Add support for custom CA in cypress/factory

[OriR]

Hey,

We are using a company network that has TLS traffic inspection. This means that it inspects the traffic and then signs the messages back with a custom certificate. Our IT has a policy to push the CA for that certificate to the trust stores on our machines but these don't pass over to the docker builder.

So, all the internal install scripts (node/yarn/chrome/etc.) may fail if any of these domains aren't excluded manually from the TLS traffic inspection.

Ideally, I'd like to have a build arg or something similar that can be set to that root CA before invoking any of these scripts.

Or, alternatively, don't delete the install scripts, so they can be called manually at a different time (after we've set that root CA for the image in our Dockerfile).

[nagash77]

Hi @OriR , thank you for submitting your feature request. I will pass along to our product for consideration. I do want to set expectations though and tell you it is highly unlikely this will be prioritized in the near future.

[OriR]

Hey @nagash77
Thanks for the quick reply! 🙏

Not even a having an optional build arg to not delete the install scripts upon finish?

[akf]

Just popping in months later to say we also have this issue. What we usually do is run something like this to install the certificates before we run any commands that need network access:

COPY ./.docker/custom_cert.pem /tmp/custom.crt
if [ x"${BUILD_ENV}" = x"LOCAL" ] ; then RUN cp /tmp/custom.crt /usr/local/share/ca-certificates/zscaler.crt ; update-ca-certificates ; fi

(This is somewhat new in our environment and there might be a better way.)

With the cypress/factory image, the installers run (unsuccessfully) before we can get those certificates in place.