From 976a81f5cbd89cd99a20e8bdd4d0ad556d3a5754 Mon Sep 17 00:00:00 2001
From: Levente Polyak <anthraxx@archlinux.org>
Date: Mon, 23 Sep 2019 22:43:12 +0200
Subject: [PATCH] security_tracker: update tracker to latest stable 0.9

- add python-sqlalchemy-continuum as new dependency
- call database upgrade target after each deploy
- outsource version identifier into a variable

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
---
 playbooks/apollo.yml                  | 2 +-
 roles/security_tracker/tasks/main.yml | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/playbooks/apollo.yml b/playbooks/apollo.yml
index 78da26092..444b58609 100644
--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -44,7 +44,7 @@
     - { role: php-fpm, php_extensions: ['apcu', 'bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'pdo_pgsql', 'pgsql', 'sockets', 'zip'], zend_extensions: ['opcache'], tags: ["php-fpm"] }
     - { role: memcached, tags: ['memcached'] }
     - { role: archweb, tags: ["archweb"] }
-    - { role: security_tracker, security_tracker_domain: "security.archlinux.org", security_tracker_dir: "/srv/http/security-tracker", tags: ["security_tracker"] }
+    - { role: security_tracker, security_tracker_domain: "security.archlinux.org", security_tracker_dir: "/srv/http/security-tracker", security_tracker_version: "cdaf519e7ecb6a12d6798f1773f6551cb58fee7e", tags: ["security_tracker"] }
     - { role: flyspray, tags: ["flyspray"] }
     - { role: mailman, mailman_domain: "lists.archlinux.org", tags: ["mailman"] }
     - { role: patchwork, tags: ["patchwork"] }
diff --git a/roles/security_tracker/tasks/main.yml b/roles/security_tracker/tasks/main.yml
index 2b56b70fe..eec73c555 100644
--- a/roles/security_tracker/tasks/main.yml
+++ b/roles/security_tracker/tasks/main.yml
@@ -7,6 +7,7 @@
       - git
       - python
       - python-sqlalchemy
+      - python-sqlalchemy-continuum
       - python-flask
       - python-flask-sqlalchemy
       - python-flask-wtf
@@ -27,7 +28,7 @@
   file: state=directory owner=security group=security path="{{ security_tracker_dir }}"
 
 - name: clone security-tracker repo
-  git: repo=https://github.com/archlinux/arch-security-tracker.git version="fa5acdf20f30b070fe388340b464dae58d30e23f" dest="{{ security_tracker_dir }}"
+  git: repo=https://github.com/archlinux/arch-security-tracker.git version="{{ security_tracker_version }}" dest="{{ security_tracker_dir }}"
   become: true
   become_user: security
   register: release
@@ -63,6 +64,12 @@
 - name: deploy security-tracker
   template: src=security-tracker.ini.j2 dest=/etc/uwsgi/vassals/security-tracker.ini owner=security group=http mode=0644
 
+- name: database upgrade
+  become: true
+  become_user: security
+  command: /usr/bin/make db-upgrade chdir="{{ security_tracker_dir }}"
+  when: release.changed
+
 - name: deploy new release
   become: true
   become_user: security
-- 
GitLab