- name: Upgrade all installed packages
  apt:
    upgrade: full
    update_cache: yes
  notify: 
    - apt cleanup

- name: Check if a kernel update has been installed
  shell: |
    dpkg -l | grep -E '^ii' | grep 'linux-image-[0-9]' | awk '{print $2}' | sed 's/linux-image-//g' | sort | tail -n 1
  register: latest_kernel
  changed_when: false

- name: Check if running kernel matches the latest installed kernel and determine if reboot is required
  shell: uname -r
  register: running_kernel
  changed_when: false
  failed_when: false
  notify:
    - Reboot system
  when: running_kernel.stdout != latest_kernel.stdout