Fix NGINX OSS upgrade & downgrade use cases on Alpine Linux

CHANGELOG.md

@@ -14,11 +14,13 @@ ENHANCEMENTS:
 * Add support for PCRE 2 and OpenSSL 3.0 (built from source) when building NGINX from source.
 * Tweak Release Drafter config.
 * Bump the Ansible `community.general` collection to `5.1.1`, `ansible.posix` collection to `1.4.0` and `community.docker` collection to `2.6.0`.
+* Re-add Alpine Linux tests to `downgrade` Molecule scenarios.
 
 BUG FIXES:
 
 * Ensure gpg-agent is installed on Ubuntu/Debian to avoid APT key tasks failures.
 * Always refresh the `yum` cache.
+* The role can now correctly upgrade NGINX to the latest release on Alpine Linux.
 
 ## 0.23.1 (April 6, 2022)
 

defaults/main/main.yml

@@ -25,7 +25,7 @@ nginx_start: true
 # Specify whether you want to install NGINX, upgrade to the latest version, or remove NGINX.
 # Can be used with `nginx_version` to fine tune control which version of NGINX is installed/used on each playbook execution.
 # Using 'install' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
-# Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. Does not work on Alpine Linux.
+# Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution.
 # Using 'uninstall' will remove NGINX from your system.
 # Default is install.
 nginx_setup: install

molecule/downgrade/converge.yml

@@ -2,18 +2,21 @@
 - name: Converge
   hosts: all
   pre_tasks:
+    - name: Set repo if Alpine
+      ansible.builtin.set_fact:
+        version: "=1.21.6-r1"
+      when: ansible_facts['os_family'] == "Alpine"
     - name: Set repo if Debian
       ansible.builtin.set_fact:
-        version: "=1.22.0-1~{{ ansible_facts['distribution_release'] }}"
+        version: "=1.21.6-1~{{ ansible_facts['distribution_release'] }}"
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: "-1.22.0-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
+        version: "-1.21.6-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
       when: ansible_facts['os_family'] == "RedHat"
   tasks:
     - name: Install NGINX
       ansible.builtin.include_role:
         name: ansible-role-nginx
       vars:
         nginx_version: "{{ version }}"
-        nginx_branch: stable

molecule/downgrade/molecule.yml

@@ -6,6 +6,34 @@ lint: |
   yamllint .
   ansible-lint --force-color
 platforms:
+  - name: alpine-3.13
+    image: alpine:3.13
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.14
+    image: alpine:3.14
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.15
+    image: alpine:3.15
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.16
+    image: alpine:3.16
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
   - name: amazonlinux-2
     image: amazonlinux:2
     dockerfile: ../common/Dockerfile.j2

molecule/downgrade/prepare.yml

@@ -2,6 +2,10 @@
 - name: Prepare
   hosts: all
   pre_tasks:
+    - name: Set repo if Alpine
+      ansible.builtin.set_fact:
+        version: "=1.23.0-r1"
+      when: ansible_facts['os_family'] == "Alpine"
     - name: Set repo if Debian
       ansible.builtin.set_fact:
         version: "=1.23.0-1~{{ ansible_facts['distribution_release'] }}"

molecule/downgrade/verify.yml

@@ -24,21 +24,10 @@
         url: http://localhost
         status_code: 200
 
-    - name: Fetch NGINX version
-      ansible.builtin.uri:
-        url: https://version.nginx.com/nginx/stable
-        return_content: true
-      check_mode: false
-      register: nginx_versions
-
-    - name: Set NGINX version
-      ansible.builtin.set_fact:
-        nginx_version: "{{ nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+') }}"
-
     - name: Verify NGINX has been downgraded
       ansible.builtin.command: nginx -v
       args:
         chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
       changed_when: false
       register: version
-      failed_when: version is not search(nginx_version)
+      failed_when: version is not search('1.21.6')

molecule/upgrade/molecule.yml

@@ -6,6 +6,34 @@ lint: |
   yamllint .
   ansible-lint --force-color
 platforms:
+  - name: alpine-3.13
+    image: alpine:3.13
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.14
+    image: alpine:3.14
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.15
+    image: alpine:3.15
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.16
+    image: alpine:3.16
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
   - name: amazonlinux-2
     image: amazonlinux:2
     dockerfile: ../common/Dockerfile.j2

molecule/upgrade/prepare.yml

@@ -2,6 +2,10 @@
 - name: Prepare
   hosts: all
   pre_tasks:
+    - name: Set repo if Alpine
+      ansible.builtin.set_fact:
+        version: "=1.21.6-r1"
+      when: ansible_facts['os_family'] == "Alpine"
     - name: Set repo if Debian
       ansible.builtin.set_fact:
         version: "=1.21.6-1~{{ ansible_facts['distribution_release'] }}"

tasks/opensource/install-alpine.yml

@@ -13,4 +13,21 @@
     state: "{{ nginx_state }}"
     update_cache: true
   ignore_errors: "{{ ansible_check_mode }}"
+  when: not (nginx_setup == 'upgrade' and nginx_version is not defined)
   notify: (Handler) Run NGINX
+
+- name: (Alpine Linux) Upgrade NGINX workaround ('nginx_setup' is set to 'upgrade' and 'nginx_version' is not defined)
+  block:
+    - name: (Alpine Linux) Check if there are NGINX upgrades available
+      ansible.builtin.command: apk list --upgrade
+      register: upgrade
+      changed_when: false
+
+    - name: (Alpine Linux) Upgrade NGINX
+      ansible.builtin.command: apk add --upgrade nginx{{ nginx_repository is not defined | ternary('@nginx', '') }}
+      changed_when: upgrade.stdout is search('nginx')
+      when: upgrade.stdout is search('nginx')
+      notify: (Handler) Run NGINX
+  when:
+    - nginx_setup == 'upgrade'
+    - nginx_version is not defined