roles/module checkout with Semaphore

[stafwag]

Hi,

I do like to concept of Semaphore and its features.

.. But I'm looking for a way to perform a component checkout with authentication.

semaphore has support to execute an ansible which is great, but this doesn't reuse the git authentication method (e.g. private key/ssh config.)

Example:

roles/requirements.yml:

---
# https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-roles-and-collections-from-the-same-requirements-yml-file
- name: myrole
 scm: git
 src: git@mygit:myspace/mybranch/myrepo.git
 version: main

But this doesn't reuse the SSH authentication method in Semaphore.

A possible solution is to use the access token (if you're using GitLab/GitHub) but it makes sense to reuse the existing authentication.

The only solution that I found is not to use the internal Semaphore Key Store and set up the authentication outside of Semaphore;

Set up a "fake key" of Type "none" in the semaphore Key Store.
Create an SSH config and mount it inside the semaphore container.

Is there a way with Semaphore to reuse the SSH config that is already set up to perform the git clone for the roles requirements.yml install?

This question is somewhat related to:

#847
#1191

Another solution is to use git submodules, I tested it and as far as I can see Semaphore doesn't allow to perform a git submodule checkout.

#525

Is a git submodule checkout on the Semaphore roadmap?

[svennd]

I think it supports submodules :

2:02:19 PM
Cloning Repository [email protected]:svennd/***.git
2:02:19 PM
Cloning into 'inventory_96'...
2:02:19 PM
Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
2:02:20 PM
Submodule 'roles/cis-rhel9' (https://github.com/ansible-lockdown/RHEL9-CIS.git) registered for path 'roles/cis-rhel9'
2:02:20 PM
Cloning into '/opt/semaphore/inventory_96/roles/cis-rhel9'...
2:02:21 PM
Submodule path 'roles/cis-rhel9': checked out 'f652ee449a5e4d0c254675021624a0cccb82ead1'

Even though my playbook is totally happy ignoring the role though so something isn't working but that might be specific to my env.

[CappuccinoCake]

It works if the repo is cloned the first time, but not when the submodule is updated, then I get the old submodule, but the new main repo... Is there any fix to it?