Support for registries with self-signed certificates

[sudiptosarkar]

Description

I'm trying to publish to my own (Harbor) registry, which has a self-signed certificate. I have my CA root certificate, but there's no way to add that to this action. Can we please add this support?

Here's the error I get in my Github action runs:

Error: Error response from daemon: Get "https://registry.x-force.int/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority

Also, I'd greatly appreciate any workaround in the meantime as I'm blocked on this...

[crazy-max]

This action is just a wrapper around docker login and does not trust self-signed certificates by default. If you're using a GitHub public runner you can have a step before the login one that copies the self-signed cert to /etc/docker/certs.d/registry.x-force.int/ca.crt and restart docker with systemctl restart docker.

As runners have a hard dependency on the docker engine to startup service containers, we shouldn't have to manage certificates and interact with docker systemd unit as it would have unattended behavior if services are setup.