aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/pacman
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-09-11 18:01:37 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-09-12 10:17:24 +0200
commit3b7ba8532f31d221c0708e2d6733bccdd3935f91 (patch)
tree9ba4be99b8a6589d30f94a9fa029cd8ec56d23ef /roles/pacman
parentfix some ansible-lint warnings (diff)
downloadinfra-ansible-3b7ba8532f31d221c0708e2d6733bccdd3935f91.tar.gz
infra-ansible-3b7ba8532f31d221c0708e2d6733bccdd3935f91.zip
etckeeper: manage the ignore list
Diffstat (limited to '')
-rw-r--r--roles/pacman/tasks/main.yml70
1 files changed, 9 insertions, 61 deletions
diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml
index 5ed782f..a235d7d 100644
--- a/roles/pacman/tasks/main.yml
+++ b/roles/pacman/tasks/main.yml
@@ -1,62 +1,10 @@
-- name: Upgrade packages or fail gracefully
+- name: Upgrade packages
become: true
- block:
- - name: Upgrade packages
- community.general.pacman:
- update_cache: true
- upgrade: true
- register: pacman_result
- notify: pacman_upgraded
-
- - name: Reboot if necessary
- ansible.builtin.meta: flush_handlers
- rescue:
- - name: Check if /etc is versioned
- ansible.builtin.file:
- path: /etc/.git/config
- state: file
- register: etc_versioned
-
- - name: Fail if /etc is not versioned
- ansible.builtin.fail:
- msg: Upgrading packages failed for an unknown reason!
- when: not etc_versioned
-
- - name: Check for changes in /etc
- ansible.builtin.command: # noqa: command-instead-of-module
- cmd: git status --porcelain=v1
- chdir: /etc
- register: git_status
- changed_when: false
-
- - name: Fail if there're no uncommitted changes in /etc
- ansible.builtin.fail:
- msg: Upgrading packages failed for an unknown reason!
- when: not git_status.stdout
-
- - name: All changes in /etc are in pacman.d/gnupg?
- ansible.builtin.shell: |
- set -o pipefail && \
- git status --porcelain=v1 \
- | cut -c 4- \
- | grep -G -v '^pacman.d/gnupg/'
- args:
- chdir: /etc
- register: only_gnupg
- changed_when: false
- failed_when: only_gnupg.rc not in [0, 1]
-
- - name: Commit changes in /etc/pacman.d/gnupg
- ansible.builtin.command: |
- etckeeper commit 'pacman: GPG keys'
- when: only_gnupg.rc == 1
-
- - name: Retry upgrading packages
- community.general.pacman:
- update_cache: true
- upgrade: true
- register: pacman_result
- notify: pacman_upgraded
-
- - name: Reboot if necessary
- ansible.builtin.meta: flush_handlers
+ community.general.pacman:
+ update_cache: true
+ upgrade: true
+ register: pacman_result
+ notify: pacman_upgraded
+
+- name: Reboot if necessary
+ ansible.builtin.meta: flush_handlers