azure devops - Git Submodule update on pipelines with hosted agent

Question

I have a self hosted agent and have a git repository with submodules. URLs in .gitmodules are http://

When I try to initialize a job it fails to update submodules.

git submodule sync
git submodule update --init --force
Cloning into 'foo-dev-common'...
Submodule 'foo-dev-common' (https://[email protected]/MY_ORG/PInC/_git/foo-dev-common) registered for path 'foo-dev-common'
fatal: could not read Password for 'https://[email protected]': terminal prompts disabled
fatal: clone of 'https://[email protected]/MY_ORG/PInC/_git/foo-dev-common' into submodule path 'foo-dev-common' failed
##[error]Git submodule update failed with exit code: 128
Finishing: Checkout foo-rose-identity-service@submod_bd_mahesh to s/foo-rose-identity-service

I have also tried adding repository self and

    steps:
  - checkout: self
    submodules: true
    persistCredentials: true

Answer 1

forvaidya's answer didn't work for me (though it is now 4 years later). (Relative URLs in .gitmodules are resolved to full URLs in .git/config by git submodule sync.)

persistCredentials: true will keep the authorization header available in git config for future steps, but it is keyed by your main repo URL. As long as the submodule repo(s) are in the same organization, you can reuse the header, though - e.g. in a pipeline Powershell script:

steps:
- checkout: self
  submodules: false
  persistCredentials : true

- powershell: |
    $header = $(git config --get-all http.$(Build.Repository.Uri).extraheader)
    git -c http.extraheader="$header" submodule sync
    git -c http.extraheader="$header" submodule update --init --force --depth=1

(I gleaned these details from the logs of the standard checkout step. Note the reference to the Build.Repository.Uri pipeline variable.)

The above will accomplish a full ("unshallow") checkout of the main repo (useful for e.g. GitVersion), without submodules, and a shallow checkout of any submodules.

Edit: The documented way to get the authorization header is

    $header = "AUTHORIZATION: bearer $(System.AccessToken)"