fix: added ca cert env var

[dbarrosop]

PR Type

bug_fix, enhancement

---

Description

• Add SSL_CERT_FILE environment variable to Go container images.

• Ensure Go images use correct CA certificate path.

• Remove redundant inclusion of pkgs.cacert in root filesystem.

• Improve container image configuration for SSL/TLS support.

---

Changes walkthrough 📝

	Relevant files
Enhancement	go.nix Improve CA certificate handling in Go container images      lib/go/go.nix Add SSL_CERT_FILE env var pointing to CA bundle. Remove pkgs.cacert from root filesystem paths. Update container image configuration for better SSL support. +1/-1

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Environment Variable Configuration The addition of the SSL_CERT_FILE environment variable should be validated to ensure it points to the correct CA certificate path and that it is respected by Go applications in the container. The reviewer should verify that this change does not break existing SSL/TLS functionality. "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" Removal of CA Certificates from Root The removal of pkgs.cacert from the root filesystem may impact applications or tools that expect CA certificates to be present in standard locations. The reviewer should confirm that all necessary tools will still function as expected. paths = [ package (pkgs.writeTextFile { name = "tmp-file"; text = '' dummy file to generate tmpdir ''; destination = "/tmp/tmp-file"; }) # busybox ] ++ buildInputs ++ contents; };

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix SSL cert path to match image contents Ensure that the path ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt is actually available in the container image, since pkgs.cacert was removed from copyToRoot. Otherwise, the environment variable will point to a non-existent file, causing SSL failures. lib/go/go.nix [46] -"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" +"SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a critical issue: the environment variable SSL_CERT_FILE points to a file that is no longer included in the image, which would break SSL functionality. Adjusting the path prevents runtime errors related to missing certificates.	Medium