Add update certificates to ./run.sh if RUNNER_UPDATE_CA_CERTS env is set (#2471)

* Included entrypoint that will update certs and run ./run.sh

* update ca if RUNNER_UPDATE_CA env is set

* changed env variable to RUNNER_UPDATE_TRUST_STORE

* moved entrypoint to be run.sh, removed Dockerfile entrypoint, added envvar that will update certs

* Update src/Misc/layoutroot/run.sh

Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>

* Update src/Misc/layoutroot/run.sh

Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>

* Update src/Misc/layoutroot/run.sh

Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>

* Update src/Misc/layoutroot/run.sh

Co-authored-by: Tingluo Huang <tingluohuang@github.com>

* Update src/Misc/layoutroot/run.sh

Co-authored-by: Tingluo Huang <tingluohuang@github.com>

* removed doc comment on func

---------

Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>

src/Misc/layoutroot/run.sh

@@ -53,6 +53,33 @@ runWithManualTrap() {
     done
 }
 
+function updateCerts() {
+    local sudo_prefix=""
+    local user_id=`id -u`
+
+    if [ $user_id -ne 0 ]; then
+        if [[ ! -x "$(command -v sudo)" ]]; then
+            echo "Warning: failed to update certificate store: sudo is required but not found"
+            return 1
+        else
+            sudo_prefix="sudo"
+        fi
+    fi
+
+    if [[ -x "$(command -v update-ca-certificates)" ]]; then
+        eval $sudo_prefix "update-ca-certificates"
+    elif [[ -x "$(command -v update-ca-trust)" ]]; then
+        eval $sudo_prefix "update-ca-trust"
+    else
+        echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image."
+        return 1
+    fi
+}
+
+if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then
+    updateCerts
+fi
+
 if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then
     run $*
 else