I try to checkout the git submodules via ssh instead of https (default if you use "Checkout submodules") in an Azure DevOps Pipeline. With the option in the picture it works - but for the developers it's annoying to enter the password all the time if they are working with the repository.
For that I used the following instructions to add the ssh key. I created a public and a private key, and copied the known_host entry.
That's my YAML file snippet:
stages:
- stage: DeployBackend
jobs:
- job: SSH
steps:
- task: InstallSSHKey@0
inputs:
knownHostsEntry: $(known_host)
sshPublicKey: $(public_key)
sshKeySecureFile: 'private_key_file'
- job: Deploy
steps:
- checkout: self
submodules: true
- script: |
-- here I run all docker commands to build the container and push it to Azure --
displayName: "Deploy"
If I use the SSH keys to clone the repository to my local computer I have no issues. But if I run the pipeline it will crash at the submodule checkout:
Please make sure you have the correct access rights and the repository exists. fatal: clone of '[email protected]:v3/repoLink' into submodule path '/home/vsts/work/1/s/app/submoduleFolder' failed Failed to clone 'app/submoduleFolder'. Retry scheduled Cloning into '/home/vsts/work/1/s/app/submoduleFolder'... Host key verification failed. fatal: Could not read from remote repository.
That's the .gitmodules
file in the repo - it works without any issues locally:
[submodule "app/subModuleName"]
path = app/subModuleName
url = [email protected]:v3/***/subModuleName
branch = master
I even wrote the id_rsa
, known_hosts
and id_rsa.pub
files into .ssh
with a script, but it seems like they are not even used for ssh verification.