coollabsio/coolify

[Bug]: Deployment fails when using private submodules via Github App Source

Opened this issue · 3 comments

AltanS commented

Error Message and Logs

When using a private submodule within my repository the deployment fails with

Current behaviour

  1. Main repository clones successfully using HTTPS token authentication (https://x-access-token:<TOKEN>@github.com/...)
  2. When GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" git submodule update --init --recursive runs, it fails to authenticate with the private submodule
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

I think the issue might is caused because git submodule update doesnt have either SSH creds or the access token to properly access the private repo.

Relevant code:

coolify/app/Models/Application.php

Line 936 in 6987e83

public function setGitImportSettings(string $deployment_uuid, string $git_clone_command, bool $public = false)

coolify/app/Models/Application.php

Line 987 in 6987e83

} else {

Possible solutions:

Configure Git globally to use the token for all HTTPS requests to GitHub:

git config --global url."https://x-access-token:${TOKEN}@github.com/".insteadOf "https://github.com/"

Steps to Reproduce

  1. Add a private submodule to an existing project
  2. Re-run deployment

Example Repository URL

No response

Coolify Version

v4.0.0-beta.367

Are you using Coolify Cloud?

Yes (Coolify Cloud)

Operating System and Version (self-hosted)

No response

Additional Information

No response

felipesouza91 commented

Hi, same bug here. A GitHub deploy only works in a plublic repository.

AlanRevise commented

Hi I also have same issue. For me it was only working with public repos and with https url.

AltanS commented

I've implemented a very bad practice solution to get the deployments to work for now.

  1. Add a fine grained access token under https://github.com/settings/tokens?type=beta
  2. Add access to the private submodule repositories you need
  3. Add read-only permissions for Content and metadata
  4. Copy the token
  5. adjust your .gitmodules file to use this token when accessing the repository, replace github_pat_XXX with the actual token
[submodule "packages/my-private-submodule"]
	path = packages/my-private-submodule
	url = https://x-access-token:github_pat_XXXXXXXXXXXXXXXXX@github.com/MyOrg/MyPrivateSubmodule.git
	branch = main