2

I have a git repository with git sub-module, which linked to another git repository.

main-repo
-> file1.txt
-> submodule-repo
  -> file2.txt

I created a Google Cloud Build trigger that has permissions to main-repo.

In order to load the submodule-repo repository, I added this command to the build instructions:

steps:
- name: gcr.io/cloud-builders/git
  args: ['submodule', 'update', '--init', '--recursive']
  ...

And it fail in this stage. Why? permissions problem:

Submodule 'XXX' (XXX) registered for path '***' Cloning into '/workspace/XXX'... ssh: Could not resolve hostname c: Name or service not known fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

The read permission I gave Google is for the main-repo git repository. Since I can give access only for one repository, I can't give another permission for the submodule-repo repsoitory.

How I can use Google Cloud Build to build an git repository with git sub-module?

No1Lives4Ever
  • 6,430
  • 19
  • 77
  • 140
  • It might be that you have to run some steps that execute script to give your git command permissions to access the sub-module .... this might hold some clues. https://stackoverflow.com/questions/13509293/git-fatal-could-not-read-from-remote-repository – Kolban Aug 17 '20 at 15:50
  • `Could not resolve hostname c:` I guess you are working on Windows OS and your submodule paths are absolute right? Can you try with relative path? – guillaume blaquiere Aug 18 '20 at 08:29

1 Answers1

1

I did the following and it's working for me: I followed these instructions to access my private repo from google cloud:

  1. Create an SSH key
  2. Store the private SSH key in Secret Manager
  3. Add the public SSH key to your private repository's deploy keys (if you need to access more than one repo, create a user or use an existing user who has access to these repos and put the deploy key in this account, not in the repo itself > from GitHub account > settings > SSH keys)
  4. Grant permissions to Cloud Build service account to access Secret Manager
  5. Add the public SSH key to known hosts (I stored the public key as a variable in cloud build and you can use GitHub secret to store it)

*Use this command to get the public key and don't copy it from .pub file

ssh-keyscan -t rsa github.com > known_hosts.github

Then these steps in the cloud build file:

- name: 'gcr.io/cloud-builders/git'
  secretEnv: ['SSH_KEY']
  entrypoint: 'bash'
  args:
  - -c
  - |
    echo "$$SSH_KEY" >> /root/.ssh/id_rsa
    chmod 400 /root/.ssh/id_rsa
    echo ${_SSH_PUBLIC_KEY} >> /root/.ssh/known_hosts
  volumes:
  - name: 'ssh'
    path: /root/.ssh

- name: 'gcr.io/cloud-builders/git'
  entrypoint: 'bash'
  args:
   - '-c'
   - |
      git submodule init
      git submodule update
  volumes:
  - name: 'ssh'
    path: /root/.ssh

availableSecrets:
  secretManager:
  - versionName: projects/[GCP_Project]/secrets/[SECRET_NAME]/versions/latest
    env: 'SSH_KEY'
Mhm0ud
  • 123
  • 7