In my nextjs project, I want to run npx pgtyped, connecting to a digital ocean postgres instance. Digital ocean have thoughtfully provided me with a self-signed cert, which I put at the project root. The cert needs to be available to Node when I run npx pgtyped, but I can't seem to make this happen. The command in my package.json looks like this...
"pgtyped-watch": "cross-env NODE_EXTRA_CA_CERTS=\"./digital-ocean.crt\" npx pgtyped -w -c pgtyped-config.json"
...and gives this output...
PS C:\dev\my-proj> npm run pgtyped-watch
> [email protected] pgtyped-watch
> cross-env NODE_EXTRA_CA_CERTS="./digital-ocean.crt" npx pgtyped -w -c pgtyped-config.json
node:events:491
throw er; // Unhandled 'error' event
^
Error: self-signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
at TLSSocket.emit (node:events:513:28)
at TLSSocket._finishInit (node:_tls_wrap:959:8)
at ssl.onhandshakedone (node:_tls_wrap:743:12)
Emitted 'error' event on TLSSocket instance at:
at emitErrorNT (node:internal/streams/destroy:151:8)
at emitErrorCloseNT (node:internal/streams/destroy:116:3)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
Node.js v18.14.0
npx is not getting the cert. Is there some way I can break this down, to test the presence of the environment variable, or to see the details of the self-signed cert it's complaining about. (I only have one digital ocean postgres instance so I can't possibly have the wrong cert.)
For completeness, my pgtyped-config.json is...
{
"transforms": [
{
"mode": "sql",
"include": "**/*.sql",
"emitTemplate": "{{dir}}/{{name}}.queries.ts"
}
],
"srcDir": "./src/",
"failOnError": false,
"camelCaseColumnNames": false,
"db": {
"host": "db-postgresql-ams3-myproj-do-user-14475298-0.b.db.ondigitalocean.com",
"port": 25060,
"user": "doadmin",
"dbName": "defaultdb",
"password": "xxxxxxxxxxxxxxxxxxxxxxx",
"ssl": true
}
}```
Fixed it. The cert being self-signed, I need to set environment variables both to tell npx where to find it, and to accept self-signed. To do this, I needed to put npx before my calls to cross-env. Seems simple enough.
So the working command is...