Circleci: Private git subdmodule with AWS ECR orb

Question

I have the following config.yml for a circleci build which works well it's using the aws-ecr and aws-ecs orbs.

version: 2.1
    orbs:
      aws-ecr: circleci/aws-ecr@0.0.2
      aws-ecs: circleci/aws-ecs@0.0.3
    workflows:
      build-deploy:
        jobs:
          - aws-ecr/build_and_push_image:
              account-url: "myaccount.amazonaws.com"
              repo: "my/repo"
              region: us-east-1
              tag: "${CIRCLE_BRANCH}"
              filters:
                branches:
                  only: mybranch

The problem is this repo contains a .gitmodules file which pulls in a private subdmodule. I can't seem to figure out how to override/extend the orb to run additionally circleci equivalent of

git submodule update --init

I have tried adding this to the dockerfile, but then i get

Permission denied (publickey).

fatal: Could not read from remote repository.

note: the dockerfile builds fine locally, since local docker inject my git key automagically

I tried reconfiguring the orb job into steps also, i.e.

version: 2.1
orbs:
  aws-ecr: circleci/aws-ecr@0.0.2
  aws-ecs: circleci/aws-ecs@0.0.3
workflows:
  build-deploy:
    jobs:
      - lb_build_and_push_image:
        steps:
          - add_ssh_keys:
              fingerprints:
                - "my:fin:ger:print"
          - aws-ecr/build_and_push_image:
              account-url: "account.amazonaws.com"
              repo: "my/repo-backend"
              region: us-east-1
              tag: "${CIRCLE_BRANCH}"
              filters:
                branches:
                  only: mybranch

...where fingerprint is from the 'user key' in ssh checkout keys. I've tried various configurations of jobs/steps.

And schema always fails with usual message of:

Error: ERROR IN CONFIG FILE:
[#/workflows/build-deploy/jobs/0] 0 subschemas matched instead of one
1. [#/workflows/build-deploy/jobs/0] expected type: String, found: Mapping

does anyone have pointers on how to proceed, what the right config might be, or just general pointers of how to move forward in troubleshooting? any insight much appreciated.

baku · Accepted Answer

this was the eventual solution. newer release of aws-ecr orb supplies commands for steps

version: 2.1
orbs:
  aws-ecr: circleci/aws-ecr@4.0.1
  aws-ecs: circleci/aws-ecs@0.0.3
  aws-cli: circleci/aws-cli@0.1.1

jobs:
  build_and_push_image:
    docker:
      - image: circleci/python:3.7.1
    steps:
      - checkout
      - run:
          name: "Pull Submodules"
          command: |
            git submodule init
            git submodule update --remote
      - setup_remote_docker
      - aws-ecr/build-image:
          repo: "my/repo"
          tag: "${CIRCLE_BRANCH}"
      - aws-cli/install
      - aws-ecr/ecr-login
      - aws-ecr/push-image:
          repo: "my/repo"
          tag: "${CIRCLE_BRANCH}"

however, this did rely on updates to aws orb, i would be interested if there was another way to solve this, assuming those steps had not been exposed as commands

Circleci: Private git subdmodule with AWS ECR orb

Answers (2)

Related Questions