From b2021dd7d89ea437dcbe901adda388dd35a2e583 Mon Sep 17 00:00:00 2001
From: "Vazquez,Brais (IT EDP)" <brais.vazquez@boehringer-ingelheim.com>
Date: Thu, 16 Jan 2025 17:30:50 +0100
Subject: [PATCH 1/8] set certificate path

---
 common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8 | 3 +--
 common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8 | 3 +--
 common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 | 3 +--
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8
index 118ada0a..cde37d1d 100644
--- a/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8
@@ -49,8 +49,7 @@ RUN yum repolist \
 RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \
     npm config set email=no-reply@opendevstack.org && \
-    npm config set ca=null && \
-    npm config set strict-ssl=false && \
+    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
     yarn config set registry $nexusUrl/repository/npmjs/ -g && \
     echo node version: $(node --version) && \
     echo npm version: $(npm --version) && \
diff --git a/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8
index 6ef4b43e..9448ac84 100644
--- a/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8
@@ -49,8 +49,7 @@ RUN yum repolist \
 RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \
     npm config set email=no-reply@opendevstack.org && \
-    npm config set ca=null && \
-    npm config set strict-ssl=false && \
+    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
     yarn config set registry $nexusUrl/repository/npmjs/ -g && \
     echo node version: $(node --version) && \
     echo npm version: $(npm --version) && \
diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
index 08528ac8..1d1de460 100644
--- a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
@@ -49,8 +49,7 @@ RUN yum repolist \
 RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \
     npm config set email=no-reply@opendevstack.org && \
-    npm config set ca=null && \
-    npm config set strict-ssl=false && \
+    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
     yarn config set registry $nexusUrl/repository/npmjs/ -g && \
     echo node version: $(node --version) && \
     echo npm version: $(npm --version) && \

From 7d0f146d279a6cf8e6cd8650e95d6af72a4c0584 Mon Sep 17 00:00:00 2001
From: "Vazquez,Brais (IT EDP)" <brais.vazquez@boehringer-ingelheim.com>
Date: Thu, 16 Jan 2025 17:50:34 +0100
Subject: [PATCH 2/8] changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a1d20496..8411f7b7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## Unreleased
 
+- Nodejs agents should make use of the installed certificates in the agent ([#1078](https://github.com/opendevstack/ods-quickstarters/issues/1078))
 - Fix Ruby installation with high amount of CPU cores ([#1084](https://github.com/opendevstack/ods-quickstarters/issues/1084))
 - Update OS packages by default and bump gitleaks version ([#1049](https://github.com/opendevstack/ods-quickstarters/issues/1049))
 - Install java 17 devel only in scala and jdk agents ([#1057](https://github.com/opendevstack/ods-quickstarters/pull/1057))

From 3b9a2cb65a01cc329f92d144900ebefeb9d1dd6b Mon Sep 17 00:00:00 2001
From: "Vazquez,Brais (IT EDP)" <brais.vazquez@boehringer-ingelheim.com>
Date: Thu, 16 Jan 2025 18:01:25 +0100
Subject: [PATCH 3/8] test

---
 common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
index 1d1de460..ce270952 100644
--- a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
@@ -57,6 +57,8 @@ RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     echo yarn version: $(yarn --version)
 
 RUN chown -R 1001:0 $HOME && \
-    chmod -R g+rwX $HOME
+    chmod -R g+rwX $HOME && \
+    chmod -R g+rwX /home/jenkins/.npm && \
+    chown -R 1001:0 /home/jenkins/.npm
 
 USER 1001

From c15c284b3f091b368115aa99f1b88a9dc0acf39b Mon Sep 17 00:00:00 2001
From: "Vazquez,Brais (IT EDP)" <brais.vazquez@boehringer-ingelheim.com>
Date: Fri, 17 Jan 2025 11:45:44 +0100
Subject: [PATCH 4/8] test

---
 common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
index ce270952..7b7e5c9f 100644
--- a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
@@ -49,7 +49,7 @@ RUN yum repolist \
 RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \
     npm config set email=no-reply@opendevstack.org && \
-    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
+#    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
     yarn config set registry $nexusUrl/repository/npmjs/ -g && \
     echo node version: $(node --version) && \
     echo npm version: $(npm --version) && \

From 338cd211a0c9f24dfbd16625b57df7846d3fc656 Mon Sep 17 00:00:00 2001
From: "Vazquez,Brais (IT EDP)" <brais.vazquez@boehringer-ingelheim.com>
Date: Fri, 17 Jan 2025 13:55:00 +0100
Subject: [PATCH 5/8] test

---
 common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
index 7b7e5c9f..8f9890f1 100644
--- a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
@@ -50,6 +50,8 @@ RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \
     npm config set email=no-reply@opendevstack.org && \
 #    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
+    npm config set ca=null && \
+    npm config set strict-ssl=true && \
     yarn config set registry $nexusUrl/repository/npmjs/ -g && \
     echo node version: $(node --version) && \
     echo npm version: $(npm --version) && \

