From e5fd6a56b6425dcf73aee7f843cf1a4b3889af60 Mon Sep 17 00:00:00 2001
From: Semaphore <semaphore@internal>
Date: Wed, 11 Mar 2026 12:03:58 -0700
Subject: [PATCH] =?UTF-8?q?Add=20Alpine=20apk=20support=20to=20linux=5Fpat?=
 =?UTF-8?q?ch=20role=20=E2=80=94=20update=20check,=20upgrade,=20reboot=20d?=
 =?UTF-8?q?etection?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/linux_patch/tasks/main.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/roles/linux_patch/tasks/main.yml b/roles/linux_patch/tasks/main.yml
index 03911dd..619e6b2 100644
--- a/roles/linux_patch/tasks/main.yml
+++ b/roles/linux_patch/tasks/main.yml
@@ -30,6 +30,13 @@
   failed_when: upgradable_packages.rc not in [0, 100]
   when: ansible_os_family == "RedHat"
 
+- name: Get list of upgradable packages (Alpine)
+  ansible.builtin.shell: |
+    apk list --upgradable 2>/dev/null | awk -F'-[0-9]' '{print $1}'
+  register: upgradable_packages
+  changed_when: false
+  when: ansible_os_family == "Alpine"
+
 - name: Log packages to be updated
   ansible.builtin.debug:
     msg: "Packages to be updated on {{ inventory_hostname }}: {{ upgradable_packages.stdout_lines | length }} packages"
@@ -53,6 +60,13 @@
   register: dnf_upgrade_result
   when: ansible_os_family == "RedHat"
 
+- name: Perform upgrade (Alpine)
+  ansible.builtin.shell: |
+    apk update && apk upgrade
+  register: apk_upgrade_result
+  changed_when: "'OK' in apk_upgrade_result.stdout"
+  when: ansible_os_family == "Alpine"
+
 - name: Gather package facts after patching
   ansible.builtin.package_facts:
     manager: auto
@@ -116,6 +130,18 @@
     host_reboot_required: "{{ reboot_required_post.stat.exists | default(false) }}"
   when: ansible_os_family == "Debian"
 
+- name: Check if reboot is required after patching (Alpine)
+  ansible.builtin.shell: |
+    apk version -l = 2>/dev/null | grep -q kernel && echo "yes" || echo "no"
+  register: alpine_reboot_check
+  changed_when: false
+  when: ansible_os_family == "Alpine"
+
+- name: Update reboot required fact (Alpine)
+  ansible.builtin.set_fact:
+    host_reboot_required: "{{ alpine_reboot_check.stdout | trim == 'yes' }}"
+  when: ansible_os_family == "Alpine"
+
 - name: Reboot if required and auto_reboot is enabled
   ansible.builtin.reboot:
     reboot_timeout: 300