Checkout: private submodule checkout fails @v2

Created on 18 Dec 2019  路  65Comments  路  Source: actions/checkout

I've private git submodule, which contains our shared i18n resouces, with same organization owner as my main repo

I've configured git submodule in main repository as

$ cat .gitmodules
[submodule "xxx-i18n"]
    path = xxx-i18n
    url = ../xxx-i18n
    branch = master

Then I added this one from README to my github action workflow.

name: CI

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
    - name: Checkout submodules
      shell: bash
      run: |
        auth_header="$(git config --local --get http.https://github.com/.extraheader)"
        git submodule sync --recursive
        git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1

I expected this to work.

Instead I got

Checkout submodules
2s
##[error]Process completed with exit code 1.
Run auth_header="$(git config --local --get http.https://github.com/.extraheader)"
  auth_header="$(git config --local --get http.https://github.com/.extraheader)"
  git submodule sync --recursive
  git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
  shell: /bin/bash --noprofile --norc -e -o pipefail {0}
Submodule 'xxx-i18n' (https://github.com/myprivateorg/xxx-i18n) registered for path 'xxx-i18n'
Cloning into '/home/runner/work/my-main-repo/my-main-repo/xxx-i18n'...
remote: Repository not found.
fatal: repository 'https://github.com/myprivateorg/xxx-i18n/' not found
fatal: clone of 'https://github.com/myprivateorg/xxx-i18n' into submodule path '/home/runner/work/my-main-repo/my-main-repo/xxx-i18n' failed
Failed to clone 'xxx-i18n'. Retry scheduled
Cloning into '/home/runner/work/my-main-repo/my-main-repo/xxx-i18n'...
remote: Repository not found.
fatal: repository 'https://github.com/myprivateorg/xxx-i18n/' not found
fatal: clone of 'https://github.com/myprivateorg/xxx-i18n' into submodule path '/home/runner/work/my-main-repo/my-main-repo/xxx-i18n' failed
Failed to clone 'xxx-i18n' a second time, aborting
##[error]Process completed with exit code 1.
enhancement

Most helpful comment

What worked: create new personal access token (PAT)

    steps:
    - name: Checkout
      uses: actions/checkout@v2
      with:
        token: ${{ secrets.MY_REPO_PAT }}
        submodules: recursive

All 65 comments

Sub-modules support was removed in v2, I'm not sure why though

https://github.com/actions/checkout/releases/tag/v2.0.0

Sub-modules support was removed in v2, I'm not sure why though

I understood that it refers to another syntax with: submodules as the README I linked gives this new syntax I used.

I also need to have sub-module support. When I use v2, there's no .git directory so I cannot perform any commands like checking out sub-modules. For now I'm using v1 to continue my development.

I have the exact same issue but I just made it work using the Checkout multiple repos (private) example

    - name: Checkout submodule
      uses: actions/[email protected]
      with:
        token: '${{ secrets.GITHUB_PAT }}'
        repository: myOrg/myRepo
        path: path/to/submodule
        ref: 'master'

This is working just as a workaround and might not be practical for a project with a lot of submodules, but I hope it helps until #72 is resolved

@rodrigorn It works for some use cases. Even with a single submodule, it can become inconsistent when the master branch myOrg/myRepo adds commits which are not tracked by the main repo.

This is actually blocking us from using GitHub actions. I hope it can be prioritized..

@tvainika the default token embedded in the main repo does not have access to fetch other private repositories. Instead if you supply token: ${{ secrets.MY_GITHUB_PAT }} then it should work.

@neutrinog no .git folder indicates git 2.18 or higher is not in your PATH. I updated the readme earlier today to make that more clear.

I have the exact same issue but I just made it work using the Checkout multiple repos (private) example

    - name: Checkout submodule
      uses: actions/[email protected]
      with:
        token: '${{ secrets.GITHUB_PAT }}'
        repository: myOrg/myRepo
        path: path/to/submodule
        ref: 'master'

This is working just as a workaround and might not be practical for a project with a lot of submodules, but I hope it helps until #72 is resolved

@ericsciplec @rodrigorn is there a better alternative? I would like to avoid maintaining submodule hashes/branches in two different places. This is very error prone..

