Support Revert bump functionality in wazuh-kubernetes

[joaquinsgi]

Description

During the release stage bump process (e.g., when moving from alpha1 to alpha2), the bumper updates the branch and URL references across all repositories. Once the stage operations are completed, these reference changes need to be reverted.

Previously, reverting these bump references was a manual process for the teams. To improve efficiency and reduce manual labor, this final step will be automated. The bumper now supports a "revert" mode that automatically undoes the bump commit references while properly preserving the core version files, that shouldn't be reverted.

To successfully revert the bump stage, we only want to revert the references in some specific files (in the majority of them, but not all). Because of this, a standard git revert is not enough, as it would downgrade the VERSION.json file as well (for example). The automation of this process handles this selectively.

See the parent epic for full context and detailed explanations: https://github.com/wazuh/wazuh-qa-automation/issues/6702

Tasks

Note

No changes are needed in repository_bumper.sh. All modifications must be done inside the 5_bumper_repository.yml file.

Workflow updates

• 1. Add revert boolean input and fetch-depth: 0 in "Checkout repository" step:

  on:
    workflow_dispatch:
      inputs:
        # ... existing inputs
        revert:
          description: 'Set to true to revert the bump changes applied for this issue'
          default: false
          required: false
          type: boolean

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          token: ${{ env.GH_TOKEN }}
          fetch-depth: 0

• 2. Update branch name and PR title logic:

  Modify the Determine branch name step to handle the revert naming convention:

  issue_number=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}')
  
  if [[ "${{ inputs.revert }}" == "true" ]]; then
    BRANCH_NAME="enhancement/wqa${issue_number}-revert-bump-${{ github.ref_name }}"
    echo "pr_title=Revert bump ${{ github.ref_name }} branch" >> $GITHUB_OUTPUT
  else
    BRANCH_NAME="enhancement/wqa${issue_number}-bump-${{ github.ref_name }}"
    echo "pr_title=Bump ${{ github.ref_name }} branch" >> $GITHUB_OUTPUT
  fi

• 3. Conditionally skip the standard bump steps:

  Add if: inputs.revert != true to the "Make version bump changes" and "Commit changes (Bump)" steps.

  - name: Make version bump changes
    if: inputs.revert != true
    run: |
      echo "Running bump script"
      bash ${{ env.BUMP_SCRIPT_PATH }} ${{ steps.vars.outputs.script_params }}
  
  - name: Commit changes (Bump)
    if: inputs.revert != true
    run: |
      git add .
      git commit -m "feat: bump ${{ github.ref_name }}"

• 4. Add the Revert References step:

  This step must be added right after the standard commit step. IMPORTANT: Each team must identify which files manage their versioning (VERSION.json etc.) and add a git checkout HEAD line for each one to prevent them from being reverted.

  - name: Revert references (Revert)
    id: revert_step
    if: inputs.revert == true
    run: |
      ISSUE_NUMBER=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}')
  
      BUMP_BRANCH="enhancement/wqa${ISSUE_NUMBER}-bump-${{ github.ref_name }}"
  
      PR_NUMBER=$(gh pr list --head "$BUMP_BRANCH" --base "${{ github.ref_name }}" --state merged --json number --jq '.[0].number')
  
      if [ -z "$PR_NUMBER" ] || [ "$PR_NUMBER" == "null" ]; then
        echo "Error: The original PR for the bump was not found"
        echo "Searching merged PR from: $BUMP_BRANCH to ${{ github.ref_name }}"
        exit 1
      fi
  
      echo "Original PR found: #$PR_NUMBER"
  
      MERGE_COMMIT=$(gh pr view $PR_NUMBER --json mergeCommit --jq '.mergeCommit.oid')
  
      git revert -m 1 $MERGE_COMMIT --no-commit
  
      # Remove the files to prevent them from being included in the revert commit
      git checkout HEAD -- VERSION.json 2>/dev/null || true
      git checkout HEAD -- CHANGELOG.md 2>/dev/null || true
      # Add any other repository-specific version files here
  
      if git diff --staged --quiet; then
        echo "No references to revert. Skipping commit."
        echo "has_changes=false" >> $GITHUB_OUTPUT
      else
        git commit -m "feat: revert ${{ github.ref_name }} references"
        echo "has_changes=true" >> $GITHUB_OUTPUT
      fi

• 5. Update Push changes, Create pull request, and Merge pull request steps:

  Update the if condition to if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true') and ensure the Create pull request step has id: create_pr.

  - name: Push changes
    if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true')
    run: |
      git push origin ${{ steps.vars.outputs.branch_name }}
  
  - name: Create pull request
    id: create_pr
    if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true')
    run: |
      gh auth setup-git
      PR_URL=$(gh pr create \
        --title "${{ steps.vars.outputs.pr_title }}" \
        --body "Issue: ${{ inputs.issue-link }}" \
        --base ${{ github.ref_name }} \
        --head ${{ steps.vars.outputs.branch_name }})
  
      echo "Pull request created: ${PR_URL}"
      echo "pull_request_url=${PR_URL}" >> $GITHUB_OUTPUT
  
  - name: Merge pull request
    if: inputs.revert != true || (inputs.revert == true && steps.revert_step.outputs.has_changes == 'true')
    run: |
      # Any checks for the PR are bypassed since the branch is expected to be functional
      gh pr merge "${{ steps.create_pr.outputs.pull_request_url }}" --merge --admin

• 6. Update Show Logs steps:

  Split the step to prevent workflow failures during a revert (since no bash script is executed):

  - name: Show logs
    if: inputs.revert != true
    run: |
      echo "Bump complete."
      echo "Branch: ${{ steps.vars.outputs.branch_name }}"
      echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}"
      echo "Bumper scripts logs:"
      cat ${BUMP_LOG_PATH}/repository_bumper*log
  
  - name: Show revert logs
    if: inputs.revert == true
    run: |
      echo "Revert bump complete."
      echo "Branch: ${{ steps.vars.outputs.branch_name }}"
      echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}"
      echo "Revert bumper scripts logs:"
      cat ${BUMP_LOG_PATH}/repository_bumper*log || true

Validate

• Trigger the workflow on a branch with revert=false normal bump script runs, references, and version values updated → PR created correctly.
• Merge the previous PR and trigger the workflow on the same branch with revert=true and issue-link pointing to the previous execution's issue, script bypassed, gh cli finds the PR, git reverts the commit, core version files are preserved → new Revert PR created.
• Verify that triggering revert=true when only VERSION.json was updated in the original bump results in a clean exit (no empty PR created).

[Enaraque]

Update report

Trigger the workflow on a branch with revert=false normal bump script runs, references, and version values updated → PR created correctly.

Job: https://github.com/wazuh/wazuh-kubernetes/actions/runs/24999308568
PR: #1407

Merge the previous PR and trigger the workflow on the same branch with revert=true and issue-link pointing to the previous execution's issue, script bypassed, gh cli finds the PR, git reverts the commit, core version files are preserved → new Revert PR created.

Job: https://github.com/wazuh/wazuh-kubernetes/actions/runs/25000074558
PR: #1408