chore: rollback rule

apps/workspace-engine/oapi/openapi.json

@@ -1313,6 +1313,9 @@
                "retry": {
                   "$ref": "#/components/schemas/RetryRule"
                },
+               "rollback": {
+                  "$ref": "#/components/schemas/RollbackRule"
+               },
                "verification": {
                   "$ref": "#/components/schemas/VerificationRule"
                },
@@ -1851,6 +1854,23 @@
             ],
             "type": "object"
          },
+         "RollbackRule": {
+            "properties": {
+               "onJobStatuses": {
+                  "description": "Job statuses that will trigger a rollback",
+                  "items": {
+                     "$ref": "#/components/schemas/JobStatus"
+                  },
+                  "type": "array"
+               },
+               "onVerificationFailure": {
+                  "default": false,
+                  "description": "If true, a release target will be rolled back if the verification fails",
+                  "type": "boolean"
+               }
+            },
+            "type": "object"
+         },
          "RuleEvaluation": {
             "properties": {
                "actionRequired": {

apps/workspace-engine/oapi/spec/schemas/policy.jsonnet

@@ -65,6 +65,7 @@ local openapi = import '../lib/openapi.libsonnet';
       deploymentWindow: openapi.schemaRef('DeploymentWindowRule'),
       verification: openapi.schemaRef('VerificationRule'),
       versionCooldown: openapi.schemaRef('VersionCooldownRule'),
+      rollback: openapi.schemaRef('RollbackRule'),
     },
   },
 
@@ -235,6 +236,22 @@ local openapi = import '../lib/openapi.libsonnet';
     },
   },
 
+  RollbackRule: {
+    type: 'object',
+    properties: {
+      onJobStatuses: {
+        type: 'array',
+        items: openapi.schemaRef('JobStatus'),
+        description: 'Job statuses that will trigger a rollback',
+      },
+      onVerificationFailure: {
+        type: 'boolean',
+        default: false,
+        description: 'If true, a release target will be rolled back if the verification fails',
+      },
+    },
+  },
+
   DeployDecision: {
     type: 'object',
     required: ['policyResults'],

apps/workspace-engine/pkg/workspace/releasemanager/action/action.go

@@ -9,10 +9,11 @@ import (
 type ActionTrigger string
 
 const (
-	TriggerJobCreated ActionTrigger = "job.created"
-	TriggerJobStarted ActionTrigger = "job.started"
-	TriggerJobSuccess ActionTrigger = "job.success"
-	TriggerJobFailure ActionTrigger = "job.failure"
+	TriggerJobCreated      ActionTrigger = "job.created"
+	TriggerJobStarted      ActionTrigger = "job.started"
+	TriggerJobSuccess      ActionTrigger = "job.success"
+	TriggerJobFailure      ActionTrigger = "job.failure"
+	TriggerJobStatusChange ActionTrigger = "job.statuschange"
 )
 
 // ActionContext provides context for action execution

apps/workspace-engine/pkg/workspace/releasemanager/action/orchestrator.go

@@ -132,5 +132,9 @@ func determineTrigger(
 		return TriggerJobFailure
 	}
 
+	if currentStatus != previousStatus {
+		return TriggerJobStatusChange
+	}
+
 	return ""
 }

