`bootstrap github` and `bootstrap gitea` generate the SSH transport
key in-process, so they have no operator-supplied key to reuse for
commit signing. Both subcommands already reject
`--ssh-signing-reuse-private-key` with a provider-specific
"not supported" error, but the check sat after `bootstrapValidate`,
which fails first with the generic
"--ssh-signing-reuse-private-key requires --private-key-file"
message. A user invoking e.g. `flux bootstrap github
--ssh-signing-reuse-private-key` is told to set a flag that the
subcommand cannot honour anyway, masking the real problem.
Move the unsupported-flag rejection to the top of each `RunE` —
before the interactive PAT prompt and before `bootstrapValidate` —
so the provider-specific error wins. The deeper, now-redundant
check is dropped. `TestBootstrapProviderRejectsReuseBeforeValidate`
exercises both subcommands with the reuse flag set and no
`--private-key-file` to lock in the precedence.
Assisted-by: claude/opus-4.7
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Hidde Beydals
96fda4cd56