From 9b407fb70a0d8d966d1a9b85f4bee7ac5ec10139 Mon Sep 17 00:00:00 2001
From: Andrew Miller <andrew@lethalbits.com>
Date: Thu, 5 Mar 2026 13:06:37 -0500
Subject: [PATCH] fix: add GIT_SSL_NO_VERIFY for Cloudflare origin cert in CI

The runner containers don't trust the Cloudflare origin certificate
for git.lethalbits.com, causing checkout to fail. Set GIT_SSL_NO_VERIFY
and Go private module env vars at the workflow level for all workflows.
---
 .gitea/workflows/release-nightly.yml | 6 ++++++
 .gitea/workflows/release-tag.yml     | 6 ++++++
 .gitea/workflows/test-pr.yml         | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/.gitea/workflows/release-nightly.yml b/.gitea/workflows/release-nightly.yml
index adb26ec..b084f44 100644
--- a/.gitea/workflows/release-nightly.yml
+++ b/.gitea/workflows/release-nightly.yml
@@ -4,6 +4,12 @@ on:
   push:
     branches: [main]
 
+env:
+  GIT_SSL_NO_VERIFY: true
+  GOPRIVATE: git.lethalbits.com/*
+  GONOSUMCHECK: git.lethalbits.com/*
+  GOINSECURE: git.lethalbits.com/*
+
 jobs:
   publish-nightly:
     runs-on: ubuntu-latest
diff --git a/.gitea/workflows/release-tag.yml b/.gitea/workflows/release-tag.yml
index 9aca7c1..e3b99f3 100644
--- a/.gitea/workflows/release-tag.yml
+++ b/.gitea/workflows/release-tag.yml
@@ -4,6 +4,12 @@ on:
   push:
     tags: ["*"]
 
+env:
+  GIT_SSL_NO_VERIFY: true
+  GOPRIVATE: git.lethalbits.com/*
+  GONOSUMCHECK: git.lethalbits.com/*
+  GOINSECURE: git.lethalbits.com/*
+
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
diff --git a/.gitea/workflows/test-pr.yml b/.gitea/workflows/test-pr.yml
index d7a3d02..175e38e 100644
--- a/.gitea/workflows/test-pr.yml
+++ b/.gitea/workflows/test-pr.yml
@@ -3,6 +3,12 @@ name: check-and-test
 on:
   - pull_request
 
+env:
+  GIT_SSL_NO_VERIFY: true
+  GOPRIVATE: git.lethalbits.com/*
+  GONOSUMCHECK: git.lethalbits.com/*
+  GOINSECURE: git.lethalbits.com/*
+
 jobs:
   check-and-test:
     runs-on: ubuntu-latest