Skip to content

fix(gitmodules): switch submodule URLs from SSH to HTTPS for publishability#13

Merged
abitofhelp merged 1 commit into
mainfrom
fix/gitmodules-https-for-publishability
Jun 9, 2026
Merged

fix(gitmodules): switch submodule URLs from SSH to HTTPS for publishability#13
abitofhelp merged 1 commit into
mainfrom
fix/gitmodules-https-for-publishability

Conversation

@abitofhelp

Copy link
Copy Markdown
Owner

Summary

Restores HTTPS submodule URLs in .gitmodules so that git clone --recursive (used by alr publish's "Deploy sources" step, and by any consumer that recursively clones clara) can fetch the dev/tooling submodules without SSH credentials.

Scope is deliberately .gitmodules only — reversible, two-URL rewrite, no release execution.

This is the same publishability defect that functional carried before functional#6 (shipped in functional v4.1.1, now LIVE on the Alire community index). It was discovered on clara during the G9-dry attempt for v1.0.0: alr publish's step 2 of 5 ("Deploy sources") ran git clone --recursive which failed:

Host key verification failed.
fatal: clone of 'git@github.com:abitofhelp/hybrid_scripts_python.git' ... failed
fatal: clone of 'git@github.com:abitofhelp/hybrid_test_python.git' ... failed

The dev container (and any consumer environment without GitHub SSH host-key trust + SSH keys) cannot deploy clara at v1.0.0 because of this. v1.0.0 was tagged but not submitted to Alire after dry-run publishability validation found SSH submodule URLs. v1.0.1 will be the first Alire-published release (separate follow-up PR).

Commit map

# SHA Subject Files
1 63e4f4e fix(gitmodules): switch submodule URLs from SSH to HTTPS for publishability .gitmodules (+2 / -2)

Diff total: 1 file, +2 / -2.

What the change does (mechanical only)

 [submodule "scripts/python/shared"]
 	path = scripts/python/shared
-	url = git@github.com:abitofhelp/hybrid_scripts_python.git
+	url = https://github.com/abitofhelp/hybrid_scripts_python.git
 [submodule "test/scripts/python/shared"]
 	path = test/scripts/python/shared
-	url = git@github.com:abitofhelp/hybrid_test_python.git
+	url = https://github.com/abitofhelp/hybrid_test_python.git

No path changes. No submodule gitlink / pointer changes
(verified: scripts/python/shared stays at cf36a0f,
test/scripts/python/shared stays at 8e0fae1). No other files touched.

Locally, git submodule sync was run to update .git/config's mirrored URLs so the working tree, .gitmodules, and .git/config agree on the host. (.git/config is not tracked; the sync is local-state housekeeping.)

Why this matters

Both submodule repositories (hybrid_scripts_python and hybrid_test_python) are public on GitHub; HTTPS clones require no credentials. The previous SSH URLs caused failures in any consumer environment without SSH keys + a known_hosts entry for github.com, including the canonical Ada dev container and (almost certainly) GHA runners during alr publish.

What about the v1.0.0 tag?

The public v1.0.0 tag is preserved (e3c24f48b6ea3b, on origin). Per project rules (no destructive git operations without explicit owner authorization), the tag is not force-rewritten. After this PR merges, a separate version-bump PR will:

  1. Bump version surfaces 1.0.01.0.1 (alire.toml, test/alire.toml, src/version/clara-version.ads)
  2. Add a CHANGELOG [1.0.1] section noting this .gitmodules repair and explaining that v1.0.0 was tagged but not submitted to Alire after dry-run publishability validation found SSH submodule URLs; v1.0.1 is the first Alire-published release.
  3. Tag-date prep → tag v1.0.1alr publish --skip-submit dry-run → submit to alire-index.

This mirrors the exact path functional took (v4.1.0 tagged but unpublished → v4.1.1 published with the HTTPS fix).

