From 63824271d9a23071260ad454546f8d24201638c7 Mon Sep 17 00:00:00 2001
From: Alejandro R Mosteo <amosteo@unizar.es>
Date: Mon, 7 Jul 2025 17:48:40 +0200
Subject: [PATCH] dev: detect pin/submodule mismatches (#1977)

* dev: detect pin/submodule mismatches

* Fix mismatched pins

* Fix ada_toml remote
---
 .github/workflows/ci-integrity.yml | 17 +++++++++++++++++
 alire.toml                         |  6 +++---
 deps/ada-toml                      |  2 +-
 scripts/verify-pins.sh             | 23 +++++++++++++++++++++++
 4 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/ci-integrity.yml
 create mode 100755 scripts/verify-pins.sh

diff --git a/.github/workflows/ci-integrity.yml b/.github/workflows/ci-integrity.yml
new file mode 100644
index 00000000..b3eda88e
--- /dev/null
+++ b/.github/workflows/ci-integrity.yml
@@ -0,0 +1,17 @@
+# This workflow verifies that all pinned dependencies match the submodule
+# versions.
+
+name: Integrity Checks
+on:
+  pull_request:
+
+jobs:
+  verify-pins:
+    name: Pins & Submodules
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Verify pinned dependencies
+        run: scripts/verify-pins.sh
\ No newline at end of file
diff --git a/alire.toml b/alire.toml
index 67c68410..95e52597 100644
--- a/alire.toml
+++ b/alire.toml
@@ -58,8 +58,8 @@ url    = "https://github.com/mosteo/aaa"
 commit = "73d99ae1ff2f5210dc41c2ea7afebe600f9e9916"
 
 [pins.ada_toml]
-url    = "https://github.com/pmderodat/ada-toml"
-commit = "e760110ad2b5b776a44dace31b8421532e429fbb"
+url    = "https://github.com/mosteo/ada-toml"
+commit = "33eaab64b9d531e240c3f525ad80a1f3eb8b9633"
 
 [pins.ansiada]
 url    = "https://github.com/mosteo/ansi-ada"
@@ -107,7 +107,7 @@ commit = "4861e32bd8a2f0df038d3ecc9a72b6381e7a34cc"
 
 [pins.simple_logging]
 url    = "https://github.com/alire-project/simple_logging"
-commit = "a8561d302beb037887cb9980319039c5f86ad9c8"
+commit = "f45bf378588dc1d0479cc24eb0eb41dc99f69cb4"
 
 [pins.si_units]
 url    = "https://github.com/mosteo/si_units"
diff --git a/deps/ada-toml b/deps/ada-toml
index b0c9e6a6..33eaab64 160000
--- a/deps/ada-toml
+++ b/deps/ada-toml
@@ -1 +1 @@
-Subproject commit b0c9e6a6b96054b8afed14959e4140960285d552
+Subproject commit 33eaab64b9d531e240c3f525ad80a1f3eb8b9633
diff --git a/scripts/verify-pins.sh b/scripts/verify-pins.sh
new file mode 100755
index 00000000..b757825a
--- /dev/null
+++ b/scripts/verify-pins.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# Verify that all pins in alire.toml match the submodule versions.
+# Must be run from the repository root
+
+# Install tomlq if not already installed
+if ! command -v tomlq &> /dev/null; then
+    sudo apt-get install -y yq
+fi
+
+# Iterate over pins getting their commit hashes
+exit_code=0
+submodules=$(git submodule)
+while read -r dep_name commit_hash; do
+    if echo "$submodules" | grep -q $commit_hash; then
+        echo "OK:    $commit_hash $dep_name"
+    else
+        echo "ERROR: $commit_hash $dep_name"
+        exit_code=1
+    fi
+done < <(tomlq -r '.pins[] | to_entries[] | "\(.key) \(.value.commit)"' alire.toml)
+
+exit $exit_code
\ No newline at end of file
-- 
2.39.5