[SOLVED] Checkout git submodule in Azure Pipeline with SSH

Issue

I try to checkout the git submodules via ssh instead of https (default if you use "Checkout submodules") in an Azure DevOps Pipeline. With the option in the picture it works - but for the developers it's annoying to enter the password all the time if they are working with the repository.

For that I used the following instructions to add the ssh key. I created a public and a private key, and copied the known_host entry.

That's my YAML file snippet:

stages:
- stage: DeployBackend
jobs:
  - job: SSH
    steps:
      - task: InstallSSHKey@0
        inputs:
          knownHostsEntry: $(known_host)
          sshPublicKey: $(public_key)
          sshKeySecureFile: 'private_key_file'
  - job: Deploy
    steps:
      - checkout: self
        submodules: true
      - script: |
          -- here I run all docker commands to build the container and push it to Azure --
        displayName: "Deploy"

If I use the SSH keys to clone the repository to my local computer I have no issues. But if I run the pipeline it will crash at the submodule checkout:

Please make sure you have the correct access rights and the repository exists. fatal: clone of '[email protected]:v3/repoLink' into submodule path '/home/vsts/work/1/s/app/submoduleFolder' failed Failed to clone 'app/submoduleFolder'. Retry scheduled Cloning into '/home/vsts/work/1/s/app/submoduleFolder'... Host key verification failed. fatal: Could not read from remote repository.

That's the .gitmodules file in the repo - it works without any issues locally:

[submodule "app/subModuleName"]
    path = app/subModuleName
    url = [email protected]:v3/***/subModuleName
    branch = master

I even wrote the id_rsa, known_hosts and id_rsa.pub files into .ssh with a script, but it seems like they are not even used for ssh verification.

Solution

The solution is to do all the tasks in one job. Variables are not shared between different job instances.

This works:

jobs:
    - job: jobName
      steps:
        - task: AzureKeyVault@1
          inputs:
            azureSubscription: '***'
            KeyVaultName: '***'
          displayName: "Read Secrets from KeyVault"
        - task: InstallSSHKey@0
          inputs:
            knownHostsEntry: $(known_host)
            sshPublicKey: $(public_key)
            sshKeySecureFile: 'private_key_file'
          displayName: "Create SSH files"
        - script: |
            git clone --recurse-submodules [email protected]:v3/****
            git submodule update --init --recursive
            docker login -u $(userName) -p $(password) ***
            docker build ****
            docker push ****
          displayName: "Build and Push Docker Container"

Answered By - Sam_Ste