From 395a56e0789f9b7ee1337c7736d04f487ccccdcb Mon Sep 17 00:00:00 2001
From: Guilherme Santos <santos1709@gmail.com>
Date: Wed, 13 May 2026 15:24:36 +0200
Subject: [PATCH] Add revert logic, remove auto img registering

---
 .github/workflows/lcm-pipeline.yaml      | 83 +++++++++++++++++-------
 .github/workflows/promote-to-stable.yaml |  8 ++-
 VERSION                                  |  2 +-
 3 files changed, 69 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/lcm-pipeline.yaml b/.github/workflows/lcm-pipeline.yaml
index b7b2aad87..c30438e5d 100644
--- a/.github/workflows/lcm-pipeline.yaml
+++ b/.github/workflows/lcm-pipeline.yaml
@@ -36,7 +36,8 @@ jobs:
       image_tag: ${{ steps.gen-image-tag.outputs.image_tag }}
       pipeline_identifier: ${{ github.run_id }}
       service_version: ${{ steps.read-version.outputs.service_version }}
-      service_major_version: ${{ steps.read-version.outputs.service_major_version }}
+      is_revert: ${{ steps.revert-check.outputs.is_revert }}
+      revert_image_tag: ${{ steps.revert-check.outputs.revert_image_tag }}
     steps:
       - uses: actions/checkout@v5
         with:
@@ -62,8 +63,28 @@ jobs:
         run: |
           version=$(cat VERSION | tr -d '\n')
           echo "service_version=$version" >> $GITHUB_OUTPUT
-          major=$(echo "$version" | cut -d. -f1)
-          echo "service_major_version=M$major" >> $GITHUB_OUTPUT
+      - name: Detect revert and find previous stable tag
+        id: revert-check
+        env:
+          GH_TOKEN: ${{ secrets.TOKEN_GITHUB_YENKINS }}
+        run: |
+          is_revert=false
+          revert_image_tag=""
+          title="${{ github.event.pull_request.title }}"
+          body="${{ github.event.pull_request.body }}"
+
+          if [[ "$title" == Revert* ]]; then
+            is_revert=true
+            original_pr=$(echo "$body" | grep -oP 'Reverts [^#]+#\K[0-9]+')
+            if [[ -n "$original_pr" ]]; then
+              merge_sha=$(gh pr view "$original_pr" --json mergeCommit -q '.mergeCommit.oid')
+              prev_version=$(git show "${merge_sha}^1:VERSION" | tr -d '\n')
+              revert_image_tag="${prev_version}"
+            fi
+          fi
+
+          echo "is_revert=$is_revert" >> $GITHUB_OUTPUT
+          echo "revert_image_tag=$revert_image_tag" >> $GITHUB_OUTPUT
 
   dockerfiles-validation:
     needs: [ prepare-build ]
@@ -134,7 +155,6 @@ jobs:
             ${{ needs.prepare-build.outputs.image_tag }}
             ${{ inputs.deploy && 'latest' || '' }}
             ${{ inputs.deploy && needs.prepare-build.outputs.service_version || '' }}
-            ${{ inputs.deploy && needs.prepare-build.outputs.service_major_version || '' }}
           build-context: ${{ steps.load-config.outputs.CONTAINER_CONTEXT }}
           container-file: ${{ steps.get-image-config.outputs.CONTAINER_FILE }}
           vault-url: '${{ secrets.VAULT_ADDRESS }}'
@@ -285,37 +305,56 @@ jobs:
     with:
       images: ${{ needs.prepare-build.outputs.images }}
       charts: ${{ needs.build-helmreleases.outputs.built_charts || '{}' }}
-      image_tag: ${{ needs.prepare-build.outputs.service_major_version }}
+      image_tag: ${{ needs.prepare-build.outputs.service_version }}
     secrets: inherit
 
