From 3d096afee759fcb9cfd0def17221e89919fd4c25 Mon Sep 17 00:00:00 2001
From: Alessandro Fael Garcia <alessfg@hotmail.com>
Date: Wed, 6 Jul 2022 00:22:07 +0200
Subject: [PATCH 1/2] Fix upgrade & downgrade use cases on Alpine Linux

---
 CHANGELOG.md                        |  1 +
 defaults/main/main.yml              |  2 +-
 molecule/downgrade/converge.yml     |  9 ++++++---
 molecule/downgrade/molecule.yml     | 28 ++++++++++++++++++++++++++++
 molecule/downgrade/prepare.yml      |  4 ++++
 molecule/downgrade/verify.yml       | 13 +------------
 molecule/upgrade/molecule.yml       | 28 ++++++++++++++++++++++++++++
 molecule/upgrade/prepare.yml        |  4 ++++
 tasks/opensource/install-alpine.yml | 17 +++++++++++++++++
 9 files changed, 90 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4ba4cfb96..eb4dc70c2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ BUG FIXES:
 
 * Ensure gpg-agent is installed on Ubuntu/Debian to avoid APT key tasks failures.
 * Always refresh the `yum` cache.
+* The role can now correctly upgrade NGINX to the latest release on Alpine Linux.
 
 ## 0.23.1 (April 6, 2022)
 
diff --git a/defaults/main/main.yml b/defaults/main/main.yml
index cd37cd67f..1a1403796 100644
--- a/defaults/main/main.yml
+++ b/defaults/main/main.yml
@@ -25,7 +25,7 @@ nginx_start: true
 # Specify whether you want to install NGINX, upgrade to the latest version, or remove NGINX.
 # Can be used with `nginx_version` to fine tune control which version of NGINX is installed/used on each playbook execution.
 # Using 'install' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
-# Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution. Does not work on Alpine Linux.
+# Using 'upgrade' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution.
 # Using 'uninstall' will remove NGINX from your system.
 # Default is install.
 nginx_setup: install
diff --git a/molecule/downgrade/converge.yml b/molecule/downgrade/converge.yml
index 560da44b0..5b6e31e17 100644
--- a/molecule/downgrade/converge.yml
+++ b/molecule/downgrade/converge.yml
@@ -2,13 +2,17 @@
 - name: Converge
   hosts: all
   pre_tasks:
+    - name: Set repo if Alpine
+      ansible.builtin.set_fact:
+        version: "=1.21.6-r1"
+      when: ansible_facts['os_family'] == "Alpine"
     - name: Set repo if Debian
       ansible.builtin.set_fact:
-        version: "=1.22.0-1~{{ ansible_facts['distribution_release'] }}"
+        version: "=1.21.6-1~{{ ansible_facts['distribution_release'] }}"
       when: ansible_facts['os_family'] == "Debian"
     - name: Set repo if Red Hat
       ansible.builtin.set_fact:
-        version: "-1.22.0-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
+        version: "-1.21.6-1.{{ (ansible_facts['distribution'] == 'Amazon') | ternary('amzn2', ('el' + ansible_facts['distribution_major_version'] | string)) }}.ngx"
       when: ansible_facts['os_family'] == "RedHat"
   tasks:
     - name: Install NGINX
@@ -16,4 +20,3 @@
         name: ansible-role-nginx
       vars:
         nginx_version: "{{ version }}"
-        nginx_branch: stable
diff --git a/molecule/downgrade/molecule.yml b/molecule/downgrade/molecule.yml
index 9a5b4499e..fcf8e7a1f 100644
--- a/molecule/downgrade/molecule.yml
+++ b/molecule/downgrade/molecule.yml
@@ -6,6 +6,34 @@ lint: |
   yamllint .
   ansible-lint --force-color
 platforms:
+  - name: alpine-3.13
+    image: alpine:3.13
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.14
+    image: alpine:3.14
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.15
+    image: alpine:3.15
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.16
+    image: alpine:3.16
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
   - name: amazonlinux-2
     image: amazonlinux:2
     dockerfile: ../common/Dockerfile.j2
diff --git a/molecule/downgrade/prepare.yml b/molecule/downgrade/prepare.yml
index a047e53d9..0cf463d48 100644
--- a/molecule/downgrade/prepare.yml
+++ b/molecule/downgrade/prepare.yml
@@ -2,6 +2,10 @@
 - name: Prepare
   hosts: all
   pre_tasks:
+    - name: Set repo if Alpine
+      ansible.builtin.set_fact:
+        version: "=1.23.0-r1"
+      when: ansible_facts['os_family'] == "Alpine"
     - name: Set repo if Debian
       ansible.builtin.set_fact:
         version: "=1.23.0-1~{{ ansible_facts['distribution_release'] }}"
diff --git a/molecule/downgrade/verify.yml b/molecule/downgrade/verify.yml
index 5d00359c6..c54a073c5 100644
--- a/molecule/downgrade/verify.yml
+++ b/molecule/downgrade/verify.yml
@@ -24,21 +24,10 @@
         url: http://localhost
         status_code: 200
 
