Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fails because of no rights in private submodule

See original GitHub issue

Behaviour

I am trying to build a docker image and push it to AWS ECR. Before I had the private submodule included into my git repository it worked perfectly. Now I included a private submodule which has further public submodules. And I get the error, that it has no rights to clone the submodule. Using the checkout action and providing a Personal Access Token it works fine. I don’t need the submodule for building the docker image, so I also would be fine to disable cloning the submodule.

Steps to reproduce this issue

Run the workflow
Crashes at docker/build-push-action@v3 step

Expected behaviour

Should either not clone the submodule or clone it without failing

Actual behaviour

Crashes at docker/build-push-action@v3 step and does not build and publish the image

Configuration

name: Build docker image
on: workflow_dispatch

env:
  AWS_REGION: ...

jobs:
  build:
    name: Build docker image
    runs-on: ubuntu-latest
    steps:
      - uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}
      - uses: aws-actions/amazon-ecr-login@v1

      # This is not nessessary, but just to show how I use actions/checkout which works fine
      - uses: actions/checkout@v3
        with:
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN_GITHUB }}
          submodules: recursive

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Build, tag, and push image to Amazon ECR
        uses: docker/build-push-action@v3
        with:
          push: true
          tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/...:latest
          file: docker/.../Dockerfile
          platforms: linux/amd64,linux/arm64
          github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN_GITHUB }}

Logs

#1 [internal] load git source https://github.com/[...]/[...].git#[sha]
#0 0.046 Initialized empty Git repository in /var/lib/buildkit/runc-overlayfs/snapshots/snapshots/1/fs/
#0 0.106 fatal: Not a valid object name [sha]^{commit}
#1 5.366 From https://github.com/[...]/[...]
# [lists a lot of branches/tags here]

#1 5.702 Submodule '[...]/[...]' (git@github.com:[...]/[...].git) registered for path '[...]/[...]'
#1 5.706 Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/[...]/[...]'...
#1 6.037 Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
#1 6.209 git@github.com: Permission denied (publickey).
#1 6.209 fatal: Could not read from remote repository.
#1 6.209 
#1 6.209 Please make sure you have the correct access rights
#1 6.209 and the repository exists.
#1 6.210 fatal: clone of 'git@github.com:[...]/[...].git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/[...]/[...]' failed
#1 6.210 Failed to clone '[...]/[...]'. Retry scheduled
#1 6.212 Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/[...]/[...]'...
#1 6.658 git@github.com: Permission denied (publickey).
#1 6.658 fatal: Could not read from remote repository.
#1 6.658 
#1 6.658 Please make sure you have the correct access rights
#1 6.658 and the repository exists.
#1 6.659 fatal: clone of 'git@github.com:[...]/[...].git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/[...]/[...]' failed
#1 6.660 Failed to clone '[...]/[...]' a second time, aborting
#1 ERROR: failed to update submodules for https://github.com/[...]/[...].git: exit status 1

Issue Analytics

State:
Created 10 months ago
Comments:7 (5 by maintainers)

Top GitHub Comments

1reaction

crazy-maxcommented, Dec 4, 2022

  /usr/bin/git config --global --add url.https://github.com/.insteadOf git@github.com:
  /usr/bin/git config --global --add url.https://github.com/.insteadOf org-[...]@github.com:

Looks like this is what we need in BuildKit. cc @tonistiigi

0reactions

kalanyuzcommented, Dec 23, 2022

I’m experiencing the exact same issue @crazy-max. However, I do need submodules for the build and cannot use ssh key. Is there a workaround for this?

Top Results From Across the Web

github - Git Submodule - Permission Denied - Stack Overflow

Access: Ensure that either: (1) you're cloning a public repo or (2) it's private, but your github account has access. Diagnose with ssh...

prebuild initializer: git fetch -p -P . tags -f failed" #9280 - GitHub

I suspect that these combinations are not working because my user has permission to access the private submodule and does not use an...

Permission denied with submodules (#218995) · Issues - GitLab

Summary. When i try to run git clone --recursive git@xxxx-gitlab:xxxx-project using ssh key with passphrase it reply Permission denied error ...

Go failed to clone my repository with submodule

My GoCD is installed the latest one 16.1.0. The error shows: Material update failed for material 'MyRave' because: Working directory: pipelines/flyweight/ ...

Stored git credentials not used when submodule is updated

fatal: Authentication failed for 'https://github.com/xxx.git/' ... efforts mainly because the only sensible workaround (copying keys) is not permitted for ...