v3: add extraCACerts config (#1214)

* Added extraCACerts config to help with self signed/private ca cert chain

* changeset

* Update changeset

* resolved pr comments

---------

Co-authored-by: nicktrn <[email protected]>

Author: gautamsi

.changeset/nervous-baboons-sin.md

@@ -0,0 +1,6 @@
+---
+"trigger.dev": patch
+"@trigger.dev/core": patch
+---
+
+Added config option extraCACerts to ProjectConfig type. This copies the ca file along with additionalFiles and sets NODE_EXTRA_CA_CERTS environment variable in built image as well as running the task.

packages/cli-v3/src/Containerfile.prod

@@ -43,12 +43,14 @@ ARG TRIGGER_DEPLOYMENT_ID
 ARG TRIGGER_DEPLOYMENT_VERSION
 ARG TRIGGER_CONTENT_HASH
 ARG TRIGGER_PROJECT_REF
+ARG NODE_EXTRA_CA_CERTS
 
 ENV TRIGGER_PROJECT_ID=${TRIGGER_PROJECT_ID} \
     TRIGGER_DEPLOYMENT_ID=${TRIGGER_DEPLOYMENT_ID} \
     TRIGGER_DEPLOYMENT_VERSION=${TRIGGER_DEPLOYMENT_VERSION} \
     TRIGGER_CONTENT_HASH=${TRIGGER_CONTENT_HASH} \
     TRIGGER_PROJECT_REF=${TRIGGER_PROJECT_REF} \
+    NODE_EXTRA_CA_CERTS=${NODE_EXTRA_CA_CERTS} \
     NODE_ENV=production
 
 USER node

packages/cli-v3/src/commands/deploy.ts

@@ -304,6 +304,7 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
         pushImage: options.push,
         selfHostedRegistry: !!options.registry,
         noCache: options.noCache,
+        extraCACerts: resolvedConfig.config.extraCACerts,
       });
     }
 
@@ -330,6 +331,7 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
         loadImage: options.loadImage,
         buildPlatform: options.buildPlatform,
         noCache: options.noCache,
+        extraCACerts: resolvedConfig.config.extraCACerts,
       },
       deploymentSpinner
     );
@@ -779,6 +781,7 @@ type BuildAndPushImageOptions = {
   loadImage: boolean;
   buildPlatform: string;
   noCache: boolean;
+  extraCACerts?: string;
 };
 
 type BuildAndPushImageResults =
@@ -837,6 +840,9 @@ async function buildAndPushImage(
       `TRIGGER_CONTENT_HASH=${options.contentHash}`,
       "--build-arg",
       `TRIGGER_PROJECT_REF=${options.projectRef}`,
+      ...(options.extraCACerts
+        ? ["--build-arg", `NODE_EXTRA_CA_CERTS=${options.extraCACerts}`]
+        : []),
       "-t",
       `${options.registryHost}/${options.imageTag}`,
       ".",
@@ -961,6 +967,9 @@ async function buildAndPushSelfHostedImage(
       `TRIGGER_CONTENT_HASH=${options.contentHash}`,
       "--build-arg",
       `TRIGGER_PROJECT_REF=${options.projectRef}`,
+      ...(options.extraCACerts
+        ? ["--build-arg", `NODE_EXTRA_CA_CERTS=${options.extraCACerts}`]
+        : []),
       "-t",
       imageRef,
       ".", // The build context

packages/cli-v3/src/utilities/configFiles.ts

@@ -247,6 +247,15 @@ export async function resolveConfig(path: string, config: Config): Promise<Resol
     config.tsconfigPath = await findFilePath(path, "tsconfig.json");
   }
 
+  if (!config.additionalFiles) {
+    config.additionalFiles = [];
+  }
+
+  if (config.extraCACerts) {
+    config.additionalFiles.push(config.extraCACerts);
+    config.extraCACerts = config.extraCACerts.replace(/^(\.[.]?\/)+/, "");
+  }
+
   return config as ResolvedConfig;
 }
 

packages/cli-v3/src/workers/prod/entry-point.ts

@@ -1485,6 +1485,7 @@ function gatherProcessEnv() {
     TERM: process.env.TERM,
     NODE_PATH: process.env.NODE_PATH,
     HOME: process.env.HOME,
+    NODE_EXTRA_CA_CERTS: process.env.NODE_EXTRA_CA_CERTS,
   };
 
   // Filter out undefined values

packages/core/src/v3/schemas/schemas.ts

@@ -206,6 +206,7 @@ export const Config = z.object({
   logLevel: z.string().optional(),
   enableConsoleLogging: z.boolean().optional(),
   postInstall: z.string().optional(),
+  extraCACerts: z.string().optional(),
 });
 
 export type Config = z.infer<typeof Config>;

packages/core/src/v3/types/config.ts

@@ -82,4 +82,13 @@ export interface ProjectConfig {
    * @example "prisma generate"
    */
   postInstall?: string;
+
+  /**
+   * CA Cert file to be added to NODE_EXTRA_CA_CERT environment variable in, useful in use with self signed cert in the trigger.dev environment.
+   *
+   * @example "./certs/ca.crt"
+   * Note: must start with "./" and be relative to the project root.
+   *   
+   */
+  extraCACerts?: string;
 }