I have a submodule with another token, how can i set build-push-action?

[ruanshudong]

#1 [internal] load git source https://github.com/TarsCloudMarket/CountServer.git#4c66a29c33814cc24e93ed470d4a1ccc3ed98b05
#0 0.041 hint: Using 'master' as the name for the initial branch. This default branch name
#0 0.041 hint: is subject to change. To configure the initial branch name to use in all
#0 0.041 hint: of your new repositories, which will suppress this warning, call:
#0 0.041 hint: 
#0 0.041 hint:  git config --global init.defaultBranch <name>
#0 0.041 hint: 
#0 0.041 hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
#0 0.041 hint: 'development'. The just-created branch can be renamed via this command:
#0 0.041 hint: 
#0 0.041 hint:  git branch -m <name>
#0 0.042 Initialized empty Git repository in /var/lib/buildkit/runc-overlayfs/snapshots/snapshots/1/fs/
#0 0.097 fatal: Not a valid object name 4c66a29c33814cc24e93ed470d4a1ccc3ed98b05^{commit}
#1 0.598 From https://github.com/TarsCloudMarket/CountServer
#1 0.598  * [new branch]      master     -> origin/master
#1 0.606  * [new tag]         v1.0.0     -> v1.0.0
#1 0.716 Submodule 'libraft' (git@github.com:TarsCloudMarket/libraft.git) registered for path 'libraft'
#1 0.719 Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/libraft'...
#1 0.974 Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
#1 1.086 git@github.com: Permission denied (publickey).
#1 1.088 fatal: Could not read from remote repository.
#1 1.088 
#1 1.088 Please make sure you have the correct access rights
#1 1.088 and the repository exists.
#1 1.089 fatal: clone of 'git@github.com:TarsCloudMarket/libraft.git' into submodule path '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/libraft' failed
#1 1.089 Failed to clone 'libraft'. Retry scheduled
#1 1.093 Cloning into '/var/lib/buildkit/runc-overlayfs/snapshots/snapshots/2/fs/libraft'...

[crazy-max]

Looking at https://github.com/moby/buildkit/pull/1533 you could use GIT_AUTH_TOKEN.<host> but as the token is scoped to the host (github.com in your case) you cannot do this.

Another way is to set the username in the URL like https://user1@github.com and https://user2@github.com but in your case it's the same one (TarsCloudMarket).

To fix this we need some changes on BuildKit repo as atm there is only a best-effort to try reusing the same token for all github.com remotes (https://github.com/moby/buildkit/pull/1987). I think we would just need to include the path to the domain in http.<url>.* to fix it or maybe we could also set credential.usehttppath or credential.<host>.useHttpPath so it would be scoped to the path. cc @tonistiigi

[md-seb]

docker/build-push-action@v3 uses Git context by default, but you can override it by setting context explicitly. This allows you to mutate the context using any actions, including actions/checkout@v3 with submodules (we use dedicated GitHub account for automation, then add that account's SSH key to repository secrets as DEPLOYER_SSHKEY):

jobs:
  build-docker:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout with submodules
        uses: actions/checkout@v3
        with:
          ssh-key: ${{ secrets.DEPLOYER_SSHKEY }}
          submodules: true
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Build and push
        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
          tags: 'user/app:tag'

[or-he-MA]

Would love some additional explanation regarding the context flag. I've encountered the same issue, and after @crazy-max insights indeed adding context: . solved my issue.

I've read the documentation (https://github.com/docker/build-push-action?tab=readme-ov-file#git-context & https://docs.docker.com/reference/cli/docker/image/build/#git-repositories), and from what I understood it simply tells docker where is the Dockerfile located (not path to file, but context such as "this current repo").

So by default it's taking the current repo, cloning it and then proceeding, and if mentioning the context as I did it simply skips the checkout part? (as long as it's the current repo).