-  register-bricks-prod:
+  promote-revert-to-stable:
+    needs: [ prepare-build ]
+    if: |
+      !cancelled() &&
+      needs.prepare-build.outputs.is_revert == 'true' &&
+      needs.prepare-build.outputs.revert_image_tag != '' &&
+      inputs.deploy
+    uses: ./.github/workflows/promote-to-stable.yaml
+    with:
+      images: ${{ needs.prepare-build.outputs.images }}
+      charts: '{}'
+      image_tag: ${{ needs.prepare-build.outputs.revert_image_tag }}
+      latest_tag: ${{ needs.prepare-build.outputs.revert_image_tag }}
+    secrets: inherit
+
+  notify-image-available:
     runs-on:
       group: infra1-runners-arc
       labels: runners-small
-    needs: [ prepare-build, promote-to-stable ]
+    needs: [ prepare-build ]
+    permissions:
+      pull-requests: write
     if: |
       !cancelled() &&
       !contains(needs.*.result, 'failure') &&
       needs.prepare-build.outputs.images != '[]' &&
       needs.prepare-build.outputs.images != '' &&
       inputs.deploy
-    strategy:
-      matrix:
-        cluster: [ na1, ca2, perf1, bom1, syd1, na3, eu1, fra1 ]
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-      - name: Register bricks to ${{ matrix.cluster }}
-        uses: ./.github/actions/rundeck
-        with:
-          server: '${{ secrets.RUNDECK_URL }}'
-          project: ${{ matrix.cluster }}-ansible
-          job-group: ansible/msf/hotfix
-          job-name: ${{ matrix.cluster }}_lcm_pipeline_component_tool
-          vault-url: ${{ secrets.VAULT_ADDRESS }}
+      - name: Comment on PR
+        run: |
+          gh pr comment ${{ inputs.pr_number }} \
+            --repo ${{ github.repository }} \
+            --body "## LCM bricks image available
+
+          New image \`stable/lcm-bricks\` available and tagged for all prod clusters.
+          Please, manually run the respective rundeck job for each: ${{ secrets.RUNDECK_URL }}
+
+          | | |
+          |---|---|
+          | **Version** | \`${{ needs.prepare-build.outputs.service_version }}\` |
+          | **Build tag** | \`${{ needs.prepare-build.outputs.image_tag }}\` |
+        env:
+          GH_TOKEN: ${{ secrets.TOKEN_GITHUB_YENKINS }}
 
   create-auto-merge-prod-pr:
-    needs: [ prepare-build, build-helmreleases, register-bricks-prod ]
+    needs: [ prepare-build, build-helmreleases ]
     if: |
       !cancelled() &&
       !contains(needs.*.result, 'failure') &&
@@ -335,7 +374,7 @@ jobs:
     secrets: inherit
 
   create-manual-merge-prod-pr:
-    needs: [ prepare-build, build-helmreleases, register-bricks-prod ]
+    needs: [ prepare-build, build-helmreleases ]
     if: |
       !cancelled() &&
       !contains(needs.*.result, 'failure') &&
diff --git a/.github/workflows/promote-to-stable.yaml b/.github/workflows/promote-to-stable.yaml
index b8e1aef72..52864c917 100644
--- a/.github/workflows/promote-to-stable.yaml
+++ b/.github/workflows/promote-to-stable.yaml
@@ -14,6 +14,11 @@ on:
         description: "Tag of the images to promote"
         required: true
         type: string
+      latest_tag:
+        description: "Source tag to copy as stable:latest. Defaults to 'latest' if not set."
+        required: false
+        type: string
+        default: ''
 
 jobs:
   promote-to-stable:
@@ -50,12 +55,13 @@ jobs:
         run: |
           built_images='${{ inputs.images }}'
           tag=${{ inputs.image_tag }}
+          latest_src="${{ inputs.latest_tag || 'latest' }}"
           for image in $(echo "$built_images" | jq -r '.[]'); do
             crane cp \
               "${INFRA_REPO_URL}/staging/${image}:${tag}" \
               "${INFRA_REPO_URL}/stable/${image}:${tag}"
             crane cp \
-              "${INFRA_REPO_URL}/staging/${image}:latest" \
+              "${INFRA_REPO_URL}/staging/${image}:${latest_src}" \
               "${INFRA_REPO_URL}/stable/${image}:latest"
 
             echo "Promoted image ${image} to stable"
diff --git a/VERSION b/VERSION
index 80fd26f37..f46ce326f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.7.105
+3.7.106