Added script to add qiita root-ca to environment.

Added script to add the root-ca used to sign Qiita's server.crt to qiita_client's environment. The functionality in this small script may be more useful if it becomes part of qiita_client itself.
qiita-spots · antgonza · Jul 23, 2024 · Jul 16, 2024 · Jul 16, 2024 · Jul 16, 2024
commit 2a8138bd109a9b3f491b950a9803477e2d0c6bc4
diff --git a/.github/workflows/qiita-ci.yml b/.github/workflows/qiita-ci.yml
@@ -7,6 +7,7 @@ on:
 jobs:
   # derived from https://github.com/actions/example-services/blob/master/.github/workflows/postgres-service.yml
   main:
+    # 7/16/24: confirm current ubuntu-latest is still 22.04.
     runs-on: ubuntu-latest
 
     strategy:
@@ -84,7 +85,6 @@ jobs:
 
           export QIITA_SERVER_CERT=`pwd`/qiita-dev/qiita_core/support_files/ci_server.crt
           export QIITA_CONFIG_FP=`pwd`/qiita-dev/qiita_core/support_files/config_test_local.cfg
-          pip --quiet install -U pip
 
           pip --quiet install https://github.com/qiita-spots/qtp-job-output-folder/archive/refs/heads/main.zip
 
@@ -136,9 +136,14 @@ jobs:
         run: |
           conda activate qiita_client
           export QIITA_SERVER_CERT=`pwd`/qiita-dev/qiita_core/support_files/ci_server.crt
+          export QIITA_ROOT_CA=`pwd`/qiita-dev/qiita_core/support_files/ci_rootca.crt
           export QIITA_CONFIG_FP=`pwd`/qiita-dev/qiita_core/support_files/config_test_local.cfg
-          export QP_KLP_CONFIG_FP=`pwd`/configuration.json
           export PYTHONWARNINGS="ignore:Certificate for localhost has no \`subjectAltName\`"
+
+          # before starting nosetests, add the root ca used to sign qiita's ci_server.crt file
+          # to the environment's certifi store. This will prevent CERTIFICATE_VERIFY_FAILED
+          # errors.
+          python rootca_insert.py $QIITA_ROOT_CA
           nosetests --with-doctest --with-coverage -v --cover-package=qiita_client 
       - uses: codecov/codecov-action@v3
         with:

diff --git a/rootca_insert.py b/rootca_insert.py
@@ -0,0 +1,18 @@
+import certifi
+from sys import argv
+
+
+def main(ca_fp):
+    with open(ca_fp, 'rb') as f:
+        my_ca = f.read()
+
+    ca_file = certifi.where()
+
+    with open(ca_file, 'ab') as f:
+        f.write(my_ca)
+
+    print("%s updated" % ca_file)
+
+
+if __name__ == '__main__':
+    main(argv[1])