From 8623d872671a6c7e8fb4587bac75b0f965ed770f Mon Sep 17 00:00:00 2001
From: "Vazquez,Brais (IT EDP)" <brais.vazquez@boehringer-ingelheim.com>
Date: Fri, 17 Jan 2025 14:03:37 +0100
Subject: [PATCH 6/8] use env var for certificates

---
 common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
index 8f9890f1..4bd42a7f 100644
--- a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
@@ -15,6 +15,7 @@ ARG nexusAuth
 ENV NODEJS_VERSION=22 \
     YARN_VERSION=1.22.19 \
     NPM_CONFIG_PREFIX=$HOME/.npm-global \
+    NODE_EXTRA_CA_CERTS=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \
     PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH \
     LANG=en_US.UTF-8 \
     LC_ALL=en_US.UTF-8
@@ -49,8 +50,6 @@ RUN yum repolist \
 RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \
     npm config set email=no-reply@opendevstack.org && \
-#    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
-    npm config set ca=null && \
     npm config set strict-ssl=true && \
     yarn config set registry $nexusUrl/repository/npmjs/ -g && \
     echo node version: $(node --version) && \

From 728a46865f6b4ff9317cd708cf4a3752e38d080d Mon Sep 17 00:00:00 2001
From: "Vazquez,Brais (IT EDP)" <brais.vazquez@boehringer-ingelheim.com>
Date: Fri, 17 Jan 2025 14:07:51 +0100
Subject: [PATCH 7/8] cleanup and set proper value

---
 common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
index 4bd42a7f..2a61cb46 100644
--- a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
@@ -15,7 +15,7 @@ ARG nexusAuth
 ENV NODEJS_VERSION=22 \
     YARN_VERSION=1.22.19 \
     NPM_CONFIG_PREFIX=$HOME/.npm-global \
-    NODE_EXTRA_CA_CERTS=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \
+    NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \
     PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH \
     LANG=en_US.UTF-8 \
     LC_ALL=en_US.UTF-8
@@ -59,7 +59,5 @@ RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
 
 RUN chown -R 1001:0 $HOME && \
     chmod -R g+rwX $HOME && \
-    chmod -R g+rwX /home/jenkins/.npm && \
-    chown -R 1001:0 /home/jenkins/.npm
 
 USER 1001

From e70ab62ec024c11c0d0e47c688c6608d88b6fccd Mon Sep 17 00:00:00 2001
From: "Vazquez,Brais (IT EDP)" <brais.vazquez@boehringer-ingelheim.com>
Date: Fri, 17 Jan 2025 14:09:55 +0100
Subject: [PATCH 8/8] update all node agents

---
 common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8 | 3 ++-
 common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8 | 3 ++-
 common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8
index cde37d1d..b4b5e763 100644
--- a/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs18/docker/Dockerfile.ubi8
@@ -15,6 +15,7 @@ ARG nexusAuth
 ENV NODEJS_VERSION=18 \
     YARN_VERSION=1.22.18 \
     NPM_CONFIG_PREFIX=$HOME/.npm-global \
+    NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \
     PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH \
     LANG=en_US.UTF-8 \
     LC_ALL=en_US.UTF-8
@@ -49,7 +50,7 @@ RUN yum repolist \
 RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \
     npm config set email=no-reply@opendevstack.org && \
-    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
+    npm config set strict-ssl=true && \
     yarn config set registry $nexusUrl/repository/npmjs/ -g && \
     echo node version: $(node --version) && \
     echo npm version: $(npm --version) && \
diff --git a/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8
index 9448ac84..aba3bb7e 100644
--- a/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs20/docker/Dockerfile.ubi8
@@ -15,6 +15,7 @@ ARG nexusAuth
 ENV NODEJS_VERSION=20 \
     YARN_VERSION=1.22.19 \
     NPM_CONFIG_PREFIX=$HOME/.npm-global \
+    NPM_CONFIG_CAFILE=/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem \
     PATH=$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$HOME/node_modules/.bin/:$HOME/.npm-global/bin/:$PATH \
     LANG=en_US.UTF-8 \
     LC_ALL=en_US.UTF-8
@@ -49,7 +50,7 @@ RUN yum repolist \
 RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     npm config set //${nexusUrl#*://}/repository/npmjs/:_auth=$(echo -n $nexusAuth | base64) && \
     npm config set email=no-reply@opendevstack.org && \
-    npm config set ca /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem && \
+    npm config set strict-ssl=true && \
     yarn config set registry $nexusUrl/repository/npmjs/ -g && \
     echo node version: $(node --version) && \
     echo npm version: $(npm --version) && \
diff --git a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8 b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
index 2a61cb46..5adc6a61 100644
--- a/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
+++ b/common/jenkins-agents/nodejs22/docker/Dockerfile.ubi8
@@ -58,6 +58,6 @@ RUN npm config set registry=$nexusUrl/repository/npmjs/ && \
     echo yarn version: $(yarn --version)
 
 RUN chown -R 1001:0 $HOME && \
-    chmod -R g+rwX $HOME && \
+    chmod -R g+rwX $HOME
 
 USER 1001