1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_forgeo_runner.git synced 2024-08-16 10:29:50 +02:00
ansible_role_forgeo_runner/tasks/install_runner.yml

70 lines
2.7 KiB
YAML
Raw Normal View History

2024-03-20 15:33:53 +01:00
---
- name: Install forgejo block
when: (not ansible_check_mode and (forgejo_runner__active_version.stdout[1:] != forgejo_runner__version_target))
become: true
block:
- name: Info what we do
ansible.builtin.debug:
msg: "Updating forgejo Runner {{ forgejo_runner__active_version.stdout[1:] }} to {{ forgejo_runner__version_target }}"
verbosity: 1
- name: Create temporary folder
ansible.builtin.tempfile:
state: directory
suffix: _runner
register: _runner_tmp
- name: Download forgejo-runner binary
2024-03-20 15:35:25 +01:00
ansible.builtin.get_url:
2024-03-20 15:33:53 +01:00
url: "{{ forgejo_runner__dl_url }}/{{ forgejo_runner__filename }}"
dest: "{{ _runner_tmp.path }}/{{ forgejo_runner__filename }}"
mode: "0755"
owner: "{{ forgejo_runner__user }}"
group: "{{ forgejo_runner__group }}"
- name: Download forgejo-runner.asc file
2024-03-20 15:35:25 +01:00
ansible.builtin.get_url:
2024-03-20 15:33:53 +01:00
url: "{{ forgejo_runner__dl_url }}/{{ forgejo_runner__filename }}.asc"
dest: "{{ _runner_tmp.path }}/{{ forgejo_runner__filename }}.asc"
mode: "0644"
owner: "{{ forgejo_runner__user }}"
group: "{{ forgejo_runner__group }}"
- name: Check forgejo runner gpg key
ansible.builtin.command: "gpg --list-keys 0x{{ forgejo_runner__gpg_id }}"
register: _forgejo_runner_gpg_key_status
changed_when: false
become: false
failed_when: _forgejo_runner_gpg_key_status.rc not in (0, 2)
- name: Print gpg key status on verbosity # noqa: H500
ansible.builtin.debug:
msg: "{{ _forgejo_runner_gpg_key_status.stdout }}"
verbosity: 1
- name: Import forgejo gpg key
ansible.builtin.command: "gpg --keyserver keys.openpgp.org --recv {{ forgejo_runner__gpg_id }}"
register: _forgejo_runner_import_key
changed_when: '"imported: 1" in _forgejo_runner_import_key.stderr'
when: '_forgejo_runner_gpg_key_status.rc != 0 or "expired" in _forgejo_runner_gpg_key_status.stdout'
- name: Check archive signature
ansible.builtin.command: "gpg --verify {{ _runner_tmp.path }}/{{ forgejo_runner__filename }}.asc {{ _runner_tmp.path }}/{{ forgejo_runner__filename }}"
changed_when: false
register: _runner_signature
- name: Copy verifyed forgejo runner binary
ansible.builtin.copy:
src: "{{ _runner_tmp.path }}/{{ forgejo_runner__filename }}"
dest: "{{ forgejo_runner__full_executable_path }}"
mode: "0755"
owner: "root"
group: "root"
2024-03-20 15:33:53 +01:00
remote_src: true
when: not _runner_signature.failed
- name: Verification Failed
ansible.builtin.fail:
msg: Signature verification of forgejo runner failed
when: _runner_signature.failed