1

Please bear with the nesting, but I am unable to clone a submodule in a docker image in a jenkins organization job. Non-submodule builds succeed. I used the credentials plugin to store my passphrase and username from GitHub (where I have 2-factor enabled) in this fresh Jenkins instance.

My Jenkinsfile pipeline is very minimal:

node('master') {
  stage('Build') {
    docker.image('jenkins-base-image:latest').inside {
      sh """git submodule update --init path/to/submodule"""
    }
  }
}

The submodule clone works fine when performed manually, but fails within this job with errors of the sort:

+ git submodule update --init path/to/submodule
Cloning into '/var/lib/jenkins/workspace/55JPWTVF2QHKJYTPLJOHZLDO2T3KKXKJT5SKLQUNMNOJBXMQ2TQ/path/to/submodule'...
fatal: could not read Username for 'https://github.com': No such device or address
fatal: clone of 'something.git' into submodule path '/var/lib/jenkins/workspace/J55JPWTVF2QHKJYTPLJOHZLDO2T3KKXKJT5SKLQUNMNOJBXMQ2TQ/path/to/submodule' failed
Failed to clone 'path/to/submodule'. Retry scheduled

I tried removing and re-adding the submodules with SSH equivalent ones but the issue persists.

Dependencies:

  • Jenkins version: 2.107.2
  • Ubuntu version: 16.04LTS
  • Ubuntu docker version: 14.04LTS
  • I tried to make use of very few plugins and am not sure how to track which plugins are being used for this default organization job.

Likely irrelevant, but the global Jenkins config shows warning:

There is no credentials with admin access to manage hooks on GitHubRepositoryName[host=github.com,username=myco,repository=abcd]

Again the top-level repo cloned via the job just fine.

tarabyte
  • 17,837
  • 15
  • 76
  • 117
  • those ssh keys won't be of any use if the .gitmodules has https URLs in it. So first, as I was saying: "Check your `.gitmodules in the repo being cloned" – VonC Apr 24 '18 at 18:07
  • the .gitmodules file has SSH urls ```[submodule "abcd"] path = abcd url = git@github.com:myco/abcd.git```. i've tested with HTTPS ones as well. the issue now seems to happen regardless of using a docker container. investigating... – tarabyte Apr 24 '18 at 18:24
  • Are those submodule repos have themselves submodule of their own, with this time https URL in their own .gitmodules? – VonC Apr 24 '18 at 18:25
  • No, the submodules are only their own repo. No additional nesting. – tarabyte Apr 24 '18 at 18:27
  • it seems an SSH key generated WITHOUT a passphrase is at least one requirement for Jenkins. – tarabyte Apr 24 '18 at 19:04
  • It is easier, yes: no ssh-agent to put in place. – VonC Apr 24 '18 at 19:05

1 Answers1

0

Check your .gitmodules in the repo being cloned: if that file references a submodule with an https URL, it will need credentials (if this is a private repo)

In which case, it will need those credentials cached.
As mentioned in "How to bake credential into docker image for git?", adding lib-secret or trying an SSH URL (declared in the .gitmodules) will help.
Provided that you have copied the right public/private SSH keys to your image.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • @tarabyte those ssh keys won't be of any use if the .gitmodules has https URLs in it. So first, as I was saying: "Check your `.gitmodules in the repo being cloned" – VonC Apr 24 '18 at 18:07