Checkout step intermittently uses https instead of ssh

The checkout step seems to randomly switch between https and ssh. According to the docs:

The checkout command automatically adds the required authenticity keys for interacting with GitHub and Bitbucket over SSH

This has been working fine until recently, when checkouts started happening over https.
How can I reliably get it to use ssh, as my pipeline needs the github ssh keys to use update git submodules?

Example logs when checkout uses ssh (github ssh keys automatically added. Nice):

Creating .ssh directory
Adding the following entries to known_hosts:
github.com ssh-rsa ...
github.com ecdsa-sha2-nistp256 ...
github.com ssh-ed25519 ...
...
Writing SSH key for checkout to "/home/circleci/.ssh/id_rsa"
Writing SSH public key for checkout to "/home/circleci/.ssh/id_rsa.pub"
Cloning git repository - git@github.com:<org>/<repo>.git
Checking out branch

Example logs when checkout uses https (and therefore doesn’t add the github ssh keys):

Using subcommand credential helper for git operations
Cloning git repository - https://github.com/<org>/<repo>.git

Any help would be appreciated!

Hi I also met this problem. I recently moved my CircleCI integration from using github OAuth to github apps.

When I do checkout on the PR branches it used https instead of ssh. Meanwhile on the default branch it does use ssh. I can’t find anything in the docs mentioning this GitHub App integration overview - CircleCI

HI @martin-circle and @ikusa - looking into this and will get back to you soon.

Thanks Benny

I actually figured it out but forgot to report back.

In my case, the project was configured with two triggers; a github OAuth one and a github app one. The OAuth one does a ssh clone while the app one does a https clone. If you’re unlucky, the app trigger fires first, and you’ll get a https clone.