#Importing private Go packages over HTTPS?

The docs on third-party packages suggest that Go packages sourced from private repositories should be fetched with git over SSH, by using the substitution trick (assuming GitHub): git config --global url."git@github.com:".insteadOf "https://github.com/"

But in some workplaces - like mine - git over SSH is disabled, making it difficult to pull in private Go packages into a Dagger module. I've had to resort making some of these packages public by putting them in a public repository. This is not really ideal.

Is there a plan to add support for git over HTTPS for this or is there some limitation that makes this not feasible? The same limitation does not seem to apply for extending a Dagger module with another private Dagger module: https://docs.dagger.io/extending/module-dependencies. Why is that so? I've tried to understand why by looking at some of the issues posted on GitHub, but I don't seem to get a good grasp.

I would greatly appreciate some explanation, as I find this interesting 😄.

Afaik, you could do dagger install github.com/package/name

When installing a third party Dagger module into your own Dagger module, then this is what you would do, yes. But for third party Go packages, I don't think this is the case.

I think this is observable when invoking dagger as the third party module will be built into its own container before your own module is built. You can observe this with increased verbosity when calling dagger in the shell.

For Go packages, these packages are fetched in a codegen step.

Hi Fredrik,
It's on my todo 😇 There is a big discussion on the subject, your input is very much appreciated: https://github.com/dagger/dagger/discussions/10921