1
0
Fork 0
ynh-lydra-ansible-yunohost/tasks/apps.yml
Arthur BOUDREAULT c23177170e ♻refactor: Command ansible module across the repo for better security
Shell module is not needed here.

According to various sources (https://www.youtube.com/watch?v=57gAqKvAKck or https://stackoverflow.com/questions/56663332/difference-between-shell-and-command-in-ansible) it is not useful to use shell ansible module when not working with operands. Therefore I have decided to switch every actions to command module, more secure. Ansible-lint says "Shell should only be used when piping, redirecting or chaining commands"
2021-10-12 14:00:56 +00:00

16 lines
630 B
YAML

---
- name: List currently installed apps
ansible.builtin.command: yunohost app map --output-as json
register: ynh_installed_apps_raw
changed_when: False
- name: Format json of apps
ansible.builtin.set_fact: ynh_installed_apps="{{ ynh_installed_apps_raw.stdout | from_json }}"
- name: Install yunohost apps
ansible.builtin.command: yunohost app install {{ item.link }} \
--label "{{ item.label }}" \
--args "{% for key, value in item.args.items() %}{{ key }}={{ value
}}{% if not loop.last %}&{% endif %}{% endfor %}"
with_items: "{{ ynh_apps }}"
when: item.label not in ynh_installed_apps.values()