---
- name: Update apt cache
  ansible.builtin.apt:
    update_cache: yes
    cache_valid_time: 3600

- name: Upgrade all packages and capture output
  ansible.builtin.shell: |
    apt-get update
    apt-get upgrade -y
  register: apt_upgrade
  changed_when: false

- name: Determine upgrade message
  ansible.builtin.set_fact:
    upgrade_summary: >-
      {% if '0 upgraded' in apt_upgrade.stdout %}
      No packages were upgraded on {{ inventory_hostname }}.
      {% else %}
      The following packages were upgraded on {{ inventory_hostname }}:

      {{ apt_upgrade.stdout }}
      {% endif %}

- name: Write summary to file
  ansible.builtin.copy:
    dest: /tmp/apt-upgrade-summary.txt
    content: "{{ upgrade_summary }}"

- name: Email the upgrade summary
  ansible.builtin.mail:
    host: localhost
    port: 25
    to: you@example.com
    subject: "Debian Package Upgrade Report - {{ inventory_hostname }}"
    body: "{{ upgrade_summary }}"