Validation (performed before PR open)

Clean recursive clone via HTTPS inside the dev container (dev-container-ada-system-1):

git clone --branch fix/gitmodules-https-for-publishability --recursive /workspace/clara /tmp/clara-fix-test

Result:

  • .gitmodules in fresh clone shows HTTPS URLs ✅
  • Both submodules cloned via HTTPS without credentials ✅
  • scripts/python/sharedcf36a0f38b407a3f3c65ea622c42ef6eeca3c795 (matches gitlink, unchanged)
  • test/scripts/python/shared8e0fae1091a1dbb80f3b6627030a37cb0f303c64 (matches gitlink, unchanged)
  • No SSH host-key prompts, no auth errors

Position in the v1.0.0 / v1.0.1 release sequence

Step Status
T0 — CHANGELOG tag-date prep (PR #11) merged
T1 — root [[pins]] functional removal (PR #12) merged
G-validate — post-T1 xplatform-validation 27177524751 green (linux-amd64 ✅, linux-arm64 ✅)
G6 — annotated v1.0.0 tag created and pushed ✅
G9-dry — alr publish --skip-submit ❌ FAILED at step 2/5 due to SSH .gitmodules
F1-analog — .gitmodules SSH → HTTPS repair (this PR) awaiting review
F2-analog — version bump 1.0.0 → 1.0.1 + CHANGELOG [1.0.1] next PR after this merges
F2-tag-prep + F2-tag — tag v1.0.1 gated downstream
G9-dry redux — alr publish --skip-submit against v1.0.1 tree gated downstream
G9 — submit to alire-index gated, irreversible once PR opens
G7 — clara GitHub Release v1.0.1 gated; should reference Alire submission status accurately

What this PR does NOT do

  • No alire.toml edit — version stays 1.0.0 on the working tree; the v1.0.1 bump is a separate PR.
  • No src/version/clara-version.ads edit.
  • No CHANGELOG edit.
  • No README edit.
  • No CI workflow edits.
  • No source / test changes.
  • No new tag — v1.0.0 stays put; v1.0.1 comes from a separate PR.
  • No GitHub Release.
  • No alr publish retry.
  • No ecosystem-wide work (astengine / astfmt / adafmt unpins still gated; their own .gitmodules audit is a separate follow-up).

clara main branch ruleset state

Expected: the Lock all branches ruleset (id 13699088) will auto-bypass on creation at push, same pattern as PR #10 / #11 / #12. Merge will require gh pr merge --admin with an audit-trail body.

Follow-ups deliberately deferred

  • v1.0.1 version bump + CHANGELOG [1.0.1] PR — separate follow-up.
  • v1.0.1 tag + Alire submission — gated downstream.
  • .gitmodules audit on astengine / astfmt / adafmt — owner-flagged for read-only/prep audit before any further tag work in those repos.
  • v1.0.0 GitHub Release — should NOT be created. The release history will start at v1.0.1.

Refs: adafmt#42

…bility

Restore HTTPS submodule URLs in .gitmodules so that downstream
consumers — and Alire's recursive clone during `alr publish` source
deployment — can clone the dev/tooling submodules without SSH
credentials.

This is the same publishability defect that functional carried
before its F-sequence (fixed there by functional#6, shipped in
functional v4.1.1). It was discovered on clara during the
G9-dry attempt for v1.0.0: alr publish's "Deploy sources" step
ran `git clone --recursive` which failed to clone the SSH-form
hybrid_scripts_python / hybrid_test_python submodules in the
dev container.

The v1.0.0 tag is preserved (immutable per project rules). After
this PR merges, a separate version-bump PR will set version 1.0.1
and a fresh v1.0.1 tag becomes the first Alire-published release.

Both submodule repositories (hybrid_scripts_python and
hybrid_test_python) are public on GitHub; HTTPS clones require
no credentials.

Scope: .gitmodules only. No path changes, no submodule gitlink
changes, no version bump, no alire.toml edit, no source/test
changes, no CI changes, no release execution.

Refs: adafmt#42
@abitofhelp abitofhelp merged commit ec80afd into main Jun 9, 2026
@abitofhelp abitofhelp deleted the fix/gitmodules-https-for-publishability branch June 9, 2026 03:39
abitofhelp added a commit that referenced this pull request Jun 10, 2026
…lease) (#14)

Version-surface bump to prepare clara v1.0.1 as the first version
intended for Alire community-index submission.

v1.0.0 was tagged but not submitted after alr publish --skip-submit
dry-run validation found SSH submodule URLs in .gitmodules. The
.gitmodules HTTPS publishability repair was merged separately as
PR #13 (ec80afd). v1.0.1 is the first version with the
HTTPS-repaired tree that will be submitted to the Alire community
index. No source / API / behavior changes vs v1.0.0; only the
publishability repair (PR #13) and this version-surface bump.

