Overview

Git’s a very powerful tool but it’s roots are in the open-source world so automating it’s operations through continuous integration can be a little difficult in a closed source world. This article will show you how to bridge that divide with regards to submodules.

Deploy Key

The first thing you’ll want to do is create an open deploy key, this is just a standard ssh key with an empty password. Keep in mind these deploy keys will have full access to the repositories you assign them, so treat them with care.

How to create a key can be found here

The Public Key

You’ll want to add the deploy key to the submodule projects you’ll be pulling. It can be found under: “settings->repositories->deloy keys”.

Deploy Key

You only need to assign the key once, in all other projects you can just enable it’s access from that same page.

The Private Key

The private key will be handled in a variable. Assigning it to only a protected branch is sane idea, your ci should really only run on protected branches.

Gitlab variables can be found under “settings->CI/CD->variables”

Gitlab Variables

Paste the contents of the private key under “value” you can name the variable anything but for the purpose of the article we’ll assume it’s named SSH_KEY

gitlab-ci.yml

We’ll be setting up our build environment using “before_script:”

The first part, locale, is only necessary if using debian or ubuntu containers but could apply to others.

build-example:
    image: ubuntu:20.04
    tags:
      - linux
      - x64
      - docker
    stage: build
    before_script:
      - export TZ=Europe/Dublin
      - ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
      - apt update && apt -y install make ssh git
      - mkdir -p ~/.ssh
      - eval `ssh-agent -s`    
      - echo "$SSH_KEY" | tr -d '\r' > ~/.ssh/deploy     
      - chmod 0600 ~/.ssh/*
      - echo "StrictHostKeyChecking=no" > ~/.ssh/config
      - ssh-add ~/.ssh/deploy      
      - git submodule update --init --recursive
    script:
      - cmake -DCMAKE_BUILD_TYPE=Release .
      - make

The tr -d ‘\r’ > ~/.ssh/deploy is a bit of bash magic that formats the variable key correctly. The StrictHostKeyChecking=no makes sure that git doesn’t query the ci to add a new host.

Your private submodules should all be available to your CI now.