Use pfsense native php commands

roles/pfsense_upgrade/tasks/update_check.yml

@@ -1,89 +1,79 @@
 ---
 # roles/pfsense_upgrade/tasks/update_check.yml
-# Checks for available upgrades using pfSense-upgrade -c and pkg version.
+# Dynamic upgrade detection using pfSense repository system
-# Also queries upstream for the latest stable release on this branch.
 
 # ---------------------------------------------------------------------------
-# 1. Refresh the local pkg repository metadata
+# 1. Detect available repositories and identify upgrade target
 # ---------------------------------------------------------------------------
-- name: Update pkg repository metadata
+- name: List available pfSense repositories
-  ansible.builtin.raw: sudo pkg update -f
+  ansible.builtin.raw: |
-  register: _pkg_update
+    php -r 'require_once("/etc/inc/pkg-utils.inc"); $repos = pkg_list_repos(); $upgrade = ""; foreach($repos as $r) { if (!isset($r["default"])) { echo $r["name"] . "|" . $r["descr"]; break; } } echo $upgrade ?: "UP_TO_DATE";'
+  register: _repo_check
   changed_when: false
-  when: pkg_repo_update | bool
+
-  timeout: "{{ upgrade_check_timeout }}"
+- name: Parse repository check result
-  failed_when: false
+  ansible.builtin.set_fact:
+    _repo_result: "{{ _repo_check.stdout | trim }}"
+    _upgrade_available: "{{ _repo_check.stdout | trim != 'UP_TO_DATE' }}"
+
+- name: Set upgrade target repository
+  ansible.builtin.set_fact:
+    upgrade_target_repo: "{{ _repo_result.split('|')[0] }}"
+    upgrade_target_description: "{{ _repo_result.split('|')[1] | default('Unknown') }}"
+  when: _upgrade_available
 
 # ---------------------------------------------------------------------------
-# 2. Run pfSense-upgrade in check-only mode
+# 2. Get current version information
 # ---------------------------------------------------------------------------
-- name: Run pfSense-upgrade --check (dry run)
+- name: Get current pfSense version
-  ansible.builtin.raw: >
+  ansible.builtin.raw: |
-    sudo {{ pfsense_upgrade_bin }} -d -c
+    php -r 'require_once("/etc/inc/pkg-utils.inc"); $v = get_system_pkg_version(false); echo $v["installed_version"] ?? "Unknown";'
-  register: _upgrade_check
+  register: _current_version
   changed_when: false
-  timeout: "{{ upgrade_check_timeout }}"
-  # pfSense-upgrade exits 0 when up-to-date, non-zero when upgrade available.
-  # We capture both cases.
-  failed_when: false
 
-- name: Parse upgrade check output
+- name: Set current version fact
   ansible.builtin.set_fact:
-    upgrade_check_stdout: "{{ _upgrade_check.stdout | trim }}"
+    pfsense_current_version: "{{ _current_version.stdout | trim }}"
-    upgrade_check_rc: "{{ _upgrade_check.rc }}"
+    upgrade_available: "{{ _upgrade_available }}"
-    # True if the tool reports an update is available
-    upgrade_available: >-
-      {{
-        _upgrade_check.rc != 0 or
-        'Upgraded' in _upgrade_check.stdout or
-        'update' in _upgrade_check.stdout | lower and
-        'up to date' not in _upgrade_check.stdout | lower
-      }}
-    # Attempt to extract the new version string from the upgrade check output
-    # pfSense-upgrade typically prints: "pfSense-upgrade: New version available: 2.7.3-RELEASE"
-    upgrade_available_version: >-
-      {{
-        (_upgrade_check.stdout | regex_search('(\d+\.\d+\.\d+[-a-zA-Z0-9]*)', '\1') or ['unknown']) | first
-      }}
 
 # ---------------------------------------------------------------------------
-# 3. Check pkg for pending package updates (captures sub-component updates)
+# 3. Get current repository name
 # ---------------------------------------------------------------------------
-- name: Check for pending pkg upgrades (outdated packages)
+- name: Get current default repository
-  ansible.builtin.raw: sudo pkg version -l '<' | head -40
+  ansible.builtin.raw: |
-  register: _pkg_outdated
+    php -r 'require_once("/etc/inc/pkg-utils.inc"); foreach(pkg_list_repos() as $r) { if (isset($r["default"])) { echo $r["name"]; } }'
+  register: _current_repo
   changed_when: false
-  failed_when: false
 
-- name: Count outdated packages
+- name: Set current repo fact
   ansible.builtin.set_fact:
-    pkg_outdated_count: "{{ _pkg_outdated.stdout_lines | reject('match', '^\\s*$') | list | length }}"
+    current_repo: "{{ _current_repo.stdout | trim }}"
-    pkg_outdated_list: "{{ _pkg_outdated.stdout | trim }}"
 
 # ---------------------------------------------------------------------------
-# 4. Detect the latest stable release for this branch via GitHub
+# 4. Display upgrade status report
 # ---------------------------------------------------------------------------
-- name: Fetch latest stable release version from Netgate/pfSense repo
+- name: Display upgrade status report
-  ansible.builtin.raw: >
+  ansible.builtin.debug:
-    fetch -q -o - "{{ pfsense_release_url }}" 2>/dev/null || echo "fetch_failed"
+    msg:
-  register: _upstream_version_raw
+      - "============================================================"
-  changed_when: false
+      - " Update Status: {{ inventory_hostname }}"
-  failed_when: false
+      - "============================================================"
+      - " Current version  : {{ pfsense_current_version }}"
+      - " Current repo     : {{ current_repo }}"
+      - "------------------------------------------------------------"
+      - " Upgrade available: {{ 'YES — ' ~ upgrade_target_repo ~ ' (' ~ upgrade_target_description ~ ')' if upgrade_available else 'NO — System is up to date' }}"
+      - "------------------------------------------------------------"
+      - " perform_upgrade  : {{ perform_upgrade | bool }}"
+      - "============================================================"
 
-- name: Parse upstream latest stable version
+- name: Warn if perform_upgrade is false but upgrade is available
-  ansible.builtin.set_fact:
+  ansible.builtin.debug:
-    upstream_version: "{{ _upstream_version_raw.stdout | trim }}"
+    msg: >
-    upstream_fetch_ok: "{{ 'fetch_failed' not in _upstream_version_raw.stdout }}"
+      DRY RUN — Upgrade to {{ upgrade_target_repo }} is available but perform_upgrade=false.
-
+      Re-run with -e "perform_upgrade=true" to apply.
-- name: Derive upstream branch (major.minor)
+  when:
-  ansible.builtin.set_fact:
+    - upgrade_available | bool
-    upstream_major_minor: >-
+    - not (perform_upgrade | bool)
-      {{
-        upstream_version
-        | regex_replace('^(\d+\.\d+).*$', '\1')
-        | default(pfsense_major_minor)
-      }}
-  when: upstream_fetch_ok | bool
     
 # ---------------------------------------------------------------------------
 # 5. Compare branches — detect if a newer stable branch exists upstream