name: session-continuity-e2e

# Per-template wrapper for the molecule-core/local-e2e canary harness.
# DO NOT EDIT THIS FILE IN A TEMPLATE REPO — the canonical copy lives at
# molecule-ai/molecule-core:local-e2e/templates/session-continuity-e2e.yml
# (feedback_no_single_source_of_truth). The onboard-template.sh script
# copies it verbatim into each template; future fixes propagate via that
# helper, not by editing the template-side copy.
#
# What this workflow does:
#   1. Build THIS template's runtime image locally on the docker-host runner.
#   2. Clone molecule-core (canonical harness source).
#   3. Invoke local-e2e/scripts/run-canary.sh with TEMPLATE_IMAGE set to
#      the just-built local image.
#   4. Upload artifacts/ on failure for post-mortem.
#
# Required-context flip:
#   This workflow posts a status under the literal context name
#   "session-continuity-e2e (pull_request)" — Gitea's standard
#   <workflow-name> (<event>) format. To make it REQUIRED, add that
#   exact string to the template repo's branch_protection
#   status_check_contexts list. See README.md for the bake-period rule.
#
# Gitea 1.22.6 / act_runner notes (cross-refs to known footguns):
#   - No cross-repo `uses:` (feedback_gitea_cross_repo_uses_blocked) —
#     we clone molecule-core via plain git instead.
#   - Per-SHA concurrency (feedback_concurrency_group_per_sha).
#   - Workflow-level GITHUB_SERVER_URL pinned to the Gitea host
#     (feedback_act_runner_github_server_url).
#   - Runs on docker-host pool — NOT the heavy CI pool — per CTO
#     directive "separate CI as possible" and the <3 min target.

on:
  pull_request:
    branches: [main]
  push:
    branches: [main]

concurrency:
  group: session-continuity-e2e-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.head.sha || github.sha }}
  cancel-in-progress: true

env:
  GITHUB_SERVER_URL: https://git.moleculesai.app

jobs:
  session-continuity-e2e:
    runs-on: docker-host
    timeout-minutes: 8
    steps:
      - name: Checkout template
        uses: actions/checkout@v4
        with:
          path: template

      - name: Build template image
        id: build
        working-directory: template
        run: |
          IMAGE_TAG="local-e2e-${GITHUB_SHA::12}"
          docker build -t "molecule-ai/template-under-test:${IMAGE_TAG}" .
          echo "image=molecule-ai/template-under-test:${IMAGE_TAG}" >> "$GITHUB_OUTPUT"

      - name: Clone harness from molecule-core
        run: |
          # Anonymous clone — molecule-core is internal-readable. NEVER bake
          # an auth token into the URL (feedback_credentials_in_git_url).
          git clone --depth 1 "${GITHUB_SERVER_URL}/molecule-ai/molecule-core.git" harness

      - name: Run canary
        env:
          TEMPLATE_IMAGE: ${{ steps.build.outputs.image }}
          CANARY_RUN_ID: ${{ github.run_id }}-${{ github.run_attempt }}
        run: |
          cd harness
          ./local-e2e/scripts/run-canary.sh

      - name: Upload artifacts on failure
        if: failure()
        uses: actions/upload-artifact@v4
        with:
          name: session-continuity-canary-${{ github.run_id }}
          path: harness/local-e2e/artifacts/
          if-no-files-found: warn
          retention-days: 7