-    - name: Fetch NGINX version
-      ansible.builtin.uri:
-        url: https://version.nginx.com/nginx/stable
-        return_content: true
-      check_mode: false
-      register: nginx_versions
-
-    - name: Set NGINX version
-      ansible.builtin.set_fact:
-        nginx_version: "{{ nginx_versions.content | regex_search('([0-9]+\\.){2}[0-9]+') }}"
-
     - name: Verify NGINX has been downgraded
       ansible.builtin.command: nginx -v
       args:
         chdir: "{{ ((ansible_facts['system'] | lower is not search('bsd')) | ternary('/etc/nginx', '/usr/local/sbin')) }}"
       changed_when: false
       register: version
-      failed_when: version is not search(nginx_version)
+      failed_when: version is not search('1.21.6')
diff --git a/molecule/upgrade/molecule.yml b/molecule/upgrade/molecule.yml
index 9a5b4499e..fcf8e7a1f 100644
--- a/molecule/upgrade/molecule.yml
+++ b/molecule/upgrade/molecule.yml
@@ -6,6 +6,34 @@ lint: |
   yamllint .
   ansible-lint --force-color
 platforms:
+  - name: alpine-3.13
+    image: alpine:3.13
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.14
+    image: alpine:3.14
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.15
+    image: alpine:3.15
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
+  - name: alpine-3.16
+    image: alpine:3.16
+    dockerfile: ../common/Dockerfile.j2
+    privileged: true
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+    command: "/sbin/init"
   - name: amazonlinux-2
     image: amazonlinux:2
     dockerfile: ../common/Dockerfile.j2
diff --git a/molecule/upgrade/prepare.yml b/molecule/upgrade/prepare.yml
index 043f6878f..5b3d6f957 100644
--- a/molecule/upgrade/prepare.yml
+++ b/molecule/upgrade/prepare.yml
@@ -2,6 +2,10 @@
 - name: Prepare
   hosts: all
   pre_tasks:
+    - name: Set repo if Alpine
+      ansible.builtin.set_fact:
+        version: "=1.21.6-r1"
+      when: ansible_facts['os_family'] == "Alpine"
     - name: Set repo if Debian
       ansible.builtin.set_fact:
         version: "=1.21.6-1~{{ ansible_facts['distribution_release'] }}"
diff --git a/tasks/opensource/install-alpine.yml b/tasks/opensource/install-alpine.yml
index 05191b257..62a08a6cb 100644
--- a/tasks/opensource/install-alpine.yml
+++ b/tasks/opensource/install-alpine.yml
@@ -13,4 +13,21 @@
     state: "{{ nginx_state }}"
     update_cache: true
   ignore_errors: "{{ ansible_check_mode }}"
+  when: not (nginx_setup == 'upgrade' and nginx_version is not defined)
   notify: (Handler) Run NGINX
+
+- name: (Alpine Linux) Upgrade NGINX workaround ('nginx_setup' is set to 'upgrade' and 'nginx_version' is not defined)
+  block:
+    - name: (Alpine Linux) Check if there are NGINX upgrades available
+      ansible.builtin.command: apk list --upgrade
+      register: upgrade
+      changed_when: false
+
+    - name: (Alpine Linux) Upgrade NGINX
+      ansible.builtin.command: apk add --upgrade nginx{{ nginx_repository is not defined | ternary('@nginx', '') }}
+      changed_when: upgrade.stdout is search('nginx')
+      when: upgrade.stdout is search('nginx')
+      notify: (Handler) Run NGINX
+  when:
+    - nginx_setup == 'upgrade'
+    - nginx_version is not defined

From fbe5feaa317f9bb51fea2638ae4dd75c787a44de Mon Sep 17 00:00:00 2001
From: Alessandro Fael Garcia <alessfg@hotmail.com>
Date: Wed, 6 Jul 2022 00:22:43 +0200
Subject: [PATCH 2/2] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eb4dc70c2..bc92ada4e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ ENHANCEMENTS:
 * Add support for PCRE 2 and OpenSSL 3.0 (built from source) when building NGINX from source.
 * Tweak Release Drafter config.
 * Bump the Ansible `community.general` collection to `5.1.1`, `ansible.posix` collection to `1.4.0` and `community.docker` collection to `2.6.0`.
+* Re-add Alpine Linux tests to `downgrade` Molecule scenarios.
 
 BUG FIXES: