Merge branch 'fix/deploy-stage-custom-ca' into 'main'

Fix: Deploy custom CAs correctly on alpine base images

Closes #111

See merge request components/opentofu!237

.gitlab-ci.yml

@@ -104,7 +104,19 @@ stages:
   - export RELEASE_IMAGE_TAG="${RELEASE_VERSION}${RELEASE_OPENTOFU_VERSION:+-opentofu$RELEASE_OPENTOFU_VERSION}${RELEASE_BASE_IMAGE_OS:+-$RELEASE_BASE_IMAGE_OS}"
   - export RELEASE_IMAGE="${RELEASE_IMAGE_NAME}:${RELEASE_IMAGE_TAG}"
 
-.install-custom-ca: &install-custom-ca
+.install-custom-ca-alpine: &install-custom-ca-alpine
+  - |
+    if [ -f "${CUSTOM_CA}" ]; then
+      apk add --no-cache update-ca-certificates
+      mkdir -p /usr/local/share/ca-certificates/
+      cp "$CUSTOM_CA" /usr/local/share/ca-certificates/custom-ca.pem
+      update-ca-certificates
+    else
+      echo 'Skipping to install custom CA because $CUSTOM_CA environment variable is not set'
+    fi
+
+
+.install-custom-ca-fedora: &install-custom-ca-fedora
   - |
     if [ -f "${CUSTOM_CA}" ]; then
       cp "$CUSTOM_CA" /usr/share/pki/ca-trust-source/anchors/custom-ca.pem
@@ -150,7 +162,7 @@ check-semantic-version:
   stage: build
   image: quay.io/containers/buildah:v1.38.1
   before_script:
-    - *install-custom-ca
+    - *install-custom-ca-fedora
     # Supporting GitLab dependency proxies:
     # see https://docs.gitlab.com/ee/user/packages/dependency_proxy/
     - |
@@ -264,7 +276,7 @@ shellcheck:
   variables:
     GITLAB_OPENTOFU_BASE_IMAGE_OS: $RELEASE_BASE_IMAGE_OS
   before_script:
-    - *install-custom-ca
+    - *install-custom-ca-alpine
     - *image-matrix-deploy-release-name-script
     - crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
     - 'echo "base image OS: $GITLAB_OPENTOFU_BASE_IMAGE_OS"'
@@ -354,7 +366,7 @@ gitlab-opentofu-image:verify-signature:
     name: alpine/crane:0.20.3
     entrypoint: [""]
   before_script:
-    - *install-custom-ca
+    - *install-custom-ca-alpine
     - *image-matrix-deploy-release-name-script
     - apk add --update cosign
   script: