Adding CA Cert to GitHub Hosted Runner

I have a security-centric project which includes a command that adds a certificate to a docker container to enable HTTPS.

This certificate was generated by an Active Directory Certificate Authority.

While my command supports -AcceptSelfSignedCertificate, I’d prefer that my organizational CA certificate be trusted. Otherwise, the accuracy of my integration tests is reduced.

I tried running update-ca-certificates in an ubuntu runner but got permission denied. Is there a way that my organizational CA certificate be trusted by the runner? Right now, I can write it to disk from a secret, but I can’t get it to be trusted.

I’d even be happy with just the runner user trusting it, as opposed to the system, but so far I’ve had no luck with that, either. All I find online are references to system-wide CA trusts for ubuntu.


Whoa! I just had to use sudo. I didn’t realize sudo would work in GitHub Actions! Cool, thanks this is closed.