apps/workspace-engine/pkg/workspace/releasemanager/action/rollback/hooks.go

@@ -0,0 +1,159 @@
+package rollback
+
+import (
+	"context"
+	"time"
+	"workspace-engine/pkg/oapi"
+	"workspace-engine/pkg/workspace/releasemanager/deployment/jobs"
+	"workspace-engine/pkg/workspace/releasemanager/verification"
+	"workspace-engine/pkg/workspace/store"
+
+	"github.com/google/uuid"
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
+)
+
+var hookTracer = otel.Tracer("RollbackHooks")
+
+type RollbackHooks struct {
+	store      *store.Store
+	dispatcher *jobs.Dispatcher
+}
+
+var _ verification.VerificationHooks = &RollbackHooks{}
+
+func NewRollbackHooks(store *store.Store, dispatcher *jobs.Dispatcher) *RollbackHooks {
+	return &RollbackHooks{
+		store:      store,
+		dispatcher: dispatcher,
+	}
+}
+
+func (h *RollbackHooks) OnVerificationStarted(ctx context.Context, verification *oapi.JobVerification) error {
+	return nil
+}
+
+func (h *RollbackHooks) OnMeasurementTaken(ctx context.Context, verification *oapi.JobVerification, metricIndex int, measurement *oapi.VerificationMeasurement) error {
+	return nil
+}
+
+func (h *RollbackHooks) OnMetricComplete(ctx context.Context, verification *oapi.JobVerification, metricIndex int) error {
+	return nil
+}
+
+func (h *RollbackHooks) OnVerificationComplete(ctx context.Context, verificationResult *oapi.JobVerification) error {
+	ctx, span := hookTracer.Start(ctx, "RollbackHooks.OnVerificationComplete")
+	defer span.End()
+
+	span.SetAttributes(
+		attribute.String("verification.id", verificationResult.Id),
+		attribute.String("verification.job_id", verificationResult.JobId),
+	)
+
+	status := verificationResult.Status()
+	span.SetAttributes(attribute.String("verification.status", string(status)))
+
+	if status != oapi.JobVerificationStatusFailed {
+		span.SetStatus(codes.Ok, "verification did not fail")
+		return nil
+	}
+
+	job, ok := h.store.Jobs.Get(verificationResult.JobId)
+	if !ok {
+		span.SetStatus(codes.Error, "job not found")
+		return nil
+	}
+
+	release, ok := h.store.Releases.Get(job.ReleaseId)
+	if !ok {
+		span.SetStatus(codes.Error, "release not found")
+		return nil
+	}
+
+	span.SetAttributes(
+		attribute.String("release.id", release.ID()),
+		attribute.String("release_target.key", release.ReleaseTarget.Key()),
+	)
+
+	policies, err := h.store.ReleaseTargets.GetPolicies(ctx, &release.ReleaseTarget)
+	if err != nil {
+		span.RecordError(err)
+		span.SetStatus(codes.Error, "failed to get policies")
+		return nil
+	}
+
+	if !h.shouldRollbackOnVerificationFailure(policies) {
+		span.SetAttributes(attribute.Bool("rollback_applicable", false))
+		span.SetStatus(codes.Ok, "no applicable rollback policy for verification failure")
+		return nil
+	}
+
+	span.SetAttributes(attribute.Bool("rollback_applicable", true))
+
+	currentRelease, lastSuccessfulJob, err := h.store.ReleaseTargets.GetCurrentRelease(ctx, &release.ReleaseTarget)
+	if err != nil {
+		span.AddEvent("No previous release to roll back to")
+		span.SetStatus(codes.Ok, "no previous release available")
+		return nil
+	}
+
+	// Don't rollback to the same release
+	if currentRelease.ID() == release.ID() {
+		span.AddEvent("Current release is the same as failed release, no rollback needed")
+		span.SetStatus(codes.Ok, "already on current release")
+		return nil
+	}
+
+	span.SetAttributes(
+		attribute.String("rollback_to_release.id", currentRelease.ID()),
+		attribute.String("rollback_to_version.id", currentRelease.Version.Id),
+		attribute.String("rollback_to_version.tag", currentRelease.Version.Tag),
+	)
+
+	now := time.Now()
+	newJob := oapi.Job{
+		Id:             uuid.New().String(),
+		ReleaseId:      lastSuccessfulJob.ReleaseId,
+		JobAgentId:     lastSuccessfulJob.JobAgentId,
+		JobAgentConfig: lastSuccessfulJob.JobAgentConfig,
+		Status:         oapi.JobStatusPending,
+		CreatedAt:      now,
+		UpdatedAt:      now,
+	}
+
+	h.store.Jobs.Upsert(ctx, &newJob)
+
+	if err := h.dispatcher.DispatchJob(ctx, &newJob); err != nil {
+		span.RecordError(err)
+		span.SetStatus(codes.Error, "rollback execution failed")
+		return err
+	}
+
+	span.SetStatus(codes.Ok, "rollback executed successfully")
+	return nil
+}
+
+func (h *RollbackHooks) OnVerificationStopped(ctx context.Context, verification *oapi.JobVerification) error {
+	return nil
+}
+
+func (h *RollbackHooks) shouldRollbackOnVerificationFailure(policies []*oapi.Policy) bool {
+	for _, policy := range policies {
+		if !policy.Enabled {
+			continue
+		}
+
+		for _, rule := range policy.Rules {
+			if rule.Rollback == nil {
+				continue
+			}
+
+			if rule.Rollback.OnVerificationFailure != nil && *rule.Rollback.OnVerificationFailure {
+				return true
+			}
+		}
+	}
+
+	return false
+}

