1

I'm trying to configure gitlab-runner for my project (baseProject) using shell executor. My project has two submodules: submoduleOne and submoduleTwo. This is how my .gitmodules looks like:

[submodule "lib/submoduleOne"]
path = lib/submoduleOne
url = ../submoduleOne.git
[submodule "third_party/submoduleTwo"]
path = third_party/submoduleTwo
url = ../submoduleTwo.git

And this is how relevant part of my .gitlab-ci.yml looks like:

stages:
    - preparation
clean:
    stage: preparation
    script:
        - eval $(ssh-agent -s)
        - ssh-add ~/.ssh/submoduleOne
        - ssh-add -l
        - git submodule update --init -- lib/submoduleOne
        - ssh-add -D
        - ssh-add ~/.ssh/submoduleTwo
        - ssh-add -l
        - git submodule update --init -- third_party/submoduleTwo
        - ./setup_project.sh

Public keys ~/.ssh/submoduleTwo and ~/.ssh/submoduleOne are added to the respective projects in gitlab as "deploy keys" and the fingerprints match. Both projects seem to be configured in the same way.

Yet, the job fails and the output is:

Running with gitlab-runner 11.0.0 (5396d320)
  on wawsrvbuild70 3295e1f6
Using Shell executor...
Running on wawsrvbuild70...
Fetching changes...
HEAD is now at 5e3be99 CI test
From https://gitlab01.mydomain.pl/Group/baseProject
   5e3be99..0029318  p.czechows2/configure-gitlab-ci#1038 -> origin/p.czechows2/configure-gitlab-ci#1038
Checking out 00293180 as p.czechows2/configure-gitlab-ci#1038...
Skipping Git submodules setup
$ eval $(ssh-agent -s)
Agent pid 18755
$ ssh-add ~/.ssh/submoduleOne
Identity added: /home/gitlab-runner/.ssh/submoduleOne (/home/gitlab-runner/.ssh/submoduleOne)
$ ssh-add -l
4096 27:f5:e5:86:af:a7:7a:aa:52:03:b1:6d:05:72:56:29 /home/gitlab-runner/.ssh/submoduleOne (RSA)
$ git submodule update --init -- lib/submoduleOne
$ ssh-add -D
All identities removed.
$ ssh-add ~/.ssh/submoduleTwo
Identity added: /home/gitlab-runner/.ssh/submoduleTwo (/home/gitlab-runner/.ssh/submoduleTwo)
$ ssh-add -l
4096 89:aa:68:f9:88:72:4c:cf:8a:a3:c7:7e:34:92:91:6b /home/gitlab-runner/.ssh/submoduleTwo (RSA)
$ git submodule update --init -- third_party/submoduleTwo
Cloning into 'third_party/submoduleTwo'...
fatal: Authentication failed for 'https://gitlab-ci-token:yXkvnfXZadABF4FZWTSb@gitlab01.mydomain.pl/Group/submoduleTwo.git/'
Clone of 'https://gitlab-ci-token:yXkvnfXZadABF4FZWTSb@gitlab01.mydomain.pl/Group/submoduleTwo.git' into submodule path 'third_party/submoduleTwo' failed
ERROR: Job failed: exit status 1

This token yXkvnfXZadABF4FZWTSb is I think the token I gave to gitlab-runner while configuring it for the baseProject. But I'm not sure where to check this. Also, changing the order of submodules initialization won't help: the problem is still with submoduleTwo. So my question is: why wouldn't gitlab-runner use the private key stored in ssh-agent for cloning this repository? or maybe I've made a mistake somewhere? Suggestions for how to configure submodules initialization in gitlab-runner differently are also welcome.

Przemysław Czechowski
  • 698
  • 6
  • 18
  • Have you thought about using `GIT_SUBMODULE_STRATEGY: recursive` in the `.gitlab-ci.yml` instead? [relevant documentation](https://docs.gitlab.com/ee/ci/git_submodules.html#using-git-submodules-in-your-ci-jobs) – Rekovni Jul 19 '18 at 10:11
  • @Rekovni Well, in this case I cannot specify authorisation for each submodule, right? It will try to use the default token for every submodule, and this won't work. Anyway, I used that once while trying to solve this problem and it didn't work. I don't remember what was the error exactly – Przemysław Czechowski Jul 19 '18 at 10:39

0 Answers0