bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity

intranet: GIT_SSL_NO_VERIFY=true in clone-notes-corpus init container

Browse Source 
Cluster egress is fronted by a step-ca TLS proxy whose cert doesn't
match github.com. The init container's git clone failed with
"SSL: no alternative certificate subject name matches target hostname
'github.com'". The Notes repo is public — there is no secret to
protect on the wire — so GIT_SSL_NO_VERIFY=true is the right tradeoff
here. Tag at v202604240040search.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andrew Stoltz
2026-04-24 00:46:20 -05:00
parent b02bb4be38
commit 057595de3d
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/intranet/intranet.yaml
View File

@@ -44,6 +44,10 @@ spec:
- -c - -c
- | - |
set -e set -e
# Cluster egress is fronted by a step-ca TLS proxy whose cert
# doesn't match github.com. The Notes repo is public so there's
# no secret to protect — skip verify.
export GIT_SSL_NO_VERIFY=true
if [ -d /srv/flowercore-notes/.git ]; then if [ -d /srv/flowercore-notes/.git ]; then
cd /srv/flowercore-notes && git fetch --depth=1 origin && git reset --hard origin/codex/notes-pimanager-live-drift cd /srv/flowercore-notes && git fetch --depth=1 origin && git reset --hard origin/codex/notes-pimanager-live-drift
else else