Commit 0139a05
committed
ci(sfw): scope VP_INSECURE_TLS to the Linux matrix entry only
Only Linux actually needs the TLS-bypass against sfw v1.11.0:
- Linux (ubuntu-latest): runner doesn't preinstall Node 22.18 into
vp's cache, so `sfw vp i -g pnpm@9.15.0` triggers vp's HttpClient
to fetch nodejs.org/.../SHASUMS256.txt through sfw. rustls rejects
sfw's broken CA (UnknownIssuer) — flag required.
- macOS / Windows: runners already have Node 22.18 in vp's cache.
vp never traverses sfw with its HttpClient in this test; the only
HTTPS through sfw is npm's (lenient Node TLS). No flag needed —
and leaving verification enabled there confirms the bypass is
scoped, not blanket.
Plumbed via a per-matrix-entry `vp_insecure_tls` value. The shared
HTTP client treats an empty `VP_INSECURE_TLS` env as unset (the
truthy-only parser added in the previous commit), so the empty
value on macOS/Windows is a no-op.1 parent e430085 commit 0139a05
1 file changed
Lines changed: 20 additions & 11 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
906 | 906 | | |
907 | 907 | | |
908 | 908 | | |
| 909 | + | |
| 910 | + | |
| 911 | + | |
| 912 | + | |
| 913 | + | |
| 914 | + | |
| 915 | + | |
909 | 916 | | |
910 | 917 | | |
911 | 918 | | |
912 | 919 | | |
| 920 | + | |
913 | 921 | | |
914 | 922 | | |
915 | 923 | | |
916 | 924 | | |
917 | 925 | | |
918 | 926 | | |
| 927 | + | |
919 | 928 | | |
920 | 929 | | |
921 | 930 | | |
| |||
982 | 991 | | |
983 | 992 | | |
984 | 993 | | |
985 | | - | |
986 | | - | |
987 | | - | |
988 | | - | |
989 | | - | |
990 | | - | |
991 | | - | |
992 | | - | |
993 | | - | |
994 | | - | |
| 994 | + | |
| 995 | + | |
| 996 | + | |
| 997 | + | |
| 998 | + | |
| 999 | + | |
| 1000 | + | |
| 1001 | + | |
| 1002 | + | |
| 1003 | + | |
995 | 1004 | | |
996 | | - | |
| 1005 | + | |
997 | 1006 | | |
998 | 1007 | | |
999 | 1008 | | |
| |||
0 commit comments