Issues with ssh for github actions with private submodules

  docker, git, git-submodules, github-actions, ssh

I have a cmake action configured, for a c++ repo with some private submodules. The workflow is

name: CMake

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

env:
  BUILD_TYPE: Release

jobs:
  build:
    runs-on: user/myimage:latest

    steps:
    - uses: actions/[email protected]

    - name: Configure CMake
      with:
          run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}

    - name: Build
      # Build your program with the given configuration
      run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}

    - name: Test
      working-directory: ${{github.workspace}}/build
      run: ctest -C ${{env.BUILD_TYPE}}   

When I configure the build from docker, it will create a Deploy key, that can manage cloning the main repo only. But it is not able to clone the private submodules, as pointed out here: https://docs.docker.com/docker-hub/builds/#build-repositories-with-linked-private-submodules

In that same link, they suggest using a BUILD ENVIRONMENT KEY for SSH_PRIVATE. So I did that. I used my own ssh key pair, and it didn’t work. I created a new ssh only for the action build, added the public key to my account and copied the private key to the docker environment key, and it didn’t work neither. By doing that, not even the main repo was able to be cloned:

ERROR MSG:

Cloning into '.'...
Warning: Permanently added the RSA host key for IP address '140.82.112.4' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
please ensure the correct public key is added to the list of trusted keys for this repository (128)

I also tried passing my ssh-key in the actions as a github secret (without success):

    steps:
    - uses: actions/[email protected]
      with:
        ssh-key: ${{secrets.SSH_PRIVATE_KEY}}

My last attempt (without success) was to create a Personal Acces Token for the docker build and pass it via:

    steps:
    - uses: actions/[email protected]
      with:
        token: ${{ secrets.GITHUB_PAT}}

Does anyone know what else can I try?

Source: Docker Questions

LEAVE A COMMENT