[SOLVED] Azure pipeline with submodules and docker

Issue

I want to deploy an application which contains a submodule to a docker registry. The setup without the submodules works as expected.

I tried adding checkout: self and submodule: true to the job running the Docker tasks (see yaml below).

This produces the error message [email protected]: Permission denied (password,publickey).

trigger:
- main  

variables:
  dockerRegistryServiceConnection: <serviceconnection>
  imageRepository: <imageRepo>
  containerRegistry: <registry>
  dockerfilePath: <path>
  tag: <tag>

  vmImageName: 'ubuntu-latest'

stages:
- stage: Build
  displayName: Build and push stage
  jobs:
  - job: Build
    displayName: Build
    pool:
      vmImage: $(vmImageName)
    steps:
    - checkout: self
      submodules: true
    - task: Docker@2
      displayName: Build and push an image to container registry
      inputs:
        command: buildAndPush
        repository: $(imageRepository)
        dockerfile: $(dockerfilePath)
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: |
          $(tag)
    - task: Docker@2
      displayName: Build and push an image to container registry (latest)
      inputs:
        command: buildAndPush
        repository: $(imageRepository)
        dockerfile: $(dockerfilePath)
        containerRegistry: $(dockerRegistryServiceConnection)
        tags: latest

Why do I need to authenticate towards a repo in the same project? Is there a way to add a ssh authentication to the yaml or to usse https cloning instead of ssh?

EDIT: I tried changing the .gitmodules file to point towards the https clone url, and I still get authentication problems.

fatal: could not read Username for 'https://dev.azure.com':

EDIT2: After adding persistCredentials: true to the checkout step I get a new error:

remote: TF401019: The Git repository with name or identifier <subrepo_here> 
does not exist or you do not have permissions for the operation you are attempting.

The link is correct so I assume that the error is due to permissions.

I made sure to double check the permission for the repo:

I believe the issue is due to the Project Settings:

Edit3: Right place, wrong toggle. See answer.

Solution

Turns out the issue was related to project settings, however, it was not the "Limit job authorization scope to current project for release pipelines" settings, but rather "Protect access to repositories in YAML pipelines", When toggled off, the pipeline was able to clone the subrepository.

Answered By - Haukland

Answer Checked By - Katrina (WPSolving Volunteer)