From ec8985e60a2a2b92554b3f2cb9d76f850be12fb4 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Fri, 17 Oct 2025 17:17:42 +1100
Subject: [PATCH] feat: enable access to vault certificate

- puppet now automatically trusts vault certs for some clients
- ensure build job can access vault certs
---
 .gitea/workflows/build.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
index db8ab15..b889330 100644
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@@ -9,7 +9,7 @@ jobs:
     runs-on: almalinux-8
     container:
       image: git.unkin.net/unkin/almalinux9-actionsdind:latest
-      options: --privileged
+      options: "--privileged --volume /etc/pki/tls/vault:/etc/pki/tls/vault:ro"
 
     steps:
       - name: Checkout code
@@ -29,4 +29,5 @@ jobs:
         env:
           VAULT_ROLEID: ${{ secrets.TERRAFORM_INCUS_VAULT_ROLEID }}
         run: |
+          ls -lh /etc/pki/tls/vault
           make plan