[0.8] git self-signed problem

Hello.
Just updated to drone:0.8 and now have problem with SSL verification from Gitlab
To protect me I will say that it works fine with previous version. So I think that this long thread is not about my problem.

fatal: unable to access 'https://git.<-->/<-->/demo.git/': SSL certificate problem: self signed certificate
0s
6
exit status 128

All nodes trusted to this certificate and can clone repository without problem. Here is docker-compose.yaml

services:
  drone-agent:
    image: drone/agent:0.8
    command: agent
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/ubuntu/drone/cert/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
    environment:
      - DRONE_SERVER=<--->:9000
      - DRONE_SECRET=<--->
      - DRONE_MAX_PROCS=4
      - DOCKER_MAX_PROCS=4

Will be happy to hear any ideas but can check them only 2 days later.

Just confirmed it by restoring old instances. Even version of docker-compose and docker same

This error comes from git and is therefore not a drone issue. This indicates you are using a self-signed certificate and it is not available to the container cloning your code.

Please note that the agent container does not clone your repository. This is a common misconception. Therefore mounting certificates into the agent container, as shown in your docker-compose file, will have no impact on cloning.

Instead you need to instruct drone to mount the certificates into your pipeline containers. This is configured globally. Please reference the following example:

services:
  drone-agent:
    image: drone/agent:0.8
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
-     - /home/ubuntu/drone/cert/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt

  drone-server:
    image: drone/agent:0.8
+   environment:
+     - DRONE_VOLUME=/home/ubuntu/drone/cert/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt

If you continue to experience issues you could set the skip verify flag in your pipeline. This is perhaps less desirable, but would eliminate the error.

clone:
  default:
    image: plugins/git
+   skip_verify: true

pipeline:
  build:
    image: golang
    commands:
      - go build
      - go test

If this doesn’t work I recommend digging into the plugin code, and running the git clone plugin directly to troubleshoot. Please see the git plugin repository and readme for more information:

• GitHub - drone-plugins/drone-git: Drone plugin for cloning Git repositories
• GitHub - drone-plugins/drone-git: Drone plugin for cloning Git repositories

Thank you for your fast reply!

My docker-compose for server have this declaration.
But, yes, I thought that if it have problem it from agents side. Thank you for clarification.

I know about this option, but it requires to update a lot of drone.yml files, so it’s not a option for me now.
Will try to investigate it when will return to work computer.

@bradrydzewski Hi. I found that it was caused by base image Alpine:3.6. I’m not very good in Linux and can’t find workaround. But it seems that this problem periodically appears in different releases of Alpine.

Is it possible to revert base image to Alpine:3.5 or somehow specify Plugin Versions for Drone Server (plugins/git:1.1 is fine but plugins/git:1.3 is failed)?

I know that it possible to do in drone.yml but I’m asking about global way

And just curious where is plugins/git:1.2

@bradrydzewski
Sorry for pinging, but should I create issues about global config for git plugin? For drone server?
It maybe useful to keep drone files simple and will allow quickly switch all pipelines to use another git image