From d4f88c1a6c5178d78a860de28e805b27b1249269 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 7 Oct 2024 17:16:35 +0200 Subject: [PATCH] deploy: be more careful when auto-upgrading from HTTP -> HTTPS Since we play dirty tricks with `/etc/hosts` before running the Playwright tests in order to side-step Cloudflare's caches, we need to avoid using HTTPS for git-scm.com because the certificate would not be liked by Playwright. The symptom is: Error: page.goto: net::ERR_CERT_COMMON_NAME_INVALID at https://git-scm.com/ The most likely explanation is that GitHub, when trying to verify the DNS settings, realizes that the actual DNS entries by Cloudflare do _not_ point to GitHub's servers and therefore refuses to get a custom certificate from Let's Encrypt for git-scm.com. As a consequence, the certificate it provides does not cover that domain, it only covers *.github.io. Let's just leave http://git-scm.com/ alone. Signed-off-by: Johannes Schindelin --- .github/actions/deploy-to-github-pages/action.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/actions/deploy-to-github-pages/action.yml b/.github/actions/deploy-to-github-pages/action.yml index 8131ebc7fe..6bb436890c 100644 --- a/.github/actions/deploy-to-github-pages/action.yml +++ b/.github/actions/deploy-to-github-pages/action.yml @@ -196,7 +196,10 @@ runs: PLAYWRIGHT_TEST_URL: ${{ steps.pages.outputs.base_url }} run: | # avoid test failures when HTTPS is enforced half-way through - PLAYWRIGHT_TEST_URL="$(echo "$PLAYWRIGHT_TEST_URL" | sed 's/^http:/https:/')" && + case "$PLAYWRIGHT_TEST_URL" in + https://*|http://git-scm.com/) ;; # okay, leave as-is + http://*) PLAYWRIGHT_TEST_URL="https://${PLAYWRIGHT_TEST_URL#http://}";; + esac && npx playwright test --project=chrome - uses: actions/upload-artifact@v4 if: always()