Azure DevOps Pipeline allows to pull submodules during a build. When creating or editing a classic build pipeline, there is a checkbox which enables the checkout of submodules.
The Problem
However, there is a small limitation. The build agent can only checkout submodules from git repositories which have the same authentication as the one its currently running on. As in the screenshot above, this means only submodules hosted in this team project would be available to checkout.
In my last project I needed the build agent to pull some submodules from a private GitHub repo. While there is no option in the UI, it’s pretty easy to do so with a little help of a script.
Prerequesite
To be able to checkout submodules from a private GitHub repo all you need is a personal access token - a PAT. To get a PAT for your GitHub repo just follow the steps from the GitHub documentation.
The important part is, that you need “full” repository permission:
Implementation
Having the GitHub PAT and your GitHub username all you need to do is save them as a secure Pipeline variable and use it in a simple PowerShell script in your build pipeline:
$Base64PAT = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("$(gituhub_username):$(github_PAT)"))
git -c http.https://github.com/<your_account>/<your_repo>.git.extraheader="Authorization: Basic $Base64PAT" submodule update --init --recursive
This way you can checkout submodules from a private GitHub repository from within Azure DevOps. Of course, you can use this in any other tool. The essence is that you just need to provide your username and PAT as a Base64 encoded Basic authentication header.