Modernise Draupnir Role ansible modules and update restart logic

Move the draupnir role to use modern ansible docker modules so we get access to fancy features like buildx and smart pulls. No more force pull bullshit.

And also make the force restart logic that this commit breaks work again but much smarter. Since if we are pulling diffrent tags (Will happen a lot with test environments) then we dont need to force a restart unessecarily.

This also allows people who exclusively run bot mode to still benefit from conditional restarts even if targeting a moving tag like main or latest.

collections/requirements.yml

@@ -1,4 +1,8 @@
 ---
 collections:
+  # community.docker >= 3.6.0 is required for:
+  # - community.docker.docker_image_pull module (pull-only operations)
+  # - community.docker.docker_image_build module (build with BuildKit support)
   - name: community.general
   - name: community.docker
+    version: ">=3.6.0"

roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml

@@ -22,7 +22,6 @@ matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream: "{{
 matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default: "ghcr.io/"
 matrix_appservice_draupnir_for_all_container_image: "{{ matrix_appservice_draupnir_for_all_container_image_registry_prefix }}{{ matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier }}:{{ matrix_appservice_draupnir_for_all_version }}"
 matrix_appservice_draupnir_for_all_container_image_registry_namespace_identifier: "the-draupnir-project/draupnir"
-matrix_appservice_draupnir_for_all_container_image_force_pull: "{{ matrix_appservice_draupnir_for_all_container_image.endswith(':latest') }}"
 
 matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all"
 matrix_appservice_draupnir_for_all_config_path: "{{ matrix_appservice_draupnir_for_all_base_path }}/config"
@@ -47,6 +46,15 @@ matrix_appservice_draupnir_for_all_systemd_required_services_list_custom: []
 # List of systemd services that matrix-bot-draupnir.service wants
 matrix_appservice_draupnir_for_all_systemd_wanted_services_list: []
 
+# Force restart tag is used to control if the tag that is used is rolling or not.
+# When both Draupnir roles are enabled, we only force restart if they are on the same
+# version string and that version string matches the moving tag.
+matrix_appservice_draupnir_for_all_force_restart_tag: "latest"
+
+# Force restart the service on all runs only when both roles are enabled, both roles
+# are using the same version string, and that version is the moving tag.
+matrix_appservice_draupnir_for_all_force_restart: "if {{ matrix_bot_draupnir_enabled | bool and matrix_appservice_draupnir_for_all_enabled | bool and matrix_bot_draupnir_version == matrix_appservice_draupnir_for_all_version and matrix_appservice_draupnir_for_all_version == matrix_appservice_draupnir_for_all_force_restart_tag }} then true else false end"
+
 # The room ID where people can use the bot. The bot has no access controls, so
 # anyone in this room can use the bot - secure your room!
 # This should be a room alias - not a matrix.to URL.

roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml

@@ -26,11 +26,9 @@
   when: "item.when | bool"
 
 - name: Ensure Draupnir Docker image is pulled
-  community.docker.docker_image:
+  community.docker.docker_image_pull:
     name: "{{ matrix_appservice_draupnir_for_all_container_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_appservice_draupnir_for_all_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_draupnir_for_all_container_image_force_pull }}"
+    pull: always
   when: "not matrix_appservice_draupnir_for_all_container_image_self_build | bool"
   register: matrix_appservice_draupnir_for_all_container_image_pull_result
   retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -49,15 +47,16 @@
   when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool"
 
 - name: Ensure Draupnir Docker image is built
-  community.docker.docker_image:
+  # Using docker_image_build with BuildKit for modern, efficient builds.
+  # docker_image_build automatically rebuilds when the Dockerfile or build context changes.
+  # The git_pull_results will show if the source was updated above.
+  community.docker.docker_image_build:
     name: "{{ matrix_appservice_draupnir_for_all_container_image }}"
-    source: build
-    force_source: "{{ matrix_appservice_draupnir_for_all_git_pull_results.changed }}"
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}"
-      pull: true
-  when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool"
+    dockerfile: Dockerfile
+    path: "{{ matrix_appservice_draupnir_for_all_container_src_files_path }}"
+    pull: true
+  when: "matrix_appservice_draupnir_for_all_container_image_self_build | bool and matrix_appservice_draupnir_for_all_git_pull_results.changed"
+  register: matrix_appservice_draupnir_for_all_container_image_build_result
 
 - name: Ensure matrix-appservice-draupnir-for-all appservice config installed
   ansible.builtin.copy:
@@ -120,7 +119,8 @@
         or matrix_appservice_draupnir_for_all_registration_config_result.changed | default(false)
         or matrix_appservice_draupnir_for_all_systemd_service_result.changed | default(false)
         or matrix_appservice_draupnir_for_all_container_image_pull_result.changed | default(false)
-        or matrix_appservice_draupnir_for_all_container_image_force_pull | bool
+        or matrix_appservice_draupnir_for_all_container_image_build_result.changed | default(false)
+        or matrix_appservice_draupnir_for_all_force_restart | bool
       }}
 
