---
- name: Update apt cache
  ansible.builtin.apt:
    update_cache: yes
    cache_valid_time: 3600

- name: Upgrade all packages and capture output
  ansible.builtin.shell: |
    apt-get update
    apt-get upgrade -y
  register: apt_upgrade
  changed_when: false

- name: Determine upgrade message
  ansible.builtin.set_fact:
    upgrade_summary: >-
      {% if '0 upgraded' in apt_upgrade.stdout %}
      No packages were upgraded on {{ inventory_hostname }}.
      {% else %}
      The following packages were upgraded on {{ inventory_hostname }}:

      {{ apt_upgrade.stdout }}
      {% endif %}

- name: Email the upgrade summary using Gmail SMTP
  community.general.mail:
    host: smtp.gmail.com
    port: 587
    username: "{{ lookup('env', 'SMTP_USER') }}"
    password: "{{ lookup('env', 'SMTP_PASS') }}"
    to: "{{ gmail_recipient }}"
    subject: "Debian Package Upgrade Report - {{ inventory_hostname }}"
    body: "{{ upgrade_summary }}"
    secure: starttls