Private Github submodules

Some workflows require use of an SSH private key during build - for instance when getting sources for private submodules during a build.

The quick rundown (TL;DR)

  • create SSH keypair on your computer
  • add public part as user key on Github
  • add private key as secret in (container) repo where action is triggered (such that $HOME/.ssh/id_rsa can be synthesized as a preliminary build step)

Github Actions:

env:
  SSH_SUBMODULES_KEY: ${{ secrets.SSH_SUBMODULES_KEY }}

AppVeyor

env:
  SSH_SUBMODULES_KEY:
    secure: DF3lCBl.......G5+p/ # NOTE: Very long!!!
  • do the following before pulling the submodules in the run configuration
mkdir -p "$HOME/.ssh" && \
echo "$SSH_SUBMODULES_KEY" > "$HOME/.ssh/id_rsa" && \
chmod 600 "$HOME/.ssh/id_rsa"