diff options
Diffstat (limited to 'roles/pacman/tasks/main.yml')
| -rw-r--r-- | roles/pacman/tasks/main.yml | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml index e628873..ed9250d 100644 --- a/roles/pacman/tasks/main.yml +++ b/roles/pacman/tasks/main.yml @@ -1,4 +1,5 @@ -- become: true +- name: Upgrade packages or fail gracefully + become: true block: - name: Upgrade packages community.general.pacman: @@ -7,31 +8,35 @@ register: pacman_result notify: reboot - - debug: + - name: Show upgraded packages + ansible.builtin.debug: var: pacman_result.packages when: pacman_result.changed - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers rescue: - - fail: + - name: Fail if /etc is not versioned + ansible.builtin.fail: msg: Upgrading packages failed for an unknown reason! when: not etc_versioned - name: Check for changes in /etc - command: git status --porcelain=v1 + ansible.builtin.command: git status --porcelain=v1 args: chdir: /etc register: git_status changed_when: false failed_when: false - - fail: + - name: Fail if there're no unstaged changes in /etc + ansible.builtin.fail: msg: Upgrading packages failed for an unknown reason! when: not git_status.stdout - name: All changes in /etc are in pacman.d/gnupg? - shell: | + ansible.builtin.shell: | + set -o pipefail && \ git status --porcelain=v1 \ | cut -c 4- \ | grep -G -v '^pacman.d/gnupg/' @@ -42,20 +47,21 @@ failed_when: false - name: Commit changes in /etc - command: | + ansible.builtin.command: | etckeeper commit 'pacman: GPG keys' when: git_status.stdout and only_gnupg.rc != 0 - - name: Upgrade packages after GPG keys + - name: Retry upgrading packages community.general.pacman: update_cache: true upgrade: true register: pacman_result notify: reboot - - debug: + - name: Show upgraded packages + ansible.builtin.debug: var: pacman_result.packages when: pacman_result.changed - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers |