arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(ci): run factory tofu workflows on the CA-trusting runner

Browse Source 
After the move to the self-signed internal DNS (gitea.arcodange.lab /
vault.arcodange.lab), the default `ubuntu-latest` runner image does not
trust the homelab CA, so the `uses:` clone of the vault-action over HTTPS
fails TLS verification. webapp's workflows already moved to the
`ubuntu-latest-ca` runner (whose image ships the homelab CA); apply the
same to the factory `iac` and `postgres` tofu workflows.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Gabriel Radureau
2026-06-24 11:22:54 +02:00
parent 3b0919b804
commit e5c537a967
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitea/workflows/iac.yaml
View File

@@ -36,7 +36,7 @@ concurrency:
jobs:
gitea_vault_auth:
name: Auth with gitea for vault
runs-on: ubuntu-latest
runs-on: ubuntu-latest-ca
outputs:
gitea_vault_jwt: ${{steps.gitea_vault_jwt.outputs.id_token}}
steps:
@@ -50,7 +50,7 @@ jobs:
name: Tofu
needs:
- gitea_vault_auth
runs-on: ubuntu-latest
runs-on: ubuntu-latest-ca
env:
OPENTOFU_VERSION: 1.8.2
TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}

4
.gitea/workflows/postgres.yaml
View File

@@ -33,7 +33,7 @@ concurrency:
jobs:
gitea_vault_auth:
name: Auth with gitea for vault
runs-on: ubuntu-latest
runs-on: ubuntu-latest-ca
outputs:
gitea_vault_jwt: ${{steps.gitea_vault_jwt.outputs.id_token}}
steps:
@@ -47,7 +47,7 @@ jobs:
name: Tofu - Postgres
needs:
- gitea_vault_auth
runs-on: ubuntu-latest
runs-on: ubuntu-latest-ca
env:
OPENTOFU_VERSION: 1.8.2
TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}