Add support for self-signed CA certificates (#2268)

Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> Co-authored-by: Tingluo Huang <tingluohuang@github.com>
2025-12-17 07:31:25 +00:00 · 2023-03-09 17:23:32 +00:00
parent 068f987238
commit c569304271
36 changed files with 1860 additions and 93 deletions
--- a/github/actions/multi_client.go
+++ b/github/actions/multi_client.go
@@ -2,7 +2,6 @@ package actions

 import (
 	"context"
-	"crypto/x509"
 	"fmt"
 	"strconv"
 	"sync"
@@ -84,7 +83,7 @@ func (m *multiClient) GetClientFor(ctx context.Context, githubConfigURL string,
 	}

 	cachedClient, has := m.clients[key]
-	if has {
+	if has && cachedClient.rootCAs.Equal(client.rootCAs) {
 		m.logger.Info("using cache client", "githubConfigURL", githubConfigURL, "namespace", namespace)
 		return cachedClient, nil
 	}
@@ -141,19 +140,3 @@ func (m *multiClient) GetClientFromSecret(ctx context.Context, githubConfigURL,
 	auth.AppCreds = &GitHubAppAuth{AppID: parsedAppID, AppInstallationID: parsedAppInstallationID, AppPrivateKey: appPrivateKey}
 	return m.GetClientFor(ctx, githubConfigURL, auth, namespace, options...)
 }
-
-func RootCAsFromConfigMap(configMapData map[string][]byte) (*x509.CertPool, error) {
-	caCertPool, err := x509.SystemCertPool()
-	if err != nil {
-		caCertPool = x509.NewCertPool()
-	}
-
-	for key, certData := range configMapData {
-		ok := caCertPool.AppendCertsFromPEM(certData)
-		if !ok {
-			return nil, fmt.Errorf("no certificates successfully parsed from key %s", key)
-		}
-	}
-
-	return caCertPool, nil
-}