feat: delegate vendoring of OpenSSL to git2 dependency tree

[2bndy5]

libgit2 is the only reason we rely on OpenSSL instead of using rust-native TLS solutions.

Summary by CodeRabbit

• Refactor

  • Consolidated SSL/TLS certificate handling to a single approach, removing separate optional SSL-related packages and eliminating the startup certificate probing step to streamline initialization and reduce runtime overhead.

• Chores

  • Updated dependency configuration to reflect the consolidated certificate handling and reduce the public dependency surface.

[coderabbitai]

Walkthrough

Consolidated vendored OpenSSL support via git2 and removed runtime SSL certificate probing by deleting the probe helper and its invocation from startup initialization.

Changes

Cohort / File(s)	Summary
Dependency updates cpp-linter/Cargo.toml	Removed public optional openssl and openssl-probe dependencies; added git2 as a dev-dependency with the https feature; changed the openssl-vendored feature to depend on git2/vendored-openssl instead of individual OpenSSL crates.
Startup code change cpp-linter/src/run.rs	Deleted the probe_ssl_certs helper and removed its invocation from run_main, eliminating the SSL certificate probing and associated openssl_probe import (previously feature-gated).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The PR title "feat: delegate vendoring of OpenSSL to git2 dependency tree" directly and accurately summarizes the primary change in the pull request. The changes confirm this intent: openssl and openssl-probe are removed as direct optional dependencies, git2 is added as a dev-dependency with the https feature, the openssl-vendored feature is updated to depend on git2/vendored-openssl, and the probe_ssl_certs helper is removed from the codebase. The title is concise, clear, and specific enough that a teammate reviewing the commit history would immediately understand the main objective of delegating OpenSSL dependency management to git2.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch delegate-vendored-openssl

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cc10c5c and c0a6ac7.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• cpp-linter/Cargo.toml (1 hunks)
• cpp-linter/src/run.rs (0 hunks)

💤 Files with no reviewable changes (1)

• cpp-linter/src/run.rs

🚧 Files skipped from review as they are similar to previous changes (1)

• cpp-linter/Cargo.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (18)

• GitHub Check: build-rustdoc
• GitHub Check: Build current binary
• GitHub Check: x86_64-apple-darwin
• GitHub Check: powerpc-unknown-linux-gnu
• GitHub Check: aarch64-unknown-linux-musl
• GitHub Check: test (windows-latest)
• GitHub Check: test (ubuntu-latest)
• GitHub Check: Build x86_64-unknown-linux-musl
• GitHub Check: Build aarch64-unknown-linux-musl
• GitHub Check: Build x86_64-pc-windows-msvc
• GitHub Check: Build aarch64-pc-windows-msvc
• GitHub Check: Build aarch64-apple-darwin
• GitHub Check: Build x86_64-unknown-linux-gnu
• GitHub Check: Build x86_64-apple-darwin
• GitHub Check: Build i686-pc-windows-msvc
• GitHub Check: Build armv7-unknown-linux-gnueabihf
• GitHub Check: Build aarch64-unknown-linux-gnu
• GitHub Check: Build FreeBSD

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

cpp-linter/Cargo.toml (1)

40-40: Clarify the purpose of the separate git2 dev-dependency.

A git2 dev-dependency is added with the https feature (line 40), while git2 is already a main dependency at line 23 (without features specified). This separation is unclear—either:

1. If https is needed for normal library operations, add it to the main dependency instead (possibly gated behind a feature like openssl-vendored).
2. If https is only for testing/integration tests, document why the dev-dependency is separate from the main dependency, or consolidate them via feature declarations.

Consider consolidating the git2 configuration to avoid duplication and clarify feature dependencies.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f2f694f and cc10c5c.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• cpp-linter/Cargo.toml (1 hunks)
• cpp-linter/src/run.rs (0 hunks)

💤 Files with no reviewable changes (1)

• cpp-linter/src/run.rs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (18)

• GitHub Check: build-rustdoc
• GitHub Check: cargo-tools
• GitHub Check: x86_64-apple-darwin
• GitHub Check: aarch64-pc-windows-msvc
• GitHub Check: arm-unknown-linux-gnueabihf
• GitHub Check: Build aarch64-pc-windows-msvc
• GitHub Check: Build x86_64-unknown-linux-musl
• GitHub Check: Build armv7-unknown-linux-gnueabihf
• GitHub Check: Build aarch64-unknown-linux-musl
• GitHub Check: Build aarch64-unknown-linux-gnu
• GitHub Check: Build x86_64-pc-windows-msvc
• GitHub Check: Build i686-pc-windows-msvc
• GitHub Check: Build x86_64-apple-darwin
• GitHub Check: Build FreeBSD
• GitHub Check: build-py-binding
• GitHub Check: Build current binary
• GitHub Check: test (ubuntu-latest)
• GitHub Check: test (windows-latest)

🔇 Additional comments (1)

cpp-linter/Cargo.toml (1)

40-40: Verify that the openssl-vendored feature enables both vendored OpenSSL and HTTPS support.

The openssl-vendored feature currently enables only git2/vendored-openssl, but if users enable this feature to support HTTPS operations with vendored OpenSSL, the git2/https feature may also be necessary. Without it, HTTPS operations could fail at runtime.

Consider whether the feature should be:

-openssl-vendored = ["git2/vendored-openssl"]
+openssl-vendored = ["git2/vendored-openssl", "git2/https"]

Or, if HTTPS is not part of the core library (only dev/test), document this intent clearly.

Can you clarify whether HTTPS git operations are used in the main library code, or if HTTPS is only needed for testing? This will determine whether the feature definition is correct.

Also applies to: 43-43

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.87%. Comparing base (f2f694f) to head (c0a6ac7).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #200      +/-   ##
==========================================
- Coverage   96.87%   96.87%   -0.01%     
==========================================
  Files          14       14              
  Lines        3134     3131       -3     
==========================================
- Hits         3036     3033       -3     
  Misses         98       98              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.