 - name: Ensure matrix-appservice-draupnir-for-all.service restarted, if necessary

roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml

@@ -23,6 +23,7 @@
     - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream'}
     - {'old': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default', 'new': 'matrix_appservice_draupnir_for_all_container_image_registry_prefix_upstream_default'}
     - {'old': 'matrix_appservice_draupnir_for_all_docker_src_files_path', 'new': 'matrix_appservice_draupnir_for_all_container_src_files_path'}
+    - {'old': 'matrix_appservice_draupnir_for_all_container_image_force_pull', 'new': '<removed>'}
 
 - name: Fail if required matrix-bot-draupnir variables are undefined
   ansible.builtin.fail:

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -22,13 +22,21 @@ matrix_bot_draupnir_container_image_registry_namespace_identifier: "the-draupnir
 matrix_bot_draupnir_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_container_image_registry_prefix_upstream }}"
 matrix_bot_draupnir_container_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_container_image_registry_prefix_upstream_default }}"
 matrix_bot_draupnir_container_image_registry_prefix_upstream_default: "ghcr.io/"
-matrix_bot_draupnir_container_image_force_pull: "{{ matrix_bot_draupnir_container_image.endswith(':latest') }}"
 
 matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir"
 matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
 matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
 matrix_bot_draupnir_container_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
 
+# Force restart tag is used to control if the tag that is used is rolling or not.
+# When both Draupnir roles are enabled, we only force restart if they are on the same
+# version string and that version string matches the moving tag.
+matrix_bot_draupnir_force_restart_tag: "latest"
+
+# Force restart the service on all runs only when both roles are enabled, both roles
+# are using the same version string, and that version is the moving tag.
+matrix_bot_draupnir_force_restart: "if {{ matrix_bot_draupnir_enabled | bool and matrix_appservice_draupnir_for_all_enabled | bool and matrix_bot_draupnir_version == matrix_appservice_draupnir_for_all_version and matrix_bot_draupnir_version == matrix_bot_draupnir_force_restart_tag }} then true else false end"
+
 matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting or matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled }}"  # noqa var-naming
 
 matrix_bot_draupnir_config_web_abuseReporting: false  # noqa var-naming

roles/custom/matrix-bot-draupnir/tasks/setup_install.yml

@@ -38,11 +38,9 @@
   register: matrix_bot_draupnir_support_files_result
 
 - name: Ensure Draupnir Docker image is pulled
-  community.docker.docker_image:
+  community.docker.docker_image_pull:
     name: "{{ matrix_bot_draupnir_container_image }}"
-    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
-    force_source: "{{ matrix_bot_draupnir_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
-    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_container_image_force_pull }}"
+    pull: always
   when: "not matrix_bot_draupnir_container_image_self_build | bool"
   register: matrix_bot_draupnir_container_image_pull_result
   retries: "{{ devture_playbook_help_container_retries_count }}"
@@ -61,15 +59,16 @@
   when: "matrix_bot_draupnir_container_image_self_build | bool"
 
 - name: Ensure Draupnir Docker image is built
-  community.docker.docker_image:
+  # Using docker_image_build with BuildKit for modern, efficient builds.
+  # docker_image_build automatically rebuilds when the Dockerfile or build context changes.
+  # The git_pull_results will show if the source was updated above.
+  community.docker.docker_image_build:
     name: "{{ matrix_bot_draupnir_container_image }}"
-    source: build
-    force_source: "{{ matrix_bot_draupnir_git_pull_results.changed }}"
-    build:
-      dockerfile: Dockerfile
-      path: "{{ matrix_bot_draupnir_container_src_files_path }}"
-      pull: true
-  when: "matrix_bot_draupnir_container_image_self_build | bool"
+    dockerfile: Dockerfile
+    path: "{{ matrix_bot_draupnir_container_src_files_path }}"
+    pull: true
+  when: "matrix_bot_draupnir_container_image_self_build | bool and matrix_bot_draupnir_git_pull_results.changed"
+  register: matrix_bot_draupnir_container_image_build_result
 
 - name: Ensure matrix-bot-draupnir config installed
   ansible.builtin.copy:
@@ -113,7 +112,8 @@
         or matrix_bot_draupnir_config_result.changed | default(false)
         or matrix_bot_draupnir_systemd_service_result.changed | default(false)
         or matrix_bot_draupnir_container_image_pull_result.changed | default(false)
-        or matrix_bot_draupnir_container_image_force_pull | bool
+        or matrix_bot_draupnir_container_image_build_result.changed | default(false)
+        or matrix_bot_draupnir_force_restart | bool
       }}
 
 - name: Ensure matrix-bot-draupnir.service restarted, if necessary

roles/custom/matrix-bot-draupnir/tasks/validate_config.yml

@@ -37,6 +37,7 @@
     - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream'}
     - {'old': 'matrix_bot_draupnir_docker_image_registry_prefix_upstream_default', 'new': 'matrix_bot_draupnir_container_image_registry_prefix_upstream_default'}
     - {'old': 'matrix_bot_draupnir_docker_src_files_path', 'new': 'matrix_bot_draupnir_container_src_files_path'}
+    - {'old': 'matrix_bot_draupnir_container_image_force_pull', 'new': '<removed>'}
 
 - name: Fail if required matrix-bot-draupnir variables are undefined
   ansible.builtin.fail: