Added extraCACerts config to help with self signed/private ca cert chain

gautamsi · gautamsi · commit 9611fa850cab · 2024-07-13T02:00:47.000-05:00
diff --git a/packages/cli-v3/src/Containerfile.prod b/packages/cli-v3/src/Containerfile.prod
@@ -43,12 +43,14 @@ ARG TRIGGER_DEPLOYMENT_ID
 ARG TRIGGER_DEPLOYMENT_VERSION
 ARG TRIGGER_CONTENT_HASH
 ARG TRIGGER_PROJECT_REF
+ARG NODE_EXTRA_CA_CERTS
 
 ENV TRIGGER_PROJECT_ID=${TRIGGER_PROJECT_ID} \
     TRIGGER_DEPLOYMENT_ID=${TRIGGER_DEPLOYMENT_ID} \
     TRIGGER_DEPLOYMENT_VERSION=${TRIGGER_DEPLOYMENT_VERSION} \
     TRIGGER_CONTENT_HASH=${TRIGGER_CONTENT_HASH} \
     TRIGGER_PROJECT_REF=${TRIGGER_PROJECT_REF} \
+    NODE_EXTRA_CA_CERTS=${NODE_EXTRA_CA_CERTS} \
     NODE_ENV=production
 
 USER node
diff --git a/packages/cli-v3/src/commands/deploy.ts b/packages/cli-v3/src/commands/deploy.ts
@@ -304,6 +304,7 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
         pushImage: options.push,
         selfHostedRegistry: !!options.registry,
         noCache: options.noCache,
+        extraCACerts: resolvedConfig.config.extraCACerts?.replace(/^\./,"/app") ?? "",
       });
     }
 
@@ -330,6 +331,7 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
         loadImage: options.loadImage,
         buildPlatform: options.buildPlatform,
         noCache: options.noCache,
+        extraCACerts: resolvedConfig.config.extraCACerts?.replace(/^\./,"/app") ?? "",
       },
       deploymentSpinner
     );
@@ -779,6 +781,7 @@ type BuildAndPushImageOptions = {
   loadImage: boolean;
   buildPlatform: string;
   noCache: boolean;
+  extraCACerts: string;
 };
 
 type BuildAndPushImageResults =
@@ -837,6 +840,8 @@ async function buildAndPushImage(
       `TRIGGER_CONTENT_HASH=${options.contentHash}`,
       "--build-arg",
       `TRIGGER_PROJECT_REF=${options.projectRef}`,
+      "--build-arg",
+      `NODE_EXTRA_CA_CERTS=${options.extraCACerts}`,
       "-t",
       `${options.registryHost}/${options.imageTag}`,
       ".",
@@ -961,6 +966,8 @@ async function buildAndPushSelfHostedImage(
       `TRIGGER_CONTENT_HASH=${options.contentHash}`,
       "--build-arg",
       `TRIGGER_PROJECT_REF=${options.projectRef}`,
+      "--build-arg",
+      `NODE_EXTRA_CA_CERTS=${options.extraCACerts}`,
       "-t",
       imageRef,
       ".", // The build context
@@ -1821,6 +1828,10 @@ export async function copyAdditionalFiles(
   tempDir: string
 ): Promise<AdditionalFilesReturn> {
   const additionalFiles = config.additionalFiles ?? [];
+  const extraCACerts = config.extraCACerts ?? '';
+  if (extraCACerts) {
+    additionalFiles.push(extraCACerts);
+  }
   const noMatches: string[] = [];
 
   if (additionalFiles.length === 0) {
diff --git a/packages/cli-v3/src/workers/prod/entry-point.ts b/packages/cli-v3/src/workers/prod/entry-point.ts
@@ -1485,6 +1485,7 @@ function gatherProcessEnv() {
     TERM: process.env.TERM,
     NODE_PATH: process.env.NODE_PATH,
     HOME: process.env.HOME,
+    NODE_EXTRA_CA_CERTS: process.env.NODE_EXTRA_CA_CERTS,
   };
 
   // Filter out undefined values
diff --git a/packages/core/src/v3/schemas/schemas.ts b/packages/core/src/v3/schemas/schemas.ts
@@ -206,6 +206,7 @@ export const Config = z.object({
   logLevel: z.string().optional(),
   enableConsoleLogging: z.boolean().optional(),
   postInstall: z.string().optional(),
+  extraCACerts: z.string().optional(),
 });
 
 export type Config = z.infer<typeof Config>;
diff --git a/packages/core/src/v3/types/config.ts b/packages/core/src/v3/types/config.ts
@@ -82,4 +82,13 @@ export interface ProjectConfig {
    * @example "prisma generate"
    */
   postInstall?: string;
+
+  /**
+   * CA Cert file to be added to NODE_EXTRA_CA_CERT environment variable in, useful in use with self signed cert in the trigger.dev environment.
+   *
+   * @example "./certs/ca.crt"
+   * Note: must start with "./" and be relative to the project root.
+   *   
+   */
+  extraCACerts?: string;
 }