I'm having the same issue, came here from the readme where it has a section on "Checkout Submodules" that does not work at all for me (I can't checkout any submodule, public or private).

@ericsciplec @rodrigorn is there a better alternative? I would like to avoid maintaining submodule hashes/branches in two different places. This is very error prone..

I agree completely but haven't found any better solution yet

FYI this is what I have been using:

- name: Checkout submodule
  run: |
    git config --file=.gitmodules submodule.lib/YOUR_SUBMODULE.url https://${{ secrets.CI_PAT }}:${{ secrets.CI_PAT }}@github.com/ORG/YOUR_SUBMODULE.git
    git submodule sync
    git submodule update --init --recursive

@Lauszus is the CI_TOKEN a personal access token?

@ashwinvis yes it is. I have updated my comment to make it more clear.

mm.. I am tempted to make a python script that does what @Lauszus suggests automatically for for all repositories defined in .gitmodules
@ericsciple what is the timeline for a real fix/improvement to the action?

@jleni here's a version that will checkout all repositories defined in .gitmodules :)

It works for both ssh and https:

- name: Checkout submodules using a PAT
  run: |
    git config --file .gitmodules --get-regexp url | while read url; do
      git config --file=.gitmodules $(echo "$url" | sed -E "s/[email protected]:|https:\/\/github.com\//https:\/\/${{ secrets.CI_PAT }}:${{ secrets.CI_PAT }}@github.com\//")
    done
    git submodule sync
    git submodule update --init --recursive

oh wow! that's awesome!! thanks!!

@tvainika the default token embedded in the main repo does not have access to fetch other private repositories. Instead if you supply token: ${{ secrets.MY_GITHUB_PAT }} then it should work.

The url in .gitmodules needs to be the https one for this to work.

Example .gitmodules

[submodule "module"]
    path = module
    url = https://github.com/example/module

Example action.yml

name: Test

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
        with:
          token: ${{ secrets.MY_GITHUB_PAT }}

      - name: Checkout submodules
        shell: bash
        run: |
          auth_header="$(git config --local --get http.https://github.com/.extraheader)"
          git submodule sync --recursive
          git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1

@samkit-jain yeah, that is why I ended up using my code above: https://github.com/actions/checkout/issues/116#issuecomment-573880976, as my private repositories use ssh and I do not want to change all my submodules just because of the CI.

@Lauszus +1 good point. i think adding inputs for ssh support + submodule support would create a generally frictionless experience for folks looking to checkout submodules.

As an alternative to @Lauszus solution to rewrite the .gitmodules file with the HTTP authentication info and a PAT, you could use this Action

https://github.com/webfactory/ssh-agent

You can generate an SSH keypair and add the public key to the repository you need access to (a normal Deploy Key) and then add the private key as a secret in your repo that's running the GH Action

I'm not suggesting this is great, but until there's native support for at least something resembling same-org mutual authentication for actions, this may be as good as it gets.

Similar to some of the comments above, I got it working with the following, where GITHUB_ACCESS_TOKEN is a personal access token in the format username:token, that is base64 encoded. Would be great for submodules and private submodules to be supported more directly.

git config --global url."https://github.com/".insteadOf "[email protected]:"
git submodule sync --recursive
git -c "http.extraheader=Authorization: basic ${GITHUB_ACCESS_TOKEN}" -c protocol.version=2 submodule update --init --force --recursive --depth=1

I got frustrated switching my submodules from SSH to HTTPS and dealing with PATs so I decided to build my own action for those wishing to checkout private or public submodules via SSH in their workflows: submodule-checkout

thanks to @alicia 's work, we also got private ssh submodules working! However, we ended up with a slightly different result:

on: push
jobs:
  check-elm:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Checkout submodules
      shell: bash
      run: |
        # From https://github.com/actions/checkout/issues/116#issuecomment-583221947
        git config --global url."https://github.com/".insteadOf "[email protected]:"
        git submodule sync --recursive
        git -c "http.extraheader=Authorization: basic ${{secrets.GITHUB_ACCESS_TOKEN}}" -c protocol.version=2 submodule update --init --force --recursive --depth=1
    - uses: actions/setup-node@v1
      with:
        node-version: '8.16.0'
    - run: npm run test

The main difference being ${{secrets.GITHUB_ACCESS_TOKEN}} rather than ${GITHUB_ACCESS_TOKEN}.

