Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Use base image that includes CA certs #35

Merged
merged 1 commit into from
Aug 14, 2023
Merged

fix: Use base image that includes CA certs #35

merged 1 commit into from
Aug 14, 2023

Conversation

jpmcb
Copy link
Member

@jpmcb jpmcb commented Aug 14, 2023

Description

Ran into issues where the pizza image could not make requests to GitHub due to TLS errors:

{"level":"info","ts":1692036899.686633,"caller":"app/main.go:38","msg":"initiated zap logger with level: 0"}
{"level":"warn","ts":1692036899.6869462,"caller":"app/main.go:43","msg":"Failed to load the dot env file. Continuing with existing environment: open .env: no such file or directory"}
{"level":"info","ts":1692036900.023071,"caller":"app/main.go:65","msg":"Initiating cache git provider"}
{"level":"info","ts":1692036900.0319865,"caller":"server/server.go:44","msg":"Starting server on port 8080"}
{"level":"error","ts":1692036923.6407166,"caller":"server/server.go:82","msg":"Could not process repository input: &{0x400000ce70 <nil> <nil> false true {0 0} true true false 0x2970b0} with error: could not put to the git repo LRU cache: could not clone into cache directory: Get \"https://github.com/jpmcb/gopherlogs/info/refs?service=git-upload-pack\": tls: failed to verify certificate: x509: certificate signed by unknown authority","stacktrace":"github.com/open-sauced/pizza/oven/pkg/server.PizzaOvenServer.handleRequest.func1\n\t/app/pkg/server/server.go:82"}
2023/08/14 18:15:23 http: superfluous response.WriteHeader call from github.com/open-sauced/pizza/oven/pkg/server.PizzaOvenServer.handleRequest.func1 (server.go:83)

Notice the errors on not being able to verity the server's cerrs due to "unknown authority"

TLDR: we need a base image that has well known CAs. We can't just use a scratch image and I don't want to be in the business of managing and loading our own CAs for the pizza oven service.

What type of PR is this? (check all applicable)

  • 🍕 Feature
  • 🐛 Bug Fix
  • 📝 Documentation Update
  • 🎨 Style
  • 🧑‍💻 Code Refactor
  • 🔥 Performance Improvements
  • ✅ Test
  • 🤖 Build
  • 🔁 CI
  • 📦 Chore (Release)
  • ⏩ Revert

Related Tickets & Documents

N/a - related to production usage.

Mobile & Desktop Screenshots/Recordings

N/a

Added tests?

  • 👍 yes
  • 🙅 no, because they aren't needed
  • 🙋 no, because I need help

Added to documentation?

  • 📜 README.md
  • 📓 docs.opensauced.pizza
  • 🍕 dev.to/opensauced
  • 📕 storybook
  • 🙅 no documentation needed

[optional] Are there any post-deployment tasks we need to perform?

Will need to do another release and get this in prod / dev environments to validate fully but after building locally, this now works so I have high confidence this is the fix.

[optional] What gif best describes this PR or how it makes you feel?

@jpmcb jpmcb merged commit cfb2e7a into open-sauced:main Aug 14, 2023
@jpmcb jpmcb deleted the image-with-ca-certs branch August 14, 2023 18:31
@jpmcb jpmcb mentioned this pull request Aug 14, 2023
Merged
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandonroberts brandonroberts brandonroberts approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jpmcb @brandonroberts