Harden flaky merge-architectures generative test

[cap10morgan]

Problem

The docker-clojure.variant/merge-architectures fdef generative test intermittently crashed CI with Couldn't satisfy such-that predicate after 100 tries (it flaked once on #286 and re-ran green). It was failing roughly half the time at higher trial counts.

Root cause

clojure.spec's gensub wraps every generator — including custom :gens — with (such-that #(valid? spec %) g 100). Anything in the spec tree feeding ::variant that emits a spec-invalid value, or can't produce a valid one at some generator size, starves that filter and throws. Several did:

• ::variant's ::core/all branch dissoc'd :distro/:base-image/:base-image-tag/:docker-tag — all required by ::variant-base — so every ::all variant it built was invalid and silently filtered (starving when they clustered). It was also just wrong: real ::all/latest variants from ->map keep those keys. Now kept (so ::all variants are valid and actually exercised).
• :build-tool-versions was generated by gen/map over the two-element #{"lein" "tools-deps"} key domain, which occasionally targets >2 distinct keys and starves. Now built by construction.
• ::non-blank-string / ::jdk-version had no :gen, so gensub generated from string?/pos-int? and filtered with such-that; at size 0 those yield "" / values < 8. ("" also fails, and short strings collide in :distinct sets like ::architectures.) Now generated valid by construction (8–32 char alphanumerics; ints in [8,30]).

Also fixed merge-architectures' :fn, which derived its key set from the first variant and projected the rest onto it — miscounting heterogeneous variants (e.g. ::all ones carrying :build-tool-versions). It now counts distinct (dissoc v :architecture), mirroring equal-except-architecture?.

Result

Cuts the crash rate from ~50% to under 1% across 200k+ generative trials (bb test and cljfmt pass). The property itself is correct — 0 counterexamples in 12k+ direct samples.

Known residual

A rare (<1%) starvation remains: it's inherent to spec's gensub such-that(valid?) filtering over this large composite generator — each fixed source exposes another at similar rarity. Fully eliminating it would mean replacing spec-driven generation of ::variant/::args with hand-rolled primitive generators (no gensub). Left as a follow-up; happy to do it if preferred.

[Quantisan]

👌 for PR, but see comment.

[Quantisan]

Hardening 👌

Just thinking out loud, non-blocking on this PR. This comment got me to checking out equal-except-architecture?, unique-variants, and the old variant-keys.

the domain concept here is "two builds are the same image except for CPU architecture." This equivalence relation is what merge-architectures builds on. But we seem to apply this concept ad hoc, and in two different ways:

1. production: equal-except-architecture? -> some
2. test logic: previously with select-keys and now with dissoc

They give the same count but they're not the same definition. Saying they 'mirror' each other isn't quite true.

Might be worth a follow up... a single source of truth for "same image except arch".

[cap10morgan]

Great call — followed it up in 70d4abe.

There were genuinely two definitions of "same image except architecture": production's equal-except-architecture? (compare-based equality on the variant minus :architecture) and the test (dissoc :architecture + set). Same count, different definitions, as you noted.

Both now collapse onto docker/full-tag as the single source of truth — it already encodes JDK, distro, and build tool but never the architecture, so it's the natural identity for "same image." equal-except-architecture? is now just (and (not= arch) (= full-tag full-tag)), and the test counts distinct full-tags. Dropped the now-unused equal? helper too.