From 7d381bf67a72fe1ecb1012393d5726085564cb0e Mon Sep 17 00:00:00 2001
From: John Andersen <johnandersenpdx@gmail.com>
Date: Tue, 6 Jun 2023 11:29:16 -0700
Subject: [PATCH] scripts: images containers manifest: Update cafile setting
 via context to avoid deperication warning for cafile usage

Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
---
 .../images_containers_manifest.py                        | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/actions/create_manifest_instance_build_images_containers/images_containers_manifest.py b/.github/actions/create_manifest_instance_build_images_containers/images_containers_manifest.py
index 34d376878d..9e03d313e1 100755
--- a/.github/actions/create_manifest_instance_build_images_containers/images_containers_manifest.py
+++ b/.github/actions/create_manifest_instance_build_images_containers/images_containers_manifest.py
@@ -28,6 +28,13 @@ def path_to_image_name(path, root_path):
 
 
 def main():
+    # For weird cases when system CAs are not being respected
+    # For example on Ubuntu run with REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
+    ssl_context = None
+    if "REQUESTS_CA_BUNDLE" in os.environ:
+        ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+        ssl_context.load_verify_locations(os.environ["REQUESTS_CA_BUNDLE"])
+
     # For running under GitHub actions within a container
     if "GITHUB_WORKSPACE" in os.environ:
         subprocess.check_call(["git", "config", "--global", "--add", "safe.directory", os.environ["GITHUB_WORKSPACE"]])
@@ -96,7 +103,7 @@ def main():
                         "Authorization": "bearer " + os.environ["GH_ACCESS_TOKEN"],
                     },
                 ),
-                cafile=os.environ.get("REQUESTS_CA_BUNDLE", None),
+                context=ssl_context,
             ) as response:
                 response_json = json.load(response)
         # Print for debug