Please see https://github.com/actions/checkout/issues/81#issuecomment-585935021 for some background on why we chose to not implement support for submodules in the initial version of the v2 action.

And keep an eye on the pull requests for a document discussing what features we are looking at adding.

I tried

    steps:
    - uses: actions/checkout@v2
      with:
        token: ${{ secrets.RUNNER_TOKEN }}
        lfs: true
    - name: Checkout submodules
      shell: bash
      run: |
        auth_header="$(git config --local --get http.https://github.com/.extraheader)"
        git submodule sync --recursive
        git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1

but it fails due to LFS stuff:

Downloading [file in the submodule]
Error downloading object: file in the submodule: Smudge error: Error downloading file in the submodule: LFS: Client error: https://github-cloud.s3.amazonaws.com/[a very long URL]

Any ideas?

EDIT: Actually, the result is identical after removing the lfs: true line. Am I using that option wrong?
EDIT2: Replacing that last line with GIT_LFS_SKIP_SMUDGE=1 git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 did it for me.

@jleni here's a version that will checkout all repositories defined in .gitmodules :)

It works for both ssh and https:

- name: Checkout submodules using a PAT
  run: |
    git config --file .gitmodules --get-regexp url | while read url; do
      git config --file=.gitmodules $(echo "$url" | sed -E "s/[email protected]:|https:\/\/github.com\//https:\/\/${{ secrets.CI_PAT }}:${{ secrets.CI_PAT }}@github.com\//")
    done
    git submodule sync
    git submodule update --init --recursive

This solution seems to work perfectly for linux runners.
However, windows runners seem to have problems with the formatting the syntax.
I am being prompted with the following error:

Run git config --file .gitmodules --get-regexp url | while read url; do
At D:\a\_temp\c3191bea-0f4b-4580-bbb4-1ddf2bbfd947.ps1:2 char:68
+ git config --file .gitmodules --get-regexp url | while read url; do
+                                                                    ~
Missing statement body in do loop.
+ CategoryInfo          : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : MissingLoopStatement

Is this a problem with powershell formatting the commands incorrectly?
Do you have a workaround that works for windows runners too?

@766F6964 it does not work because it uses piping, while loop and and read which are available in bash. You should try https://github.com/actions/checkout/issues/116#issuecomment-583221947 instead.

@766F6964 it does not work because it uses piping, while loop and and read which are available in bash. You should try #116 (comment) instead.

I was not able to get this approach working for a windows runner either.
Maybe @Lauszus has a solution for this?

An input submodules has been added now. I merged to master, try it out and let me know. Collecting feedback and will update the v2 tag next week.

Also I'm hoping to merge support for SSH soon.

@ericsciple What tag can we use for now to test this?

master or the commit hash 422dc4567157f4d62b665a8a288310365b1d194b

[ never mind, submodule was added with ssh not https ]

@m-hilgendorf SSH support not added yet. Will add tomorrow.

You can probably use the hack git config --global url."https://github.com/".insteadOf "[email protected]:" (run before checkout)

Interesting question whether the checkout action should add those flags.

I created a new issue to collect feedback on the submodules input - in master now, will update v2 tag next week.

Also updated master with a new input ssh-key or when not using ssh, adds url.https://github.com/.insteadOf [email protected]:

@ericsciple -- just tried the new ssh-key param but no joy .. (the SSH private key that I'm passing in via Secret is one that works with the ssh-agent hack I described earlier in this thread)