Mirrors the functional v4.1.0 -> v4.1.1 pattern (functional#6
merged the HTTPS repair; functional v4.1.1 was the first version
published to the Alire community index, now LIVE).

Files changed (5):
- alire.toml: version 1.0.0 -> 1.0.1
- test/alire.toml: version 1.0.0 -> 1.0.1
- src/version/clara-version.ads: Patch 0 -> 1; Version "1.0.0" -> "1.0.1"
- test/unit/test_version.adb: Patch + Version assertions bumped;
  Is_Stable test name updated to "Is_Stable is True for 1.0.1"
- CHANGELOG.md: top metadata Version 1.0.0 -> 1.0.1 and Date
  2026-06-09 -> "<YYYY-MM-DD pending tag>" placeholder; new [1.0.1]
  section explaining the first-Alire-publication framing; [1.0.0]
  2026-06-09 history preserved verbatim.

Audit trail:
- Ruleset id: 13699088 (Lock all branches, active)
- PR head SHA at merge: 1921fce
- clara main pre-merge: ec80afd
- No [[pins]] in root alire.toml (T1 / PR #12 removal preserved)
- Direct functional dependency unchanged: "^4.0.0"
- .gitmodules HTTPS-clean (PR #13 repair preserved)
- v1.0.0 tag preserved at e3c24f4 -> 8b6ea3b (NOT re-pointed)
- Validation: alr build (clara root) 0.38s; alr build (test crate)
  2.28s; unit_runner 124/124 PASS - all in dev-container-ada-system-1
  with -XGNATCOLL_ICONV_OPT=
- No v1.0.1 tag created; no GitHub Release created;
  no alr publish run; no astengine / astfmt / adafmt / corpus_ada /
  hybrid_app_ada / hybrid_lib_ada / tzif_ada / zoneinfo_ada changes;
  corpus_ada visibility unchanged (private)

Refs: adafmt#42
abitofhelp added a commit that referenced this pull request Jun 10, 2026
)

Tag-date prep slice for clara v1.0.1: replace both
<YYYY-MM-DD pending tag> placeholders in CHANGELOG.md with the
intended tag date 2026-06-09. CHANGELOG.md only, +2 / -2.

Mirrors the T0 tag-date prep slice for v1.0.0 (PR #11 set [1.0.0]
tag date to 2026-06-09). After this merges, the annotated v1.0.1
tag will be pushed against the resulting tree as a separate gate.

Note: 2026-06-09 is the intended release/tag date by project
convention (Eastern time). GitHub merge timestamps may show
2026-06-10T...Z due to UTC encoding; this does not change the
CHANGELOG date.

Audit trail:
- Ruleset id: 13699088 (Lock all branches, active)
- PR head SHA at merge: 79c2e8c
- clara main pre-merge: dbcbeb0
- Diff: CHANGELOG.md only, +2 / -2 (exactly the two date placeholders)
- alire.toml version remains "1.0.1" (from PR #14)
- src/version/clara-version.ads remains Patch = 1, Version = "1.0.1"
- Root [[pins]] count = 0 (T1 / PR #12 removal preserved)
- functional = "^4.0.0" unchanged
- .gitmodules HTTPS-clean (PR #13 preserved)
- v1.0.0 tag preserved at e3c24f4
  -> 8b6ea3b (NOT re-pointed)
- v1.0.1 tag still absent (local + remote)
- No GitHub Release on clara
- alr publish not run (alire-index clara-1.0.1.toml 404)
- clara#15 (test/config tracked-baseline drift) NOT addressed; remains
  open as separate follow-up
- No changes to astengine/astfmt/adafmt/corpus_ada/hybrid_app_ada/
  hybrid_lib_ada/tzif_ada/zoneinfo_ada

Refs: adafmt#42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant