Implement rollback for script run as pre defined stage

[ffjlabo]

What this PR does / why we need it:

Implement rollback for script run as pre defined stage.

Which issue(s) this PR fixes:

Part of #4643

Does this PR introduce a user-facing change?: Yes

• How are users affected by this change:
  Users can use onRollback feature for SCRIPT_RUN stage.
  They can execute any command when the deployment failed and the executed SCRIPT_RUN stage is included in the pipeline

• Is this breaking change: no

[codecov]

Codecov Report

Attention: 60 lines in your changes are missing coverage. Please review.

Comparison is base (d814680) 30.80% compared to head (e1c150e) 31.01%.
Report is 13 commits behind head on master.

Files	Patch %	Lines
pkg/app/piped/executor/kubernetes/rollback.go	0.00%	38 Missing ⚠️
pkg/app/piped/planner/kubernetes/pipeline.go	8.33%	21 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4743      +/-   ##
==========================================
+ Coverage   30.80%   31.01%   +0.21%     
==========================================
  Files         221      225       +4     
  Lines       26015    26325     +310     
==========================================
+ Hits         8013     8164     +151     
- Misses      17352    17510     +158     
- Partials      650      651       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ffjlabo]

📝 Changed to execute multiple kinds of rollback stages.
The changes are to do logic just like the same as before with each rollback stage.

[ffjlabo]

📝 I use metadata for the stage to recognize below on executing it.

• The commands which are executed on the rollback script run stage. (onRollback, env)
• The stage IDs of script run stages, which are used to check whether to rollback it. (baseStageID)
  • It is because I want to execute the command to rollback SCRIPT_RUN to the point where the deployment was canceled or failed.

[ffjlabo]

📝 Check the status of the script run stage to decide whether to rollback or not.
It is because the target stages should be already executed.

[ffjlabo]

📝 Added the logic to rollback executor for each application (firstly, I added on the k8s's one) because rollback stages are executed per the kind of application not per stage.

I don't have any idea to separate the rollback for application and the rollback for the stage.

[ffjlabo]

The PR summary

• Add ROLLBACK_SCRIPT_RUN stage and enable to planbe09a10
• Enable to execute multiple rollback stages 48be28e
• Add script run rollback logic to k8s app 0d0ecee

The result

I tested on local env.

apiVersion: pipecd.dev/v1beta1
kind: KubernetesApp
spec:
  name: canary-with-script-run
  labels:
    env: example
    team: product
  pipeline:
    stages:
      - name: K8S_CANARY_ROLLOUT
        with:
          replicas: 10%
      - name: WAIT
        with:
          duration: 10s
      - name: SCRIPT_RUN
        with:
          env:
            MSG: "execute script1"
            R_MSG: "rollback script1"
          run: |
            echo $MSG
            sleep 10
          onRollback: |
            echo $R_MSG
            sleep 10
      - name: K8S_PRIMARY_ROLLOUT
      - name: K8S_CANARY_CLEAN

some problems
I don't have any idea to separate the rollback for application and the rollback for the stage...

[ffjlabo]

/review

[github-actions]

PR Analysis

Main theme

"Implement rollback for SCRIPT_RUN stages in deployment pipelines"

PR summary

This PR introduces the capability to handle rollback for custom script run stages within Kubernetes deployment pipelines. It ensures that if a deployment fails or is canceled, any executed SCRIPT_RUN stages are rolled back in the reverse order they were applied.

Type of PR

Enhancement

PR Feedback:

General suggestions

The PR implements rollbacks for SCRIPT_RUN stages, which is an important feature to maintain consistency and ensure clean reverts of deployments when failures occur. Expanding the rollback mechanism to include custom script stages is a valuable addition that helps in managing complex deployment scenarios.

In the addition to the scheduler.go and the new rollback.go logic for Kubernetes, the changes appropriately handle stage interdependencies and pass necessary environment variables to rollback commands.

The FindRollbackStages function introduced to the Deployment model seems to correctly identify all stages that require rollbacks, including the new SCRIPT_RUN_ROLLBACK stages.

Code feedback

• relevant file: pkg/app/piped/controller/scheduler.go
  suggestion: |
  When iterating over rollback stages, it's important to ensure that each goroutine references its own copy of the stage variable. Due to the loop variable capture problem, goroutines may refer to the same stage which leads to unexpected rollbacks. Ensure that the variable inside the goroutine is a unique copy. (important)
  relevant line: |
  + go func() {

• relevant file: pkg/app/piped/executor/kubernetes/rollback.go
  suggestion: |
  Check the error when unmarshaling the environment metadata into the env variable and handle it appropriately instead of ignoring it. If there's an error, it could indicate potential issues with the metadata format which may lead to unexpected behavior during rollback. (medium)
  relevant line: |
  + _ = json.Unmarshal([]byte(envStr), &env)

Security concerns:

no

This PR doesn't seem to introduce any typical security concerns like SQL injection, XSS, CSRF, etc. However, the execution of external scripts does carry the inherent risk of executing malicious code if the scripts or the environment containing the hooks are compromised. Ensure that the rollback scripts are securely managed and reviewed to prevent such issues.

[khanhtc1202]

Suggested change

	e.LogPersister.Infof("Runnnig commands for rollback...")
	e.LogPersister.Info("Runnnig commands for rollback...")

[khanhtc1202]

I just want to ensure I understand this right: This means that if there is no user-defined onRollback script, this script run rollback will not do anything, right?

[khanhtc1202]

@ffjlabo What I mean here is that we may make this:

1. Add rollbackable of type bool to specify whether the current script run can be rollbacked or not, default set to false 🤔
2. In case of rollbackable stage, if onRollback is not set, re-run script instead or return error rollback script is missing
   wdyt?

[khanhtc1202]

On the second thought, I got your idea.

• If users did not define onRollback script, then there is nothing to run
• If users defined the onRollback script, then run that script
  Let's keep this idea, thanks 👍

[khanhtc1202]

I'm okay with this approach, let's rethink about making this script rollback kind independent later when we introduce app kind plugin pattern

I dismissed myself

[khanhtc1202]

Let's go 🚀

[khanhtc1202]

@t-kikuc Please check 🙏

[t-kikuc]

Go 🚀