deploy: be more careful when auto-upgrading from HTTP -> HTTPS

Since we play dirty tricks with `/etc/hosts` before running the Playwright tests in order to side-step Cloudflare's caches, we need to avoid using HTTPS for git-scm.com because the certificate would not be liked by Playwright. The symptom is: Error: page.goto: net::ERR_CERT_COMMON_NAME_INVALID at https://git-scm.com/ The most likely explanation is that GitHub, when trying to verify the DNS settings, realizes that the actual DNS entries by Cloudflare do _not_ point to GitHub's servers and therefore refuses to get a custom certificate from Let's Encrypt for git-scm.com. As a consequence, the certificate it provides does not cover that domain, it only covers *.github.io. Let's just leave http://git-scm.com/ alone. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git · Oct 7, 2024 · d4f88c1 · d4f88c1
1 parent b99865e
commit d4f88c1
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/.github/actions/deploy-to-github-pages/action.yml b/.github/actions/deploy-to-github-pages/action.yml
@@ -196,7 +196,10 @@ runs:
         PLAYWRIGHT_TEST_URL: ${{ steps.pages.outputs.base_url }}
       run: |
         # avoid test failures when HTTPS is enforced half-way through
-        PLAYWRIGHT_TEST_URL="$(echo "$PLAYWRIGHT_TEST_URL" | sed 's/^http:/https:/')" &&
+        case "$PLAYWRIGHT_TEST_URL" in
+        https://*|http://git-scm.com/) ;; # okay, leave as-is
+        http://*) PLAYWRIGHT_TEST_URL="https://${PLAYWRIGHT_TEST_URL#http://}";;
+        esac &&
         npx playwright test --project=chrome
     - uses: actions/upload-artifact@v4
       if: always()