# Replay every tree-committed dynamic repro bundle on a stripped Ubuntu
# image so we catch regressions where a bundle silently depends on a
# language toolchain the operator does not have.
#
# The setup step removes python3, nodejs, ruby, php, and openjdk so the
# only thing the bundle can use is the docker daemon.  reproduce.sh in
# --docker mode pulls the pinned base image (via docker_pull.sh) and
# runs the harness inside the container; if the bundle accidentally
# relied on a host interpreter the run would fall over before the
# sentinel check.
#
# Adding a new fixture: extend the `matrix.fixture` list with the new
# `tests/repro_fixtures/<toolchain_id>/<spec_hash>` path.  The bundle
# must already exist on disk, see tests/repro_fixture_bundles.rs for
# the regeneration recipe.

name: repro-bare

permissions:
  contents: read

on:
  push:
    branches: ["master"]
  pull_request:
    branches: ["master"]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  bare-image-replay:
    name: repro-bare / ${{ matrix.fixture }}
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        fixture:
          - tests/repro_fixtures/python-3.11/repro
    steps:
      - uses: actions/checkout@v6

      - name: Strip language toolchains
        run: |
          set -euo pipefail
          # apt purge each package individually so a missing one does
          # not abort the strip step.  ubuntu-latest already ships
          # without ruby/php; the calls are harmless no-ops there.
          for pkg in python3 python3-minimal nodejs ruby php openjdk-8-jre openjdk-11-jre openjdk-17-jre openjdk-21-jre; do
            sudo apt-get -y purge "$pkg" || true
          done
          sudo apt-get -y autoremove
          # Confirm the strip worked — surface the failure here rather
          # than inside reproduce.sh where it would look like a bundle
          # bug.
          if command -v python3 >/dev/null 2>&1; then
            echo "error: python3 still on PATH after strip" >&2
            exit 1
          fi

      - name: Verify docker is reachable
        run: docker info

      - name: Pre-pull pinned image
        working-directory: ${{ matrix.fixture }}
        run: ./docker_pull.sh

      - name: Replay bundle via docker
        working-directory: ${{ matrix.fixture }}
        run: ./reproduce.sh --docker