docker/bake-action@v6: Failed to clone submodule, Permission denied (publickey) #318
Description
Contributing guidelines
- I've read the contributing guidelines and wholeheartedly agree
I've found a bug, and:
- The documentation does not mention anything about my problem
- There are no open or closed issues that are related to my problem
Description
After upgrading docker/bake-action to v6, I encountered an error indicating that a submodule used in my application repository cannot be cloned. This issue does not occur with v5, where everything works as expected.
Expected behaviour
I would expect the token used to clone the main application repository to also have access to clone the submodule, as both are part of the same organization.
Actual behaviour
#1 0.718 Submodule 'api/src/SharedStorage' (git@github.com:rii-link/shared-storage.git) registered for path 'api/src/SharedStorage'
#1 0.720 Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage'...
#1 0.860 Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
#1 1.009 git@github.com: Permission denied (publickey).
#1 1.010 fatal: Could not read from remote repository.
#1 1.010
#1 1.010 Please make sure you have the correct access rights
#1 1.010 and the repository exists.
v5 configuration works:
name: Build Docker images
uses: docker/bake-action@v5
with:
pull: true
load: true
files: |
compose.yaml
compose.override.yaml
set: |
*.cache-from=type=gha,scope=${{github.ref}}
*.cache-from=type=gha,scope=refs/heads/main
*.cache-to=type=gha,scope=${{github.ref}},mode=maxRepository URL
No response
Workflow run URL
No response
YAML workflow
name: CI
on:
push:
branches:
- main
pull_request: ~
workflow_dispatch: ~
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
tests:
name: Tests
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
submodules: true
token: ${{ secrets.SUBMODULE_GITHUB_TOKEN }}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build Docker images
uses: docker/bake-action@v6
with:
pull: true
load: true
files: |
compose.yaml
compose.override.yaml
set: |
php.cache-from=type=gha,scope=php-${{github.ref}}
php.cache-from=type=gha,scope=php-refs/heads/main
php.cache-to=type=gha,scope=php-${{github.ref}},mode=max
pwa.cache-from=type=gha,scope=pwa-${{github.ref}}
pwa.cache-from=type=gha,scope=pwa-refs/heads/main
pwa.cache-to=type=gha,scope=pwa-${{github.ref}},mode=max
-
name: Start services
run: docker compose up --wait --no-build
-
name: Check HTTP reachability
run: curl -v --fail-with-body http://localhost
-
name: Check API reachability
run: curl -vk --fail-with-body https://localhost
-
name: Check PWA reachability
run: "curl -vk --fail-with-body -H 'Accept: text/html' https://localhost"
-
name: Create test database
run: docker compose exec -T php bin/console -e test doctrine:database:create
-
name: Run migrations
run: docker compose exec -T php bin/console -e test doctrine:migrations:migrate --no-interaction
-
name: Run PHPUnit
run: docker compose exec -T php bin/phpunit
-
name: Doctrine Schema Validator
run: docker compose exec -T php bin/console -e test doctrine:schema:validate
lint:
name: Docker Lint
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Lint Dockerfiles
uses: hadolint/hadolint-action@v3.1.0
with:
recursive: trueWorkflow logs
/usr/bin/docker buildx bake https://github.com/rii-link/api.git#7d19a85d00d5d93cc1fdc8de310d0c53054fc148 --file compose.yaml --file compose.override.yaml --set php.cache-from=type=gha,scope=php-refs/heads/main --set php.cache-from=type=gha,scope=php-refs/heads/main --set php.cache-to=type=gha,scope=php-refs/heads/main,mode=max --set pwa.cache-from=type=gha,scope=pwa-refs/heads/main --set pwa.cache-from=type=gha,scope=pwa-refs/heads/main --set pwa.cache-to=type=gha,scope=pwa-refs/heads/main,mode=max --load --print
#0 building with "builder-4a084624-b327-4e67-9443-2dbf8715036c" instance using docker-container driver#1 [internal] load git source https://github.com/rii-link/api.git#7d19a85d00d5d93cc1fdc8de310d0c53054fc148
#1 0.031 Initialized empty Git repository in /var/lib/buildkit/runc-overlayfs/snapshots/snapshots/1/fs/
#1 0.037 fatal: Not a valid object name 7d19a85d00d5d93cc1fdc8de310d0c53054fc148^{commit}
#1 0.613 From https://github.com/rii-link/api
#1 0.613 * branch 7d19a85d00d5d93cc1fdc8de310d0c53054fc148 -> FETCH_HEAD
#1 0.615 * [new tag] 0.1.0 -> 0.1.0
#1 0.615 * [new tag] 0.1.1 -> 0.1.1
#1 0.615 * [new tag] 0.1.2 -> 0.1.2
#1 0.615 * [new tag] 0.1.3 -> 0.1.3
#1 0.615 * [new tag] 0.1.4 -> 0.1.4
#1 0.615 * [new tag] 0.1.5 -> 0.1.5
#1 0.616 * [new tag] 0.1.6 -> 0.1.6
#1 0.616 * [new tag] 0.1.7 -> 0.1.7
#1 0.617 * [new tag] 0.1.8 -> 0.1.8
#1 0.665 Submodule 'api/src/SharedStorage' (git@github.com:rii-link/shared-storage.git) registered for path 'api/src/SharedStorage'
#1 0.667 Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage'...