2020-03-11T20:08:31.0562996Z Current runner version: '2.165.2'
2020-03-11T20:08:31.0564725Z Prepare workflow directory
2020-03-11T20:08:31.0791957Z Prepare all required actions
2020-03-11T20:08:31.0806683Z Download action repository 'actions/checkout@master'
2020-03-11T20:08:33.0116518Z Download action repository 'sfdx-actions/setup-sfdx@v1'
2020-03-11T20:08:33.2496238Z Download action repository 'nanasess/setup-chromedriver@master'
2020-03-11T20:08:40.5559823Z Download action repository 'actions/upload-artifact@v1'
2020-03-11T20:08:41.1828303Z ##[group]Run actions/checkout@master
2020-03-11T20:08:41.1828907Z with:
2020-03-11T20:08:41.1829353Z   lfs: true
2020-03-11T20:08:41.1831532Z   ssh-key: ***
2020-03-11T20:08:41.1831924Z   submodules: true
2020-03-11T20:08:41.1832300Z   repository: <redacted>
2020-03-11T20:08:41.1832778Z   token: ***
2020-03-11T20:08:41.1833150Z   ssh-strict: true
2020-03-11T20:08:41.1833521Z   persist-credentials: true
2020-03-11T20:08:41.1833910Z   clean: true
2020-03-11T20:08:41.1834281Z   fetch-depth: 1
2020-03-11T20:08:41.1834679Z ##[endgroup]
2020-03-11T20:08:41.6235786Z Added matchers: 'checkout-git'. Problem matchers scan action output for known warning or error strings and report these inline.
2020-03-11T20:08:41.6237082Z Syncing repository: <redacted>/patronsignup
2020-03-11T20:08:41.6237958Z Working directory is '/home/runner/work/patronsignup/patronsignup'
2020-03-11T20:08:41.6310463Z [command]/usr/bin/git version
2020-03-11T20:08:41.6458784Z git version 2.25.1
2020-03-11T20:08:41.6491554Z [command]/usr/bin/git lfs version
2020-03-11T20:08:41.7979462Z git-lfs/2.10.0 (GitHub; linux amd64; go 1.13.4)
2020-03-11T20:08:41.8001760Z Deleting the contents of '/home/runner/work/patronsignup/patronsignup'
2020-03-11T20:08:41.8013376Z [command]/usr/bin/git init /home/runner/work/patronsignup/patronsignup
2020-03-11T20:08:41.8095844Z Initialized empty Git repository in /home/runner/work/patronsignup/patronsignup/.git/
2020-03-11T20:08:41.8104612Z [command]/usr/bin/git remote add origin [email protected]:<redacted>/patronsignup.git
2020-03-11T20:08:41.8155136Z [command]/usr/bin/git config --local gc.auto 0
2020-03-11T20:08:41.8200346Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2020-03-11T20:08:41.8240012Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :
2020-03-11T20:08:41.8606381Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2020-03-11T20:08:41.8641874Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :
2020-03-11T20:08:41.8916066Z Temporarily overriding GIT_SSH_COMMAND="/usr/bin/ssh" -i "$RUNNER_TEMP/3e0953a3-c730-442d-9693-4efc5a4164fb" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/3e0953a3-c730-442d-9693-4efc5a4164fb_known_hosts"
2020-03-11T20:08:41.8921024Z [command]/usr/bin/git config --local core.sshCommand "/usr/bin/ssh" -i "$RUNNER_TEMP/3e0953a3-c730-442d-9693-4efc5a4164fb" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/3e0953a3-c730-442d-9693-4efc5a4164fb_known_hosts"
2020-03-11T20:08:41.8960017Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2020-03-11T20:08:41.9006512Z [command]/usr/bin/git lfs install --local
2020-03-11T20:08:41.9487647Z Updated git hooks.
2020-03-11T20:08:41.9488142Z Git LFS initialized.
2020-03-11T20:08:41.9510631Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +c485eed0d330b13b19d081fb186d2f35836986ae:refs/remotes/origin/master
2020-03-11T20:08:42.3528109Z ERROR: Repository not found.
2020-03-11T20:08:42.3535717Z ##[error]fatal: Could not read from remote repository.
2020-03-11T20:08:42.3539415Z 
2020-03-11T20:08:42.3540237Z Please make sure you have the correct access rights
2020-03-11T20:08:42.3540662Z and the repository exists.
2020-03-11T20:08:42.3541669Z The process '/usr/bin/git' failed with exit code 128

And my workflow YAML looks like

    steps:
      - uses: actions/checkout@master
        with:
          lfs: true
          ssh-key: ${{ secrets.SFDX_COMMON_SSH_KEY }}
          submodules: true

@daveespo thanks for trying it out! Let's troubleshoot on a new issue. Curious if you're using relative or absolute submodule URLs?

An input submodules has been added now. I merged to master, try it out and let me know. Collecting feedback and will update the v2 tag next week.

Also I'm hoping to merge support for SSH soon.

This is awesome! I have been using with our org's private actions. Works great! Using via HTTPS and token.

I created a new issue to collect feedback on the submodules input - in master now, will update v2 tag next week.

I can give my feekback it's all good now on our end use @master, although we have an interesting case in which for some reason adding a fresh new submodules and using v2 won't work while it did work before with a submodule that was located on the root folder of the repo hmmm, anway, all good now! Every submodule is working, please let us know when you'll have a tag ready so we can remove the dangeour master tag from CD/CI!

@ericsciple Any ETA when the submodules checkout will be merged, and become available under the v2 tag?

Thanks all for the feedback! I updated V2 to include the recent submodule/SSH changes from master.

im still facing /usr/bin/git config --global url.https://github.com/.insteadOf [email protected]: why is this forced? if we have our submodules configured on .gitmodules and use ssh why change it. Not sure if options are ok or doc not miss to explain it.

My config:

- name: Checkout
        uses: actions/checkout@v2
        with:
          ssh-key: ${{ secrets.GH_SSH_KEY }}
          submodules: recursive

FWIW this still doesn't seem to work for me neither with a private repository, using just

      - uses: actions/checkout@v2
        with:
          submodules: true

The log just says

##[error]fatal: repository 'https://github.com/xxx/yyy.git/' not found

but using the same URL with a test PAN from the command line works, so I have no idea what could be wrong here.

I've also tried using the master version, but with exactly the same result.

What worked: create new personal access token (PAT)

    steps:
    - name: Checkout
      uses: actions/checkout@v2
      with:
        token: ${{ secrets.MY_REPO_PAT }}
        submodules: recursive

Thanks, this is what we've ended up by doing, but it just seems strange that such a simple operation (fully checking out the repository with its submodules) doesn't work out of the box for private repositories. IMO it should at least be clearly mentioned in the README as I lost quite some time trying to understand why it didn't work.

I second that, this is really unclear in the README, I lost a lot of time debugging and scouring through issue pages too :cry:.

BTW, sorry if this is off-topic here, but what kind of tokens do people use in this case? AFAICS tokens are always associated with an account, i.e. give access to all the repositories the person has access to, which is not ideal, as it implies that the CI scripts of any of the private organizations I work with have access to all my other repositories, including those of the different private organizations.

We also looked at the deploy keys, but those can't be reused for the different repositories and we have recursive submodules in our submodule, so maintaining them all and using the correct key for each checkout would be a lot of fun that we'd rather avoid.

Is creating a specialized "CI" pseudo-user in each organization the only solution to be able to easily check out a private repository with its submodules?

@vadz I've personally set up an extra account in our organization, so it has access to all the private repositories, but without having access to my personal repositories.

I also use this account for different IoT devices to be able to access Github via ssh and tokend.

In case anyone comes here and none of the suggestions work, I finally figured out what caused this breakage for me: When you enable Actions it silently creates a PAT in your account. But if you have SAML/SSO enabled, while the token works for the main repo, it fails on submodules. That is until you go into Settings -> Developer -> PAT and enable SSO for the token.

Nothing I found mentioned this when search for the error messages in question.

Actions does not create a PAT in your account. The token we generate for each job is a GitHub App per repository token and can only read the repo that the workflow is defined in.

Thanks @chrispat for clarifying this, I was wondering why we didn't see this automatically created PAT in our organization. But as long as I'm writing this, I'd also like to say that, if you're taking enhancement suggestions, it would be great if it were (optionally) possible to generate these per-job tokens with access to all organization repositories and not just the current one too, as it's still very surprising that something as basic as checking out a repository with its submodules doesn't work out of the box when using actions.

