func newHTTPClient()

in internal/app/http_client.go [22:55]


func newHTTPClient(ctx *cli.Context, log logrus.FieldLogger) (gitlab.HTTPClient, error) {
	extraCA := ctx.String(flags.AdditionalCACertBundle)

	rootCAs, err := x509.SystemCertPool()
	if err != nil {
		// SystemCertPool is not supported on Windows, safe to call x509.NewCertPool() below
		if runtime.GOOS != "windows" {
			return nil, fmt.Errorf("getting system cert pool: %w", err)
		}

		rootCAs = x509.NewCertPool()
	}

	if extraCA != "" {
		if err := loadExtraCACert(rootCAs, extraCA, log); err != nil {
			return nil, err
		}
	}

	transport := http.DefaultTransport.(*http.Transport).Clone()

	transport.TLSClientConfig = &tls.Config{
		// nolint: gosec
		// G402: TLS InsecureSkipVerify may be true
		// set to true at your own risk
		InsecureSkipVerify: ctx.Bool(flags.InsecureHTTPS),
		RootCAs:            rootCAs,
	}

	return &http.Client{
		Timeout:   ctx.Duration(flags.Timeout),
		Transport: transport,
	}, nil
}