name: rollback on: workflow_dispatch: inputs: target_tag: description: 'Target release tag to rollback to (e.g. v1.2.3)' required: true component: description: 'Component (backend / frontend / timescaledb2 / rabbitmq3 / all)' required: true default: 'all' env: REGISTRY: 192.168.30.181:3000 REPO_PATH: wpic-dev/datahub jobs: retag: runs-on: podman steps: - name: Validate target_tag format run: | if [[ ! "${{ inputs.target_tag }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$ ]]; then echo "::error::target_tag must match semver pattern v..[-suffix]" exit 1 fi - name: Validate component run: | case "${{ inputs.component }}" in backend|frontend|timescaledb2|rabbitmq3|all) ;; *) echo "::error::component must be one of: backend / frontend / timescaledb2 / rabbitmq3 / all" exit 1 ;; esac - name: Login to Gitea Registry run: | echo "${{ secrets.DATAHUB_CI_CD }}" | \ podman login -u "${{ gitea.actor }}" --password-stdin ${{ env.REGISTRY }} - name: Re-tag stable to target release run: | set -euo pipefail components_to_rollback="" if [[ "${{ inputs.component }}" == "all" ]]; then components_to_rollback="backend frontend timescaledb2 rabbitmq3" else components_to_rollback="${{ inputs.component }}" fi for img in $components_to_rollback; do echo "=== Rolling back $img to ${{ inputs.target_tag }} ===" podman pull ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/$img:${{ inputs.target_tag }} podman tag ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/$img:${{ inputs.target_tag }} \ ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/$img:stable podman push ${{ env.REGISTRY }}/${{ env.REPO_PATH }}/$img:stable echo "✓ $img:stable now points to ${{ inputs.target_tag }}" done echo echo "Rollback complete. wpic-virt podman-auto-update.timer will pull the new" echo ":stable digest within ~5 minutes and restart affected containers."