Working with git submodules on CircleCI and Bitbucket

Good afternoon folks

We’re using CircleCI with BitBucket repositories.

In repo-one, I have added a git submodule of repo-two (as a folder name docker). I added this using command git submodule add git@bitbucket.org:myteam/repo-two.git docker then git add, git push etc.

My CircleCI pipeline looks (abridged form) like:

my_service_test:
  machine:
    image: ubuntu-1604:202010-01
  steps:
    - checkout
    - run: echo "do some other stuff using the docker folder"

This pipeline is run automatically using the CircleCI API by a “service account” user in CircleCI (just a normal user whose tokens etc. we store in contexts) rather than the individual who pushes code.

When it runs, the docker folder doesn’t exist - the pipeline can’t access resources in it. If I remove the submodule and just add a folder called docker with these resources in, the pipeline works fine.

When I add the line:

  - run: git submodule sync --recursive && git submodule update --recursive --init

I get this error:

Submodule 'docker' (git@bitbucket.org:myteam/repo-two.git) registered for path 'docker'
Cloning into '/home/circleci/project/docker'...
Unauthorized
fatal: Could not read from remote repository.

The service account user running this pipeline has write access in BitBucket on both repo-one and repo-two.

What am I missing to get my submodules working?