gitgithubgithub-actions

How to checkout submodule in GitHub action?

I've got a repository with a submodule and I'm creating a build when I push to certain branches or tags. The problem I have is that my checkout step cannot access my submodule. The setup is:

  1. Both repositories are on GitHub.
  2. I'm the owner of both repositories.
  3. Both repositories are private.
  4. The repositories are only accessible with ssh (https disabled).

I've tried using the GitHub Action actions/checkout@v2 to no avail. As can be seen below I've tried using the 'ssh-key' option where I've added the public key to the the submodules repositories deploy keys and the private key to the secrets of the repository where I run the action. I get the following error messages:

Fetching the repository
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin __myrepo__
  ERROR: Repository not found.
  Error: fatal: Could not read from remote repository.
  
  Please make sure you have the correct access rights
  and the repository exists.
  The process '/usr/bin/git' failed with exit code 128
  Waiting 13 seconds before trying again
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin __myrepo__
  ERROR: Repository not found.
  Error: fatal: Could not read from remote repository.
  
  Please make sure you have the correct access rights
  and the repository exists.
  The process '/usr/bin/git' failed with exit code 128
  Waiting 19 seconds before trying again
  /usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin __myrepo__
  ERROR: Repository not found.
  Error: fatal: Could not read from remote repository.
  
  Please make sure you have the correct access rights
  and the repository exists.
  Error: The process '/usr/bin/git' failed with exit code 128

I've tried with and without the ssh-key as well as with true and recursive option on submodules. The destination of the submodule is in a directory called src. The checkout step in my workflow is the following:

Step-01:
  runs-on: ubuntu-18.04
  steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
        submodules: 'true'
        ssh-key: ${{ secrets.PRIVATE_KEY_FOR_DEPLOY_KEY_IN_SUBMODULE }}

The .gitmodules is:

[submodule "name"]
    path = src/name
    url = git@github.com:user/repository.git
    branch = master

I'm very new to GitHub Actions (CI/CD overall) and not super comfortable with submodules so I may very well have made some basic mistakes.

Solution

  • I finally got it working, completely thanks to this.

    To clarify the situation SAML SSO is enforced. So instead of using SSH to try and access the submodule I used a personal access token (PAT) where the SSO has been authorized.

    What I did:

    1. I generated a PAT in account settings.
    2. I enabled SSO and authorized it.
    3. I added the token in the repository (that wants to access the submodule) secrets.
    4. I updated the workflow to the following (just change the ssh-key line).
    Step-01:
  runs-on: ubuntu-18.04
  steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
        submodules: 'true'
        token: ${{ secrets.PAT_TOKEN }}