Posted about 1 month ago. Visible to the public. Deprecated.

How to checkout submodules in Gitlab CI

Please prefer https://docs.gitlab.com/ee/ci/git_submodules.html with relative submodule paths

Accessing other repositories in Gitlab CI is not straight forward, since the access rights of the current pipeline might not be sufficient enough.

One approach is to use project access tokens and clone the repositories via HTTPS.

  • Create a project access token for all submodules you want to have access to with the setting read_repository
  • Add the secrets as environment variable to the main project you want to have access to submodules:
    • Protected false (depending on your security settings), masked true
    • Add the project access token

Example configuration for the project manager with two submodules customer_1 and customer_2:

Copy
image: name: "example.com/manager/ci:v1" before_script: # git clone without --recursive already happend - git submodule deinit --all --force # Enforce that the submodules are not cached before changing them - sed -i "s/git@code.example.com\/dev\/customer-1.git/https:\/\/gitlab-ci-token:$CI_CUSTOMER_1_ACCESS_TOKEN@code.example.com\/dev\/customer-1.git/" .gitmodules - sed -i "s/git@code.example.com\/dev\/customer-2/https:\/\/gitlab-ci-token:$CI_CUSTOMER_2_ACCESS_TOKEN@code.example.com\/dev\/customer-2.git/" .gitmodules - git submodule init - git submodule update - bundle install rspec: script: - bundle exec rake db:create db:migrate - bundle exec rspec

This approach requires you to touch your CI configuration every time the gitmodules change. You also might prefer to remove the .gitmodules file entirely after the deinit and add the submodules one per line instead of using sed:

Copy
git submodule deinit --all --force rm .gitmodules git submodule add https://gitlab-ci-token:$CI_CUSTOMER_1_ACCESS_TOKEN@code.example.com/dev/customer-1.git customer-1 git submodule add https://gitlab-ci-token:$CI_CUSTOMER_2_ACCESS_TOKEN@code.example.com/dev/customer-2.git customer-2 git submodule update

Example error message when you try to clone via SSH with insufficient access rights:

Copy
Cloning into '/builds/manager/customer-1'... Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. fatal: clone of 'git@code.example.com/dev/customer-1.git' into submodule path '/builds/manager/customer-1' failed

Does your version of Ruby on Rails still receive security updates?
Rails LTS provides security patches for old versions of Ruby on Rails (3.2 and 2.3).

Owner of this card:

Avatar
Emanuel De
Last edit:
about 1 month ago
by Emanuel De
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Emanuel De to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more