Docker Hub and git submodules

Question

I have a repository that uses git submodules, and I configured the automated build on Docker Hub. At the beginning of the build process, it looks like Docker Hub pulls the repository from the default branch (master), update submodules and then checkout to the particular branch (let's say branch feature-a) that triggered the build. It works fine if feature-a branch has the very same submodules as master, but if the submodules are different (let's say, pull one submodule from a different repo), the build fails.

Is there a way to make Docker Hub clone the correct branch directly?

Answer 1

SSH_PRIVATE sugested by Clintm (and in official documention) doesn't work for us. As far as I understand, this is because Docker hub interface to set environment variables doesn't allow to fill in a line break (!?)

I spent time on my side to find a workaround that match with our needs and it works for us.
I let it here if it can help some of you.

/hooks/post_checkout

#!/bin/bash

# Docker documentation to set up private git submodule for build does not work
# since it's not possible to set environment variable with line break in Docker
# Hub interface. It makes impossible to set SSH_PRIVATE as suggested here:
# https://docs.docker.com/docker-hub/builds/#build-repositories-with-linked-private-submodules
#
# To use the script below:
# - As suggested in the official doc, generate a keypair and push the public
#   part to your source code provider account
# - In Docker Hub build configuration, set var SSH_PRIVATE_ESCAPED with the output of
#   `awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' /path/to/the/private/key`

SSH_PRIVATE_FILE=~/git_id_rsa

echo "${SSH_PRIVATE_ESCAPED}" | awk '{gsub(/\\n/,"\n")}1' > "${SSH_PRIVATE_FILE}"
chmod 0400 "${SSH_PRIVATE_FILE}"
export GIT_SSH_COMMAND="ssh -i ${SSH_PRIVATE_FILE}"

git submodule update --init

Answer 2

You need to use hooks: https://docs.docker.com/docker-hub/builds/advanced/#custom-build-phase-hooks

TL;DR: Place this in hooks/post_checkout:

#!/bin/bash
# Docker hub does a recursive clone, then checks the branch out,
# so when a PR adds a submodule (or updates it), it fails.
git submodule update --init

Answer 3

It might be failing because the submodule is private.

You can add a build environment variable SSH_PRIVATE. And add a private key with access to the private submodule repository.

A word of caution though… you may want to generate a diff private key than the one you use for anything else and add that to the private submodules repo.

Edit: This is required even if your linked github account has access to the repo because you're most likely specifying the submodule url as ssh based (e.g. git@github.com:Account/repo.git)

Edit2: Adding docs https://docs.docker.com/docker-hub/builds/#build-repositories-with-linked-private-submodules