Odd, I don't recall creating the token. It must have been made for one of the alternate solutions above. In which case the same applies - you need to click Enable SSO on the PAT to allow the solution here: https://github.com/actions/checkout/issues/116#issuecomment-573880976 to work.

And thus private submodules still don't "just work" with this action.

Just a side-note, that I tried several of these options and couldn't get them working.. But, it turns out I didn't include the correct permissions in my PAT. Just a reminder to make sure you're creating it correctly! :)

late to the party, but seems to be working with more recent versions, e.g. 2.3.1

    - uses: actions/[email protected]
      with:
        token: ${{secrets.PAT_MY_TOKEN}}
        submodules: recursive
        #lfs: true

Read only version:

  • create SSH keypair on your computer
  • add public part as deploy key to private submodule
  • add private key as secret in repo where action is triggered. E.g SSH_KEY
  • add Secret to env with
 env:
          SSH_KEY: ${{secrets.SSH_KEY}}
  • do this before pulling the submodules in the run configuration
mkdir $HOME/.ssh && echo "$SSH_KEY" > $HOME/.ssh/id_rsa && chmod 600 $HOME/.ssh/id_rsa

@b-m-f can you elaborate? What does your .yml look like?

Something like this?

jobs:
    build:
        runs-on: ubuntu-latest
        steps:
            - name: Fetch submodules
              shell: bash
              env:
                  SSH_KEY: ${{secrets.SSH_KEY}}
              run: |
                  mkdir $HOME/.ssh && echo "$SSH_KEY" > $HOME/.ssh/id_rsa && chmod 600 $HOME/.ssh/id_rsa 
                  git submodule update --init --recursive

Or are you using actions/[email protected]?

@b-m-f can you elaborate? What does your .yml look like?

Something like this?

jobs:
    build:
        runs-on: ubuntu-latest
        steps:
            - name: Fetch submodules
              shell: bash
              env:
                  SSH_KEY: ${{secrets.SSH_KEY}}
              run: |
                  mkdir $HOME/.ssh && echo "$SSH_KEY" > $HOME/.ssh/id_rsa && chmod 600 $HOME/.ssh/id_rsa 
                  git submodule update --init --recursive

Or are you using actions/[email protected]?

Below is my configuration. It works smoothly to fetch a theme from another repository. It uses the THEME_SSH key provided via the secrets and added as a deploy key in the theme repository.

Give me a few days and I will follow up this solution with a blog post.

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Trigger release build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          THEME_SSH: ${{secrets.THEME_SSH}}
        run: |
          mkdir $HOME/.ssh && echo "$THEME_SSH" > $HOME/.ssh/id_rsa && chmod 600 $HOME/.ssh/id_rsa && git submodule update --init --recursive && docker login docker.pkg.github.com -u $GITHUB_ACTOR --password $GITHUB_TOKEN && docker build . -t docker.pkg.github.com/b-m-f/blog

thanks @b-m-f ! Excited to see the blog post! 馃挴

Hi @stephencweiss,

You can find the article at https://ehlers.berlin/blog/private-submodules-in-github-ci/ :)

@b-m-f Tried out the steps in your blog post but it doesn't seem to work. Always get an error: [email protected]: Permission denied (publickey).

@b-m-f Tried out the steps in your blog post but it doesn't seem to work. Always get an error: [email protected]: Permission denied (publickey).

This was my fault, when I created my key I added a password.

@jleni here's a version that will checkout all repositories defined in .gitmodules :)

It works for both ssh and https:

- name: Checkout submodules using a PAT
  run: |
    git config --file .gitmodules --get-regexp url | while read url; do
      git config --file=.gitmodules $(echo "$url" | sed -E "s/[email protected]:|https:\/\/github.com\//https:\/\/${{ secrets.CI_PAT }}:${{ secrets.CI_PAT }}@github.com\//")
    done
    git submodule sync
    git submodule update --init --recursive

This worked for me. Thanks a lot! 馃憤

I keep getting the same error no matter what I try.

fatal: could not read Username for 'https://github.com': No such device or address
Was this page helpful?
0 / 5 - 0 ratings