archweb: set gpg_whitelist to archweb signed key

ansible 2.9.0 has a new git module feature gpg_whitelist which is an array of allowed keys. If a tag or commit was signed with a different key ansible aborts. Signed-off-by: Jelle van der Waa <jelle@archlinux.org>

archweb: set gpg_whitelist to archweb signed key
7d0cd350 · Jelle van der Waa · 5ce84a72 · 7d0cd350 · 7d0cd350
Verified Commit 7d0cd350 authored 5 years ago by Jelle van der Waa
--- a/roles/archweb/defaults/main.yml
+++ b/roles/archweb/defaults/main.yml
@@ -9,6 +9,7 @@ archweb_domains_redirects:
 archweb_nginx_conf: '/etc/nginx/nginx.d/archweb.conf'
 archweb_repository: 'https://github.com/archlinux/archweb.git'
 archweb_version: release_2019-10-25
+archweb_pgp_key: ['E499C79F53C96A54E572FEE1C06086337C50773E']
 archweb_site: true
 archweb_mirrorcheck: false
 archweb_mirrorresolv: false

--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -42,6 +42,7 @@
    dest="{{ archweb_dir }}"
    version={{ archweb_version }}
    verify_commit=true
+    gpg_whitelist={{ archweb_pgp_key }}
  become: true
  become_user: archweb
  register: release