Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Fetching Private Submodules in AWS Amplify Build

Tags:

I am deploying my app using AWS Amplify. I decided to separate my a part of my app into a submodule. Now, when I build run git submodule update --init --recursive in the build of Amplify, it gives me an access error since it is a private repository and AWS could not access it.

I have two choices, one is using the https to fetch the repo, but it will require me to put my username and password in the submodule. Or figure out a way for AWS to generate an SSH key that I can pair to the submodule SSH access to proceed. I would like to use the latter, but I have no idea how to do it in AWS Amplify.

like image 971
Mr A Avatar asked May 20 '19 10:05

Mr A

2 Answers

It seems one solution would be to generate an SSH key without a passphrase (insecure solution) and then add it as an environment variable in the aws-amplify project:

  1. Generate a ssh key without passphrase:
  • ssh-keygen -f deploy_key -N ""
  • Copy the base64 encoded content of your private key cat deploy_key | base64 -w0 into your Amplify project environment variable. Eg. DEPLOY_KEY
  • Copy the content of your public key cat deploy_key.pub to your ~/.ssh/authorized_keys (depending on your repository provider, Access keys in Repository settings for Bitbucket in our case)
  1. In the preBuild or build section of your amplify.yml add the following :
commands:
        - eval $(ssh-agent -s)
        - ssh-add <(echo "$DEPLOY_KEY" | base64 --decode)
like image 82
wlarcheveque Avatar answered Oct 02 '22 08:10

wlarcheveque

Spoke to AWS about this issue as well, and there is no solution at the moment for the second option.

You could create a separate GitHub user with read-only access to the submodule repo, and add it via HTTPS: https://USERNAME:[email protected]/ACCOUNT/SUBMOUDLE-REPO.git

Bonus: If you would like to push changes to the submodule repo, you can change the origin push URL. Within the submodule directory: git config remote.origin.pushurl [email protected]:ACCOUNT/SUBMODULE-REPO.git

FWIW, Netlify had the same issue a few months ago (not sure if it's still the case), their work-around would be for them to manually generate a deploy key for the submodule repo, but due to GitHub's restrictions this key would only work once - meaning for any other repo/site that needed to use the submodule you would need to go through the process again.

like image 37
iv4 Avatar answered Oct 02 '22 08:10

iv4
Sign in to Comment

Related questions

Python AWS Lambda Certificates
Android ClassNotFoundException with appcompat-v7:28.0.0
How do I avoid time leakage in my KNN model?
Hiding Kotlin object's INSTANCE field from Java (and Kotlin)
Is there a way to create a permanent sidebar in Flutter Web?
Isolation level in C# or SQL - which one will be used?
How to partition 2D-points into intervals (using only vertical lines)?
Problem with XmlDecoder and Akka Stream only inside Docker container
RDS Upgrade Fails despite prepatchcompatibility showing no errors
CdkDragDrop unit testing events
How to use SDL2 Texture as sort of updating canvas?
Chrome scroll behavior when adding items to the DOM

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!