dokku: private git submodule fails

I’m trying to deploy a repo with a private submodule. It fails of course.

git push dokku@localhost:dokku.example.com master
Counting objects: 8, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (6/6), 655 bytes, done.
Total 6 (delta 3), reused 4 (delta 1)
-----> Cleaning up ...
-----> Building dokku.example.com ...
remote: HEAD is now at 2e28837... submodule for testing
remote: Host key verification failed.
remote: fatal: The remote end hung up unexpectedly
remote: Clone of 'git@github.com:example/nodecore' into submodule path 'nodecore' failed
To dokku@localhost:dokku.example.com
 ! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'dokku@localhost:dokku.example.com'

I’ve read progrium/dokku#314. However, embedding the username and password in the repo is not an option.

I’m running both dokku-deployment-keys and dokku-hostkeys-plugin. So, at first glance, I figured we just needed to run these plugins before the app gets built. Unfortunately there is currently no way of doing this. See here.

So, one approach might be to break lines 33-35 into a new built-in plugin and subsequently move the aforementioned key plugins into a new phase that is called by the build-in.

Thoughts on this? Is this interesting to anyone else or am I off my rocker?

About this issue

Original URL
State: closed
Created 10 years ago
Comments: 15 (7 by maintainers)

Commits related to this issue

[ci skip] document deploying private git submodules. closes #644 — committed to dokku/dokku by deleted user 9 years ago
Merge pull request #895 from progrium/644-mh-document-priv-submods document deploying private git submodules. closes #644 — committed to dokku/dokku by josegonzalez 9 years ago

Most upvoted comments

Ok now I see the problem, but it’s not related to those lines the OP was referencing (https://github.com/progrium/dokku/blob/4e9d797d452d9e8499eec67ffad3e4140fc22736/dokku#L32-L37), but instead due to the fact that the submodule cloning happens way before the build hook is even triggered (technically git_archive_all is triggered before the dokku receive command which triggers the build).

Furthermore, it is not even related to any build logic nor any docker container, since all submodule cloning happens on the dokku host before it is sent to the buildpack.

Thus, if you can successfully authenticate by ssh key to github using the dokku user on the dokku host, your private submodules can then be checked out. Make sure the following works as logged in on the dokku host, and private submodules will thereafter be cloned successfully:

 su dokku
 ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
 ssh -T git@github.com

motin on Sep 28, 2014

Cloning private repository was failing for me. I did following.

Switch to dokku user: sudo su - dokku
Add key for dokku user: ssh-keygen -t rsa -b 4096 -C “Dokku Host”
Then added the public key to my account
ssh-keyscan github.com >> home/dokku/.ssh/known_hosts

After doing the above steps, I was able to clone private repository.

rasodu on Apr 7, 2021