Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Add support for disabling SSL verification in GitLab client#1364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
BB-steel wants to merge1 commit intopython-semantic-release:master
base:master
Choose a base branch
Loading
fromBB-steel:allow_insecure_gitlab

Conversation

@BB-steel
Copy link

Purpose

This pull request fixes a bug wherepython-semantic-release fails to create releases on self-hosted GitLab instances that use self-signed or internally-issued SSL certificates.

When theinsecure = true flag is set inpyproject.toml, the release process currently fails with anSSLCertVerificationError, preventing users from publishing releases in their private GitLab environments. This PR ensures that theinsecure flag is correctly honored.

Solves:requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed when runningsemantic-release publish against a self-hosted GitLab instance.

Rationale

The root cause of the issue is that theallow_insecure parameter in thesemantic_release.hvcs.gitlab.Gitlab class was not being passed down to the underlyingpython-gitlab client.

Thegitlab.Gitlab constructor accepts anssl_verify parameter, which defaults toTrue. Thepython-semantic-release wrapper did not utilize theallow_insecure flag to modify this behavior. As a result, thepython-gitlab client always attempted to verify SSL certificates, regardless of the user's configuration inpyproject.toml.

The solution is to explicitly passssl_verify=not allow_insecure during the initialization of thegitlab.Gitlab client withinsemantic_release/hvcs/gitlab.py. This directly connects the configuration option to the client's behavior, making theinsecure flag work as intended.

Workarounds like settingREQUESTS_CA_BUNDLE orGITLAB_SSL_VERIFY environment variables were considered but are less ideal as they require extra configuration in the user's CI/CD environment rather than fixing the bug at its source.

How did you test?

This change was validated through manual end-to-end testing in a CI/CD environment that replicates the original issue.

Methodology:

  1. Forked the Repository: Created a fork ofpython-semantic-release and applied the code change on a new branch.
  2. CI Pipeline Setup: Configured a GitLab CI pipeline to run against a self-hosted GitLab instance using a self-signed certificate.
  3. Configuration: Thepyproject.toml file was configured with the following remote settings:
    [tool.semantic_release.remote]type ="gitlab"insecure =truegitlab_url ="https://your.self-hosted.gitlab"
  4. Installation: The CI job was modified to installpython-semantic-release directly from the forked Git repository and branch.
    -uv pip install "git+https://github.com/your-username/python-semantic-release.git@fix/gitlab-ssl-verify"
  5. Execution: Ran thesemantic-release publish command.
  6. Validation:
    • Before Fix: The pipeline failed with theSSLCertVerificationError.
    • After Fix: The pipeline successfully executed thepublish step, creating a new release in the self-hosted GitLab project.

No edge cases were identified, as this change simply wires a boolean flag to its intended destination. Existing unit tests continue to pass.

How to Verify

A reviewer can verify this fix by following these steps:

  1. Check out this PR branch locally.
  2. Set up a test environment pointing to a self-hosted GitLab instance that uses a self-signed or non-publicly trusted SSL certificate.
  3. In a test project, configurepyproject.toml as follows:
    [tool.semantic_release]# ... other settings[tool.semantic_release.remote]type ="gitlab"gitlab_url ="https://your.gitlab.instance"token = {env ="GITLAB_TOKEN" }insecure =true
  4. Install this patched version ofpython-semantic-release.
  5. Runsemantic-release publish.
  6. Expected Result: The command should complete successfully, creating a release on the GitLab instance without any SSL errors. To confirm the failure, run the same command on themain branch, which should fail with theSSLCertVerificationError.

PR Completion Checklist

  • Reviewed & followed theContributor Guidelines
  • Changes Implemented & Validation pipeline succeeds
  • Commits follow theConventional Commits standard and are separated into the proper commit type and scope (recommended order: test, build, feat/fix, docs)
  • Appropriate Unit tests added/updated
  • Appropriate End-to-End tests added/updated
  • Appropriate Documentation added/updated and syntax validated for sphinx build (see Contributor Guidelines)

Copy link

CopilotAI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Pull Request Overview

This PR adds SSL certificate verification configuration to the GitLab HVCS client by passing thessl_verify parameter to thegitlab.Gitlab constructor.

  • Addsssl_verify=not allow_insecure parameter when initializing the GitLab client to properly handle SSL/TLS certificate verification

💡Add Copilot custom instructions for smarter, more guided reviews.Learn how to get started.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

Copilot code reviewCopilotCopilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BB-steel@SteelScript
[8]ページ先頭
©2009-2025 Movatter.jp