Refactor yay update handling:

- Move AUR update task into dev-yay role - Centralize defaults (AUR_HELPER, AUR_BUILDER_USER, etc.) - Remove separate update-yay role (redundant) See conversation with ChatGPT https://chatgpt.com/share/68da3219-6d78-800f-92ad-0a5061bac8be and related work item: https://open.project.infinito.nexus/projects/cymais/work_packages/341/activity
2025-10-09 18:28:10 +02:00 · 2025-09-29 09:16:02 +02:00
parent 66f294537d
commit c06d1c4d17
8 changed files with 26 additions and 93 deletions
--- a/roles/dev-yay/defaults/main.yml
+++ b/roles/dev-yay/defaults/main.yml
@@ -0,0 +1,4 @@
+AUR_HELPER:               yay
+AUR_BUILDER_USER:         aur_builder
+AUR_BUILDER_GROUP:        wheel
+AUR_BUILDER_SUDOERS_PATH: /etc/sudoers.d/11-install-aur_builder
--- a/roles/dev-yay/tasks/01_core.yml
+++ b/roles/dev-yay/tasks/01_core.yml
@@ -6,42 +6,53 @@
  - dev-git
  - dev-base-devel

- name: install yay
+- name: Install yay build prerequisites
  community.general.pacman:
    name:
    - base-devel
    - patch
    state: present

- name: Create the `aur_builder` user
+- name: Create the AUR builder user
  become: true
  ansible.builtin.user:
-    name: aur_builder
+    name: "{{ AUR_BUILDER_USER }}"
    create_home: yes
-    group: wheel
+    group: "{{ AUR_BUILDER_GROUP }}"

- name: Allow the `aur_builder` user to run `sudo pacman` without a password
+- name: Allow AUR builder to run pacman without password
  become: true
  ansible.builtin.lineinfile:
-    path: /etc/sudoers.d/11-install-aur_builder
-    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
+    path: "{{ AUR_BUILDER_SUDOERS_PATH }}"
+    line: '{{ AUR_BUILDER_USER }} ALL=(ALL) NOPASSWD: /usr/bin/pacman'
    create: yes
    validate: 'visudo -cf %s'

 - name: Clone yay from AUR
  become: true
-  become_user: aur_builder
+  become_user: "{{ AUR_BUILDER_USER }}"
  git:
    repo: https://aur.archlinux.org/yay.git
-    dest: /home/aur_builder/yay
+    dest: "/home/{{ AUR_BUILDER_USER }}/yay"
    clone: yes
    update: yes

 - name: Build and install yay
  become: true
-  become_user: aur_builder
+  become_user: "{{ AUR_BUILDER_USER }}"
  shell: |
-    cd /home/aur_builder/yay
+    cd /home/{{ AUR_BUILDER_USER }}/yay
    makepkg -si --noconfirm
  args:
    creates: /usr/bin/yay
+
+- name: upgrade the system using yay, only act on AUR packages.
+  become: true
+  become_user: "{{ AUR_BUILDER_USER }}"
+  kewlfft.aur.aur:
+    upgrade: yes
+    use: "{{ AUR_HELPER }}"
+    aur_only: yes
+  when: MODE_UPDATE | bool
+
+- include_tasks: utils/run_once.yml
--- a/roles/dev-yay/tasks/main.yml
+++ b/roles/dev-yay/tasks/main.yml
@@ -1,5 +1,3 @@
 - block:
  - include_tasks: 01_core.yml
-  - set_fact:
-      run_once_dev_yay: true
  when: run_once_dev_yay is not defined
--- a/roles/update-compose/tasks/01_core.yml
+++ b/roles/update-compose/tasks/01_core.yml
@@ -13,22 +13,3 @@
  include_role:
    name: update-apt
  when: ansible_distribution == "Debian"
-
- name: "Check if yay is installed"
-  command: which yay
-  register: yay_installed
-  changed_when: false
-  failed_when: false
-
- name: "Update with yay"
-  include_role:
-    name: update-yay
-  when:
-    - yay_installed.rc == 0
-    - run_once_update_yay is not defined
-
- name: "Check if pkgmgr command is available"
-  command: "which pkgmgr"
-  register: pkgmgr_available
-  failed_when: false
-
--- a/roles/update-yay/README.md
+++ b/roles/update-yay/README.md
@@ -1,22 +0,0 @@
-# Update yay
-
-## Description
-
-This role updates AUR packages on Arch Linux systems using [yay](https://wiki.archlinux.org/title/Yay). It automates the process of upgrading AUR packages, ensuring that your system stays current with the latest software available in the Arch User Repository.
-
-## Overview
-
-The role performs the following:
- Checks if the [yay](https://wiki.archlinux.org/title/Yay) AUR helper is installed.
- Upgrades AUR packages using the `kewlfft.aur.aur` module with yay.
- Works exclusively on Arch Linux systems.
-
-## Purpose
-
-The primary purpose of this role is to ensure that AUR packages on Arch Linux are updated automatically. This helps maintain system stability and ensures that the latest features and fixes from the AUR are applied.
-
-## Features
-
- **AUR Package Upgrades:** Uses yay to upgrade AUR packages.
- **Conditional Execution:** Only runs if yay is installed on the system.
- **Arch Linux Focused:** Specifically designed for Arch Linux systems.
--- a/roles/update-yay/meta/main.yml
+++ b/roles/update-yay/meta/main.yml
@@ -1,24 +0,0 @@
-galaxy_info:
-  author: "Kevin Veen-Birkenbach"
-  description: "Updates AUR packages on Arch Linux systems using yay. This role automates the upgrade process for AUR packages, ensuring that the system remains up-to-date with the latest versions available in the Arch User Repository."
-  license: "Infinito.Nexus NonCommercial License"
-  license_url: "https://s.infinito.nexus/license"
-  company: |
-    Kevin Veen-Birkenbach
-    Consulting & Coaching Solutions
-    https://www.veen.world
-  min_ansible_version: "2.9"
-  platforms:
-  - name: Archlinux
-    versions:
-    - rolling
-  galaxy_tags:
-  - aur
-  - update
-  - archlinux
-  - yay
-  - system
-  - maintenance
-  repository: "https://s.infinito.nexus/code"
-  issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://docs.infinito.nexus"
--- a/roles/update-yay/tasks/main.yml
+++ b/roles/update-yay/tasks/main.yml
@@ -1,14 +0,0 @@
- block:
-  - name: Include dependency 'dev-yay'
-    include_role:
-      name: dev-yay
-    when: run_once_dev_yay is not defined
-
-  - name: upgrade the system using yay, only act on AUR packages.
-    become: false
-    kewlfft.aur.aur:
-      upgrade: yes
-      use: yay
-      aur_only: yes
-  - include_tasks: utils/run_once.yml
-  when: run_once_update_yay is not defined
--- a/roles/update-yay/vars/main.yml
+++ b/roles/update-yay/vars/main.yml
@@ -1 +0,0 @@
-application_id: update-yay