feat: Added support for debian 13 [WIP]

[denvolj]

Enhancement: Added support for Debian 13

Summary by Sourcery

Add Debian 13-specific support and adjust blivet setup for Debian systems.

New Features:

• Introduce Debian 13 variable definitions for blivet-related packages.

Bug Fixes:

• Avoid errors when collecting cryptsetup-related services by ignoring entries without a defined status.

Enhancements:

• Configure an external blivet APT repository and key for Debian-based systems to ensure required packages are available.

[sourcery-ai]

Reviewer's Guide

Adds Debian 13 support for blivet by introducing a Debian-specific package list, configuring an external blivet repository on Debian systems, and hardening the service filtering logic used for cryptsetup-related services.

Flow diagram for Debian-specific blivet repo and package installation

flowchart TD
  A[start_ansible_role] --> B{ansible_facts_os_family == Debian}
  B -- yes --> C[add_repo_key_with_wget
store_in_/etc/apt/trusted.gpg.d/home_vtrefny.asc]
  C --> D[add_blivet_repo_with_apt_repository
repo_deb_http://download.opensuse.org/repositories/home:/vtrefny/Debian_Unstable/]
  B -- no --> E[skip_repo_configuration]
  D --> F[ensure_blivet_is_available
install_blivet_package_list]
  E --> F
  F --> G[collect_ansible_facts_services]
  G --> H[filter_services
selectattr_name_defined]
  H --> I[filter_services
selectattr_status_defined]
  I --> J[reject_services
status_match_not-found]
  J --> K[reject_services
status_match_masked]
  K --> L[reject_services
status_match_failed]
  L --> M[set_storage_cryptsetup_services]
  M --> N[end_role_execution]

Loading

File-Level Changes

Change	Details	Files
Configure external blivet APT repository for Debian systems before installing blivet packages.	Add a Debian-only task block that downloads and installs the repository GPG key using wget into /etc/apt/trusted.gpg.d. Add a Debian-only task to configure the blivet APT repository via ansible.builtin.apt_repository before package installation.	tasks/main-blivet.yml
Harden service discovery for storage_cryptsetup_services by ignoring services without a defined status.	Insert a selectattr filter on ansible_facts.services.values() to require that the 'status' field is defined before applying rejectattr filters for various bad states.	tasks/main-blivet.yml
Define Debian 13-specific blivet package list.	Introduce Debian_13.yml vars file containing the list of blivet and libblockdev-related packages plus mdadm for Debian 13.	vars/Debian_13.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The wget command used to add the repo key is not idempotent and bypasses Ansible’s package/key management, consider switching to ansible.builtin.get_url (or a dedicated key-management approach) with appropriate creates/changed_when to keep the task idempotent and easier to maintain.
• The blivet apt_repository definition hardcodes the Debian_Unstable URL and does not use the distribution codename or HTTPS; consider parameterizing the repo URL based on ansible_distribution_release and using HTTPS for better correctness and security.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The `wget` command used to add the repo key is not idempotent and bypasses Ansible’s package/key management, consider switching to `ansible.builtin.get_url` (or a dedicated key-management approach) with appropriate `creates`/`changed_when` to keep the task idempotent and easier to maintain.
- The blivet `apt_repository` definition hardcodes the Debian_Unstable URL and does not use the distribution codename or HTTPS; consider parameterizing the repo URL based on `ansible_distribution_release` and using HTTPS for better correctness and security.

## Individual Comments

### Comment 1
<location path="tasks/main-blivet.yml" line_range="11" />
<code_context>
+
+    - name: Add blivet repo
+      ansible.builtin.apt_repository:
+        repo: "deb http://download.opensuse.org/repositories/home:/vtrefny/Debian_Unstable/ /"
+        state: present
+
</code_context>
<issue_to_address>
**🚨 issue (security):** Prefer HTTPS over HTTP for the external APT repository URL.

Using plain HTTP for package retrieval allows potential man-in-the-middle tampering with packages and metadata. If supported by this OpenSUSE repo (it usually is), please switch the URL to `https://download.opensuse.org/...` for safer package installation.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[richm]

Can you use the uri module instead? https://docs.ansible.com/projects/ansible/latest/collections/ansible/builtin/uri_module.html

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 10.33%. Comparing base (59fd1c6) to head (7caf366).
⚠️ Report is 119 commits behind head on main.

❗ There is a different number of reports uploaded between BASE (59fd1c6) and HEAD (7caf366). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (59fd1c6)	HEAD (7caf366)
sanity	1	0

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #598      +/-   ##
==========================================
- Coverage   16.54%   10.33%   -6.22%     
==========================================
  Files           2        8       +6     
  Lines         284     2023    +1739     
  Branches       79        0      -79     
==========================================
+ Hits           47      209     +162     
- Misses        237     1814    +1577     

Flag	Coverage Δ
sanity	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[richm]

[citest]

[richm]

lgtm - @vojtechtrefny ?

[denvolj]

Got a problem after reboot -- system freeze. I'll try solve this tomorrow