So what do you want us to do? Review the around the 150 lines of code you have written? Without telling us what is supposed to do?
Did you test the code before you posted it?
Quickly browsing the code, I make two observations:
1) This 'CREATE ROLE [' + @roleName + ']'
should be CREATE ROLE + quotename(@roleName)
, The quotename function will but brackets around the name - and double any right brackets there are in the name. This protects you against SQL injection. You have quite a few of hardcoded brackets in your script.
2) I see there is a whole lot of GO. This is OK, if the generated code is intended to be executed manually, but if you plan to put this in an SQL string and run, it is not going to fly. GO is not an SQL statement, but it is an instruction to a query tool like SSMS to break up the script in batches.