apps/workspace-engine/pkg/workspace/releasemanager/action/rollback/rollback.go

@@ -0,0 +1,120 @@
+package rollback
+
+import (
+	"context"
+	"slices"
+	"time"
+	"workspace-engine/pkg/oapi"
+	"workspace-engine/pkg/workspace/releasemanager/action"
+	"workspace-engine/pkg/workspace/releasemanager/deployment/jobs"
+	"workspace-engine/pkg/workspace/store"
+
+	"github.com/google/uuid"
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/codes"
+)
+
+var tracer = otel.Tracer("RollbackAction")
+
+type RollbackAction struct {
+	store      *store.Store
+	dispatcher *jobs.Dispatcher
+}
+
+func NewRollbackAction(store *store.Store, dispatcher *jobs.Dispatcher) *RollbackAction {
+	return &RollbackAction{
+		store:      store,
+		dispatcher: dispatcher,
+	}
+}
+
+func (r *RollbackAction) Name() string {
+	return "rollback"
+}
+
+func (r *RollbackAction) Execute(
+	ctx context.Context,
+	trigger action.ActionTrigger,
+	actx action.ActionContext,
+) error {
+	ctx, span := tracer.Start(ctx, "RollbackAction.Execute")
+	defer span.End()
+
+	span.SetAttributes(
+		attribute.String("trigger", string(trigger)),
+		attribute.String("release.id", actx.Release.ID()),
+		attribute.String("job.id", actx.Job.Id),
+		attribute.String("job.status", string(actx.Job.Status)),
+	)
+
+	if !r.shouldRollback(actx.Policies, actx.Job.Status) {
+		span.SetAttributes(attribute.Bool("rollback_applicable", false))
+		span.SetStatus(codes.Ok, "no applicable rollback policy")
+		return nil
+	}
+
+	span.SetAttributes(attribute.Bool("rollback_applicable", true))
+
+	currentRelease, lastSuccessfulJob, err := r.store.ReleaseTargets.GetCurrentRelease(ctx, &actx.Release.ReleaseTarget)
+	if err != nil {
+		span.AddEvent("No previous release to roll back to")
+		span.SetStatus(codes.Ok, "no previous release available")
+		return nil
+	}
+
+	if currentRelease.ID() == actx.Release.ID() {
+		span.AddEvent("Current release is the same as failed release, no rollback needed")
+		span.SetStatus(codes.Ok, "already on current release")
+		return nil
+	}
+
+	span.SetAttributes(
+		attribute.String("rollback_to_release.id", currentRelease.ID()),
+		attribute.String("rollback_to_version.id", currentRelease.Version.Id),
+		attribute.String("rollback_to_version.tag", currentRelease.Version.Tag),
+	)
+
+	now := time.Now()
+	newJob := oapi.Job{
+		Id:             uuid.New().String(),
+		ReleaseId:      lastSuccessfulJob.ReleaseId,
+		JobAgentId:     lastSuccessfulJob.JobAgentId,
+		JobAgentConfig: lastSuccessfulJob.JobAgentConfig,
+		Status:         oapi.JobStatusPending,
+		CreatedAt:      now,
+		UpdatedAt:      now,
+	}
+
+	r.store.Jobs.Upsert(ctx, &newJob)
+
+	if err := r.dispatcher.DispatchJob(ctx, &newJob); err != nil {
+		span.RecordError(err)
+		span.SetStatus(codes.Error, "rollback execution failed")
+		return err
+	}
+
+	span.SetStatus(codes.Ok, "rollback executed successfully")
+	return nil
+}
+
+func (r *RollbackAction) shouldRollback(policies []*oapi.Policy, jobStatus oapi.JobStatus) bool {
+	for _, policy := range policies {
+		if !policy.Enabled {
+			continue
+		}
+
+		for _, rule := range policy.Rules {
+			if rule.Rollback == nil {
+				continue
+			}
+
+			if rule.Rollback.OnJobStatuses != nil &&
+				slices.Contains(*rule.Rollback.OnJobStatuses, jobStatus) {
+				return true
+			}
+		}
+	}
+
+	return false
+}