Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Github actions docker build fails with curl SSL error for get.helm.sh #63

Open
solsson opened this issue Nov 12, 2024 · 0 comments
Open

Github actions docker build fails with curl SSL error for get.helm.sh #63

solsson opened this issue Nov 12, 2024 · 0 comments

Comments

@solsson
Copy link
Collaborator

solsson commented Nov 12, 2024

While docker buildx build -f runner.Dockerfile . works fine locally, builds fail in github actions. Output with added debug:

#54 [linux/arm64 bin  7/19] RUN nslookup get.helm.sh;   curl -v -I https://get.helm.sh/helm-v3.16.1-linux-arm64.tar.gz;   curl -k -v -I https://get.helm.sh/helm-v3.16.1-linux-arm64.tar.gz;   export CURL_SSL_VERIFYPEER=0;   y-helm version --client=true
#54 0.496 Server:		168.63.129.16
#54 0.496 Address:	168.63.129.16#53
#54 0.496 
#54 0.496 Non-authoritative answer:
#54 0.496 get.helm.sh	canonical name = get-helm-front-door-cdn-c9drhfggd8ewfzck.z03.azurefd.net.
#54 0.496 get-helm-front-door-cdn-c9drhfggd8ewfzck.z03.azurefd.net	canonical name = shed.dual-low.s-part-0023.t-0009.t-msedge.net.
#54 0.496 shed.dual-low.s-part-0023.t-0009.t-msedge.net	canonical name = s-part-0023.t-0009.t-msedge.net.
#54 0.496 Name:	s-part-0023.t-0009.t-msedge.net
#54 0.496 Address: 13.107.246.51
#54 0.496 Name:	s-part-0023.t-0009.t-msedge.net
#54 0.496 Address: 2620:1ec:bdf::51
#54 0.496 
#54 0.612   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
#54 0.615                                  Dload  Upload   Total   Spent    Left  Speed
#54 0.619 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host get.helm.sh:443 was resolved.
#54 0.669 * IPv6: 2620:1ec:bdf::51
#54 0.669 * IPv4: 13.107.246.51
#54 0.671 *   Trying 13.107.246.51:443...
#54 0.674 * Connected to get.helm.sh (13.107.246.51) port 443
#54 0.909 * ALPN: curl offers h2,http/1.1
#54 0.927 } [5 bytes data]
#54 0.929 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
#54 0.929 } [512 bytes data]
#54 5.971 *  CAfile: /etc/ssl/certs/ca-certificates.crt
#54 5.971 *  CApath: /etc/ssl/certs
#54 5.972 
  0     0    0     0    0     0      0      0 --:--:--  0:00:05 --:--:--     0{ [5 bytes data]
#54 5.975 * TLSv1.3 (IN), TLS handshake, Server hello (2):
#54 5.975 { [88 bytes data]
#54 5.979 * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
#54 5.979 } [1 bytes data]
#54 5.992 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
#54 5.992 } [512 bytes data]
#54 5.994 * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to get.helm.sh:443 
#54 5.995 
  0     0    0     0    0     0      0      0 --:--:--  0:00:05 --:--:--     0
#54 5.996 * Closing connection
#54 6.078 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to get.helm.sh:443

curl -k downloads from get.helm.sh work, but that's unsafe

8e502e5 is a workaround but tricky to maintain when new helm versions arrive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@solsson