on GitHub Enterprise Server instance

[acottre]

Hi

We're running GitHub Enterprise Server 3.7, and trying to enable dependabot updates as github actions on self-hosted runners.

Currently these are failing because we have a custom CA that our github instance TLS is signed behind, and github updater is unable to communicate with.

I cannot see any method for configuring the custom CAs to be deployed with the dependabot github action, to allow communication. If I have missed it, could you please point me at it? I can see webproxy environment settings are passed through to the docker image.

Example log:

INFO <job_18> Connectivity check starting
  proxy | 2022/11/17 16:45:31 [002] GET [https://<ourinstance>:443/api/v3/repos/<org>/<repo>](https://<ourinstance>/api/v3/repos/<org>/<repo>)
2022/11/17 16:45:31 [002] * authenticating git server request (host: <ourinstance>)
  proxy | 2022/11/17 16:45:31 [002] WARN: Cannot read TLS response from mitm'd server x509: certificate signed by unknown authority
updater | ERROR <job_18> Connectivity check failed: end of file reached

Thanks,

[acottre]

So it turns out you just need configuration in the github runner, not to pass through to dependabot:
in .env

NODE_EXTRA_CA_CERTS=
CUSTOM_CA_PATH=

[jeffwidman]

Thanks for circling back on this!