Gitlab-ci deal with external submodules over SSH

If you work with git submodules from different providers assembled in a gitlab-ci pipeline, you might have been confronted with the following devOps dilemma: “How to deal with submodules your devs are used to interact with using SSH

Context

Say some some_app’s building relies on some_module_from_github

some_app/
    src/
        some_module/
        some_module_from_github/ @a086db01

While working on some_app, you want to be able to simultaneously work on some_module_from_github in the most natural way possible. That is: using SSH key authentication for your commits. In this context, .gitmodules would look like this:

[submodule "src/some_module_from_github"]
	path = src/some_module_from_github
	url = git@github.com:zar3bski/some_module_from_github.git

However, Gitlab-ci is a bit limited when it comes to submodules. Despite the addition of GIT_SUBMODULE_STRATEGY, you probably experienced the following while trying to integrate external submodules to your pipelines

...
Failed to clone 'src/some_module_from_github'. Retry scheduled
Cloning into '/builds/zar3bski/zarebski_site/src/nest'...
Cloning into '/builds/zar3bski/zarebski_site/src/some_module_from_github'...
error: cannot run ssh: No such file or directory
fatal: unable to fork
fatal: clone of 'git@github.com:zar3bski/some_module_from_github.git' into submodule path '/builds/zar3bski/zarebski_site/src/some_module_from_github' failed
Failed to clone 'src/some_module_from_github' a second time, aborting
...

Deal with submodules yourself!

The only option you have is to set things

  1. generate a key pair
  2. record the git server hosting the submodule (in this example, github) to a known_hosts file alongside with the rest of your source code
some_app/
    src/
        some_module/
        some_module_from_github/ @a086db01
    utils/
        .ssh/
            known_hosts
            id_ed25519.pub

.gitlab-ci.yml

build:
  stage: build
  image: python:3.8-buster
  before_script:
    - apt-get update
    - cp -r utils/.ssh ~/.ssh
    - touch ~/.ssh/id_ed25519
    - echo $id_ed25519 > ~/.ssh/id_ed25519
    - chmod 600 ~/.ssh/id_ed25519
    - git submodule update --init --recursive
    - echo "using the current submodule versions"
    - git submodule status
  script: 
    - some build logic