Install Certificate

A Forgejo Action that installs a CA certificate into the system trust store. Supports Alpine and Debian based runner images.

Usage

jobs:
  example:
    runs-on: docker
    steps:
      - uses: actions/install-cert@v1
        with:
          certificate: |
            -----BEGIN CERTIFICATE-----
            MIID...
            -----END CERTIFICATE-----

Using the CA_CERTIFICATE environment variable instead:

jobs:
  example:
    runs-on: docker
    env:
      CA_CERTIFICATE: |
        -----BEGIN CERTIFICATE-----
        MIID...
        -----END CERTIFICATE-----
    steps:
      - uses: actions/install-cert@v1

Inputs

Name	Required	Description
certificate	no	PEM-encoded certificate. Falls back to CA_CERTIFICATE env var.

Prerequisites

• node must be available (included in all default Docker runner images).

• On Debian-based images the ca-certificates package provides update-ca-certificates. On Alpine images ca-certificates-bundle (providing /etc/ssl/certs/ca-certificates.crt) is sufficient; the full ca-certificates package is optional.

Notes

• The certificate is written to /usr/local/share/ca-certificates/proxy.crt and then activated. On Debian this runs update-ca-certificates. On images without update-ca-certificates the action creates the OpenSSL hash symlink in /etc/ssl/certs/ and appends to the CA bundle, matching the same canonical encoding used by OpenSSL itself.

• The action fails with a clear error when no certificate is provided via either the input or the environment variable.

• A basic PEM validity check is performed (presence of the -----BEGIN CERTIFICATE----- marker).