This GitHub Action installs and configures Localias to enable HTTPS domains for CI tests. It handles certificate installation and system configuration to ensure proper HTTPS functionality in testing environments.
This was extracted from this python repo, if you are looking for an example of how to integrate this into your project.
- Installs and runs Localias as a daemon
- Configures system CA certificates
- Sets up NSS database for Chrome/Chromium compatibility (for playright, cypress, etc)
- Validates HTTPS functionality with curl tests based on a domain in
.localias.yml
steps:
- uses: iloveitaly/github-action-localias@master- Installs Localias if not present
- Starts Localias daemon
- Waits for self-signed certificate generation
- Refreshes system CA certificates
- Creates and configures NSS database for Chrome/Chromium
- Validates HTTPS setup with curl tests across all domains in
.localias.yml
Getting this working was challenging:
- You'll see an error message (with a typo)
not NSS security databases foundeven if the NSS DB exists. This occurs even undersudo -Eand it really shouldn't because the directory it references definitely exists. curlwill succeed if retried multiple times. I have no idea why this is happening. There must be some CA store refresh process which runs async. Rather than trying to understand what is going on, we just retry a handful of times.- Note that this happens on each unique domain. So it's not related to the cert cache globally, there's some per-host cert system that needs to be warmed up. This is why we iterate over each domain.
- Installing
libnss3-toolsdoes not initialize the NSS DB. You must do this manually. curldoes not use the NSS DB but Chromium does.sudo localias debug cert --print | sudo tee -a /etc/ssl/certs/ca-certificates.crtexecutes correctly with caddy, this is not necessary.
- https://ray.run/questions/how-do-i-fix-ssl-errors-when-using-playwright-and-google-chrome-to-access-a-site-on-localhost-3000
- https://medium.com/@mudit94/configuring-https-certificates-in-playwright-932ca3fc9f06
- https://superuser.com/questions/1083766/how-do-i-deal-with-neterr-cert-authority-invalid-in-chrome