Merge pull request #126 from wp-cli/fix/mariadb-ssl-verify

swissspidy · web-flow · commit f9f45357684f · 2025-03-28T14:29:51.000+01:00
Explicitly enable `ssl-verify-server-cert` for mariadb
diff --git a/.github/workflows/reusable-testing.yml b/.github/workflows/reusable-testing.yml
@@ -122,7 +122,8 @@ jobs:
             {
               "php": "8.3",
               "wp": "latest",
-              "mysql": "mariadb-11.4"
+              "mysql": "mariadb-11.4",
+              "dbtype": "mariadb"
             },
             {
               "php": "7.2",
@@ -182,7 +183,8 @@ jobs:
             {
               "php": "8.3",
               "wp": "trunk",
-              "mysql": "mariadb-11.4"
+              "mysql": "mariadb-11.4",
+              "dbtype": "mariadb"
             },
             {
               "php": "8.4",
@@ -386,6 +388,13 @@ jobs:
           my-cnf: |
             default_authentication_plugin=mysql_native_password
 
+            # Explicitly enable server certificate verification by default, avoiding
+            # "option --ssl-verify-server-cert is disabled, because of an insecure passwordless login."
+            # warnings because WP-CLI passes password via the `MYSQL_PWD` environment variable
+            # and the setting is otherwise implicitly used.
+            [client-mariadb]
+            ssl-verify-server-cert
+
       - name: Configure DB environment
         if: ${{ matrix.dbtype != 'sqlite' }}
         run: |
