rmol/securedrop-qa.yml

## securedrop-qa.yml
---
# Playbook to update SecureDrop VMs configured with the latest stable release
# to use the release candiate packages from apt-test.freedom.press (rather
# than apt.freedom.press). Updates the apt repo pubkey with a testing pubkey,
# and alters the apt source lists to point to the test server.
#
# Steps to use this playbook:
#
#   1. `git checkout 1.2.0`
#   2. Provision prod VMs.
#   3. Switch to Admin Workstation.
#   4. `./securedrop-admin tailsconfig`
#   5. `source admin/.venv3/bin/activate` (so ansible commands work)
#   6. `cd install_files/ansible-base`
#   7. `ansible-playbook -vv --diff securedrop-qa.yml`
#   8. `ssh app` # start interactive session
#   9. `sudo cron-apt -i -s`
#   10. Repeat steps 8 & 9 on mon.

- name: Configure prod host to accept Release Candidate packages.
  hosts: securedrop
  vars:
    apt_files_to_modify:
      - /etc/apt/sources.list.d/apt_freedom_press.list
      - /etc/apt/security.list
  tasks:
    - name: Add apt public key for release-candidate repo.
      apt_key:
        url: 'https://gist.githubusercontent.com/conorsch/ec4008b111bc3142fca522693f3cce7e/raw/2968621e8ad92db4505a31fcc5776422d7d26729/apt-test%2520apt%2520pubkey'
        state: present

    - name: Switch apt repo URLs to staging.
      replace:
        dest: "{{ item }}"
        replace: "apt-test.freedom.press"
        regexp: 'apt\.freedom\.press'
        backup: yes
      with_items: "{{ apt_files_to_modify }}"
      notify: update apt cache

  handlers:
    - name: update apt cache
      apt:
        update_cache: yes
  sudo: yes
	---
	# Playbook to update SecureDrop VMs configured with the latest stable release
	# to use the release candiate packages from apt-test.freedom.press (rather
	# than apt.freedom.press). Updates the apt repo pubkey with a testing pubkey,
	# and alters the apt source lists to point to the test server.
	#
	# Steps to use this playbook:
	#
	# 1. `git checkout 1.2.0`
	# 2. Provision prod VMs.
	# 3. Switch to Admin Workstation.
	# 4. `./securedrop-admin tailsconfig`
	# 5. `source admin/.venv3/bin/activate` (so ansible commands work)
	# 6. `cd install_files/ansible-base`
	# 7. `ansible-playbook -vv --diff securedrop-qa.yml`
	# 8. `ssh app` # start interactive session
	# 9. `sudo cron-apt -i -s`
	# 10. Repeat steps 8 & 9 on mon.

	- name: Configure prod host to accept Release Candidate packages.
	hosts: securedrop
	vars:
	apt_files_to_modify:
	- /etc/apt/sources.list.d/apt_freedom_press.list
	- /etc/apt/security.list
	tasks:
	- name: Add apt public key for release-candidate repo.
	apt_key:
	url: 'https://gist.githubusercontent.com/conorsch/ec4008b111bc3142fca522693f3cce7e/raw/2968621e8ad92db4505a31fcc5776422d7d26729/apt-test%2520apt%2520pubkey'
	state: present

	- name: Switch apt repo URLs to staging.
	replace:
	dest: "{{ item }}"
	replace: "apt-test.freedom.press"
	regexp: 'apt\.freedom\.press'
	backup: yes
	with_items: "{{ apt_files_to_modify }}"
	notify: update apt cache

	handlers:
	- name: update apt cache
	apt:
	update_cache: yes
	sudo: yes