#1 0.795 Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
#1 0.931 git@github.com: Permission denied (publickey).
#1 0.932 fatal: Could not read from remote repository.
#1 0.932
#1 0.932 Please make sure you have the correct access rights
#1 0.932 and the repository exists.
#1 0.934 fatal: clone of 'git@github.com:rii-link/shared-storage.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage' failed
#1 0.934 Failed to clone 'api/src/SharedStorage'. Retry scheduled
#1 0.937 Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage'...
#1 1.196 git@github.com: Permission denied (publickey).
#1 1.197 fatal: Could not read from remote repository.
#1 1.197
#1 1.197 Please make sure you have the correct access rights
#1 1.197 and the repository exists.
#1 1.198 fatal: clone of 'git@github.com:rii-link/shared-storage.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage' failed
#1 1.198 Failed to clone 'api/src/SharedStorage' a second time, aborting
#1 ERROR: failed to update submodules for https://github.com/rii-link/api.git: git stderr:
Submodule 'api/src/SharedStorage' (git@github.com:rii-link/shared-storage.git) registered for path 'api/src/SharedStorage'
Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage'...
Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.Please make sure you have the correct access rights
and the repository exists.
fatal: clone of 'git@github.com:rii-link/shared-storage.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage' failed
Failed to clone 'api/src/SharedStorage'. Retry scheduled
Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage'...
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.Please make sure you have the correct access rights
and the repository exists.
fatal: clone of 'git@github.com:rii-link/shared-storage.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage' failed
Failed to clone 'api/src/SharedStorage' a second time, aborting
: exit status 1[internal] load git source https://github.com/rii-link/api.git#7d19a85d00d5d93cc1fdc8de310d0c53054fc148:
0.934 fatal: clone of 'git@github.com:rii-link/shared-storage.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage' failed
0.934 Failed to clone 'api/src/SharedStorage'. Retry scheduled
0.937 Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage'...
1.196 git@github.com: Permission denied (publickey).
1.197 fatal: Could not read from remote repository.
1.197
1.197 Please make sure you have the correct access rights
1.197 and the repository exists.
1.198 fatal: clone of 'git@github.com:rii-link/shared-storage.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage' failed
1.198 Failed to clone 'api/src/SharedStorage' a second time, aborting
ERROR: failed to solve: failed to update submodules for https://github.com/rii-link/api.git: git stderr:
Submodule 'api/src/SharedStorage' (git@github.com:rii-link/shared-storage.git) registered for path 'api/src/SharedStorage'
Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage'...
Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.Please make sure you have the correct access rights
and the repository exists.
fatal: clone of 'git@github.com:rii-link/shared-storage.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage' failed
Failed to clone 'api/src/SharedStorage'. Retry scheduled
Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage'...
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.Please make sure you have the correct access rights
and the repository exists.
fatal: clone of 'git@github.com:rii-link/shared-storage.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/api/src/SharedStorage' failed
Failed to clone 'api/src/SharedStorage' a second time, aborting
: exit status 1
Error: cannot parse bake definitions: : exit status 1
BuildKit logs
Additional info
No response