Private git subdmodule with AWS ECR orb

Ecosystem Orbs
1

I have the following config.yml file which works well
it’s using the aws-ecr and aws-ecs orbs.

version: 2.1
    orbs:
      aws-ecr: circleci/aws-ecr@0.0.2
      aws-ecs: circleci/aws-ecs@0.0.3
    workflows:
      build-deploy:
        jobs:
          - aws-ecr/build_and_push_image:
              account-url: "myaccount.amazonaws.com"
              repo: "my/repo"
              region: us-east-1
              tag: "${CIRCLE_BRANCH}"
              filters:
                branches:
                  only: mybranch

the problem is this repo contains a .gitmodules file which pulls in a private subdmodule
i can’t seem to figure out how to override, extend the orb to run additionally circleci equivalent of
git submodule update --init

i have tried adding this to the dockerfile, but then i get

Permission denied (publickey).

fatal: Could not read from remote repository.

note: the dockerfile builds fine locally, since local docker inject my git key automagically

i tried reconfiguring the orb job into steps also, i.e.
something like

  - add_keys:
        steps:
          - add_ssh_keys:
              fingerprints:
                - "fin:ger:pr:int:"
      - aws-ecr/build_and_push_image:
          requires:
            - add_keys
          account-url: "myaccount.amazonaws.com"
          repo: "my/repo"
          region: us-east-1
          tag: "${CIRCLE_BRANCH}"
          filters:
            branches:
              only: mybranch

where fingerprint is from the ‘user key’ in ssh checkout keys.
but this gives either:

‘add_ssh_keys has no job definition’

(if i try to make adding the key a separate job)

OR

‘0 subschemas matched instead of one’
(if i try making aws-ecr/build_and_push_image and ‘add_ssh_keys’ different steps of a new job)

does anyone have pointers on how to proceed, what the right config might be, or just general pointers of how to move forward in troubleshooting?
any insight much appreciated.

UPDATE: after reading quite a few more examples, it does seem like this should work

version: 2.1
orbs:
  aws-ecr: circleci/aws-ecr@0.0.2
  aws-ecs: circleci/aws-ecs@0.0.3
workflows:
  build-deploy:
    jobs:
      - lb_build_and_push_image:
        steps:
          - add_ssh_keys:
              fingerprints:
                - "my:fin:ger:print"
          - aws-ecr/build_and_push_image:
              account-url: "account.amazonaws.com"
              repo: "my/repo-backend"
              region: us-east-1
              tag: "${CIRCLE_BRANCH}"
              filters:
                branches:
                  only: mybranch

but this gives still

Error: ERROR IN CONFIG FILE:
[#/workflows/build-deploy/jobs/0] 0 subschemas matched instead of one
1. [#/workflows/build-deploy/jobs/0] expected type: String, found: Mapping
2

this was the eventual solution. newer release of aws-ecr orb supplies commands for steps

version: 2.1
orbs:
  aws-ecr: circleci/aws-ecr@4.0.1
  aws-ecs: circleci/aws-ecs@0.0.3
  aws-cli: circleci/aws-cli@0.1.1

jobs:
  build_and_push_image:
    docker:
      - image: circleci/python:3.7.1
    steps:
      - checkout
      - run:
          name: "Pull Submodules"
          command: |
            git submodule init
            git submodule update --remote
      - setup_remote_docker
      - aws-ecr/build-image:
          repo: "my/repo"
          tag: "${CIRCLE_BRANCH}"
      - aws-cli/install
      - aws-ecr/ecr-login
      - aws-ecr/push-image:
          repo: "my/repo"
          tag: "${CIRCLE_BRANCH}"

however, this did rely on updates to aws orb, i would be interested if there was another way to solve this, assuming those steps had not been exposed as commands

3

Cross-posted here: