From 85acf68972858993a9ed540042284c13e29769b8 Mon Sep 17 00:00:00 2001
From: Olivier Bazoud <olivier.bazoud@gmail.com>
Date: Sat, 6 Sep 2025 14:31:45 +0200
Subject: [PATCH] fix(build): include CA certificates in Docker image

Ensure the image contains trusted CA certificates so the app can establish
secure HTTPS connections to AWS services. Without them, TLS handshakes
fail with **x509: certificate signed by unknown authority**:

`failed to check if infra exists: operation error SQS: GetQueueUrl, exceeded maximum number of attempts, 3, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sqs.eu-west-1.amazonaws.com/": tls: failed to verify certificate: x509: certificate signed by unknown authority`
---
 build/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/build/Dockerfile b/build/Dockerfile
index 69e0799f..31975e12 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -10,4 +10,5 @@ RUN go build -o ./bin/outpost ./cmd/outpost/main.go
 # Copy binary to a new image
 FROM scratch
 COPY --from=0 /app/bin/outpost /bin/outpost
+COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 ENTRYPOINT ["/bin/outpost"]