# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_almalinux
# reboot = false
# strategy = enable
# complexity = low
# disruption = medium
- name: Grep for {{{ pkg_manager }}} repo section names
  ansible.builtin.shell: |
    set -o pipefail
{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
    grep -HEr '^\[.+\]' -r /etc/zypp/repos.d/
{{%- else %}}
    grep -HEr '^\[.+\]' -r /etc/yum.repos.d/
{{%- endif %}}
  register: repo_grep_results
  failed_when: repo_grep_results.rc not in [0, 1]
  changed_when: False

- name: Set gpgcheck=1 for each {{{ pkg_manager }}} repo
  community.general.ini_file:
    path: "{{ item[0] }}"
    section: "{{ item[1] }}"
    option: gpgcheck
    value: '1'
    no_extra_spaces: True
  # regex filters grep output for files ending in .repo and matching section names.
  loop: "{{ repo_grep_results.stdout |regex_findall( '(.+\\.repo):\\[(.+)\\]\\n?' ) if repo_grep_results is not skipped else [] }}"
  when: repo_grep_results is not skipped