Add certificate addition to opencode container (#454)

scuffi · scuffi · web-flow · commit 5dd63f0dbf16 · 2026-03-05T21:16:00.000Z
Co-authored-by: scuffi &lt;aferguson@cloudflare.com&gt;
diff --git a/packages/sandbox/Dockerfile b/packages/sandbox/Dockerfile
@@ -199,6 +199,12 @@ ENTRYPOINT ["/container-server/sandbox"]
 # ============================================================================
 FROM runtime-base AS opencode
 
+RUN --mount=type=secret,id=wrangler_ca \
+    if [ -f /run/secrets/wrangler_ca ] && [ -s /run/secrets/wrangler_ca ]; then \
+        cp /run/secrets/wrangler_ca /usr/local/share/ca-certificates/wrangler-dev-ca.crt && \
+        update-ca-certificates; \
+    fi
+
 # Install OpenCode CLI via npm (avoids GitHub API rate limits)
 RUN npm i -g opencode-ai \
     && opencode --version
diff --git a/packages/sandbox/scripts/docker-local.sh b/packages/sandbox/scripts/docker-local.sh
@@ -29,6 +29,7 @@ docker build \
   --platform linux/amd64 \
   --build-arg SANDBOX_VERSION="$VERSION" \
   -t "$IMAGE:$VERSION-opencode" \
+  --secret id=wrangler_ca,src="${NODE_EXTRA_CA_CERTS:-/dev/null}" \
   .
 
 docker build \

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ docker build \`
`29`	`29`	`--platform linux/amd64 \`
`30`	`30`	`--build-arg SANDBOX_VERSION="$VERSION" \`
`31`	`31`	`-t "$IMAGE:$VERSION-opencode" \`
	`32`	`+ --secret id=wrangler_ca,src="${NODE_EXTRA_CA_CERTS:-/dev/null}" \`
`32`	`33`	`.`
`33`	`34`
`34`	`35`	`docker build \`