From 7e3738551bc2c9f658bc43898b58a57296e487af Mon Sep 17 00:00:00 2001 From: littlecodedragon <253116839+littlecodedragon@users.noreply.github.com> Date: Fri, 8 May 2026 08:34:29 +0200 Subject: [PATCH] CI: allow insecure curl for self-signed Forgejo API --- .forgejo/workflows/build_release.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.forgejo/workflows/build_release.yml b/.forgejo/workflows/build_release.yml index 847a3fd13..f2fb9a33a 100755 --- a/.forgejo/workflows/build_release.yml +++ b/.forgejo/workflows/build_release.yml @@ -270,6 +270,7 @@ jobs: COMMIT_LOGS: ${{ steps.prepare.outputs.COMMIT_LOGS }} REPO_URL: ${{ github.server_url }}/${{ github.repository }} REPOSITORY_NAME: ${{ github.repository }} + FORGEJO_CURL_INSECURE: "true" run: | set -euo pipefail @@ -342,6 +343,10 @@ jobs: } ensure_jq || { echo "jq not found; install jq on the runner (dnf install -y jq)."; exit 1; } ensure_curl || { echo "curl not found; install curl on the runner (dnf install -y curl)."; exit 1; } + curl_tls_args=() + if [ "${FORGEJO_CURL_INSECURE:-false}" = "true" ]; then + curl_tls_args+=(--insecure) + fi api_base="${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases" payload_file="$(mktemp)" @@ -384,13 +389,13 @@ jobs: --arg body "${release_body}" \ '{tag_name: $tag, name: $title, body: $body, draft: true, prerelease: false}' > "${payload_file}" - status="$(curl -sS -o "$response_file" -w '%{http_code}' \ + status="$(curl "${curl_tls_args[@]}" -sS -o "$response_file" -w '%{http_code}' \ -H "Authorization: token ${FORGEJO_TOKEN}" \ "${api_base}/tags/${VERSION_TAG}")" if [ "$status" = "200" ]; then release_id="$("${JQ_BIN}" -r '.id' < "$response_file")" - curl -fsS \ + curl "${curl_tls_args[@]}" -fsS \ -X PATCH \ -H "Authorization: token ${FORGEJO_TOKEN}" \ -H 'Content-Type: application/json' \ @@ -398,7 +403,7 @@ jobs: "${api_base}/${release_id}" \ > "$response_file" elif [ "$status" = "404" ]; then - curl -fsS \ + curl "${curl_tls_args[@]}" -fsS \ -X POST \ -H "Authorization: token ${FORGEJO_TOKEN}" \ -H 'Content-Type: application/json' \ @@ -418,6 +423,7 @@ jobs: env: FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }} RELEASE_ID: ${{ steps.release.outputs.RELEASE_ID }} + FORGEJO_CURL_INSECURE: "true" run: | set -euo pipefail @@ -490,11 +496,15 @@ jobs: } ensure_jq || { echo "jq not found; install jq on the runner (dnf install -y jq)."; exit 1; } ensure_curl || { echo "curl not found; install curl on the runner (dnf install -y curl)."; exit 1; } + curl_tls_args=() + if [ "${FORGEJO_CURL_INSECURE:-false}" = "true" ]; then + curl_tls_args+=(--insecure) + fi release_api="${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}" assets_file="$(mktemp)" - curl -fsS \ + curl "${curl_tls_args[@]}" -fsS \ -H "Authorization: token ${FORGEJO_TOKEN}" \ "${release_api}/assets" \ > "$assets_file" @@ -513,7 +523,7 @@ jobs: asset_id="$("${JQ_BIN}" -r --arg n "${asset_name}" '(.[] | select(.name == $n) | .id) // empty' "$assets_file")" if [ -n "$asset_id" ] && [ "$asset_id" != "null" ]; then - curl -fsS \ + curl "${curl_tls_args[@]}" -fsS \ -X DELETE \ -H "Authorization: token ${FORGEJO_TOKEN}" \ "${release_api}/assets/${asset_id}" \ @@ -522,7 +532,7 @@ jobs: encoded_name="$("${JQ_BIN}" -nr --arg s "${asset_name}" '$s | @uri')" - curl -fsS \ + curl "${curl_tls_args[@]}" -fsS \ -X POST \ -H "Authorization: token ${FORGEJO_TOKEN}" \ -H 'Content-Type: application/octet-stream' \