move Ansible files to src/

author: Egor Tensin <Egor.Tensin@gmail.com> 2023-07-31 23:44:54 +0200
committer: Egor Tensin <Egor.Tensin@gmail.com> 2023-07-31 23:44:54 +0200
commit: 727ab17a644d52105746e18c301cf733b1181507 (patch)
tree: 71113c6efae3074899de965aee5489cb76362f8e /src/roles/pacman/tasks
parent: downgrade Ansible (diff)
download: maintenance-727ab17a644d52105746e18c301cf733b1181507.tar.gz
maintenance-727ab17a644d52105746e18c301cf733b1181507.zip
1 files changed, 67 insertions, 0 deletions
diff --git a/src/roles/pacman/tasks/main.yml b/src/roles/pacman/tasks/main.yml
new file mode 100644
index 0000000..ed9250d
--- /dev/null
+++ b/src/roles/pacman/tasks/main.yml
@@ -0,0 +1,67 @@
+- name: Upgrade packages or fail gracefully
+  become: true
+  block:
+    - name: Upgrade packages
+      community.general.pacman:
+        update_cache: true
+        upgrade: true
+      register: pacman_result
+      notify: reboot
+
+    - name: Show upgraded packages
+      ansible.builtin.debug:
+        var: pacman_result.packages
+      when: pacman_result.changed
+
+    - name: Flush handlers
+      ansible.builtin.meta: flush_handlers
+  rescue:
+    - name: Fail if /etc is not versioned
+      ansible.builtin.fail:
+        msg: Upgrading packages failed for an unknown reason!
+      when: not etc_versioned
+
+    - name: Check for changes in /etc
+      ansible.builtin.command: git status --porcelain=v1
+      args:
+        chdir: /etc
+      register: git_status
+      changed_when: false
+      failed_when: false
+
+    - name: Fail if there're no unstaged changes in /etc
+      ansible.builtin.fail:
+        msg: Upgrading packages failed for an unknown reason!
+      when: not git_status.stdout
+
+    - name: All changes in /etc are in pacman.d/gnupg?
+      ansible.builtin.shell: |
+        set -o pipefail && \
+        git status --porcelain=v1 \
+            | cut -c 4- \
+            | grep -G -v '^pacman.d/gnupg/'
+      args:
+        chdir: /etc
+      register: only_gnupg
+      changed_when: false
+      failed_when: false
+
+    - name: Commit changes in /etc
+      ansible.builtin.command: |
+        etckeeper commit 'pacman: GPG keys'
+      when: git_status.stdout and only_gnupg.rc != 0
+
+    - name: Retry upgrading packages
+      community.general.pacman:
+        update_cache: true
+        upgrade: true
+      register: pacman_result
+      notify: reboot
+
+    - name: Show upgraded packages
+      ansible.builtin.debug:
+        var: pacman_result.packages
+      when: pacman_result.changed
+
+    - name: Flush handlers
+      ansible.builtin.meta: flush_handlers
author	Egor Tensin <Egor.Tensin@gmail.com>	2023-07-31 23:44:54 +0200
committer	Egor Tensin <Egor.Tensin@gmail.com>	2023-07-31 23:44:54 +0200
commit	727ab17a644d52105746e18c301cf733b1181507 (patch)
tree	71113c6efae3074899de965aee5489cb76362f8e /src/roles/pacman/tasks
parent	downgrade Ansible (diff)
download	maintenance-727ab17a644d52105746e18c301cf733b1181507.tar.gz maintenance-727ab17a644d52105746e18c301cf733b1181507.zip