Configure submodules to inherit parent repository credentials

Stan Hurequested to merge
sh-fix-issue-39133 into main

What does this MR do?

In GitLab Runner 18.6+, credentials are no longer embedded directly in submodule URLs in .git/config. Instead, they are managed through an external git config file (.gitlab-runner.ext.conf) that is included via include.path in the parent repository's git config.

This change broke git operations executed inside submodule directories (e.g., cd patches && git pull origin master) because submodules have their own .git/config (or .git/modules/*/config) that does not inherit the parent's include.path setting.

This commit adds a git submodule foreach command after submodule initialization to configure each submodule's git config to include the same external config file as the parent repository. This allows git operations inside submodule directories to authenticate properly using the parent repo's credentials.

The configuration command reads the include.path from the parent repository and applies it to each submodule:

git submodule foreach 'git config include.path "GLR_EXT_GIT_CONFIG_PATH"'

Relates to #39133 (closed)

Why was this MR needed?

What's the best way to test this MR?

  1. Use the deployer project (https://gitlab.com/gitlab-com/gl-infra/deployer). In a test instance, clone this project as well as https://gitlab.com/gitlab-com/gl-infra/deploy-tooling and a patcher project (https://ops.gitlab.net/gitlab-com/gl-infra/patcher). Alternatively you can just create some parent project that had a .gitmodules that looks like:
[submodule "deploy-tooling"]
	path = deploy-tooling
	url = ../deploy-tooling.git
[submodule "patches"]
	path = patches
	url = ../patcher.git
  1. Simplify the .gitlab-ci.yml:
---
default:
  image: alpine:latest
  script:
    - cat .git/config
    - apk add git
    - cd $CI_PROJECT_DIR/patches 
    - git pull origin master
  variables:
    GIT_SUBMODULE_STRATEGY: recursive
    CI_DEBUG_TRACE: "true"

  1. Run a job with this build. Ensure that the git pull at least works without complaining about credential errors.

  2. Repeat this with a Powershell Windows job:

---
default:
  script:
    - cd $CI_PROJECT_DIR/patches 
    - git pull origin master
  variables:
    GIT_SUBMODULE_STRATEGY: recursive
    CI_DEBUG_TRACE: "true"

What are the relevant issue numbers?

#39133 (closed)

Edited by Stan Hu

Merge request reports