Download and copy forgejo binary

roles-ansible · Mar 20, 2024 · 1a3d04c · 1a3d04c
1 parent f007a10
commit 1a3d04c
Show file tree

Hide file tree

Showing 6 changed files with 152 additions and 14 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,8 +1,11 @@
 ---
-forgeo_runner__user: 'forgeo_runner'
-forgeo_runner__group: 'forgeo_runner'
-# forgeo_runner__groups
-forgeo_runner__user_home: '/var/lib/forgeo-runner'
+forgejo_runner__version: 'latest'
+forgejo_runner__user: 'forgejo_runner'
+forgejo_runner__group: 'forgejo_runner'
+# forgejo_runner__groups
+forgejo_runner__user_home: '/var/lib/forgejo-runner'
+forgejo_runner__full_executable_path: '/usr/local/bin/forgejo_runner'
+forgejo_runner__gpg_id: 'EB114F5E6C0DC2BCDD183550A4B61A2DC5923710'
 
 # should we do a version check? (recomended)
 submodules_versioncheck: false
diff --git a/tasks/create_user.yml b/tasks/create_user.yml
@@ -1,18 +1,18 @@
 ---
-- name: "Create Forgeo runner Group"
+- name: "Create Forgejo runner Group"
   become: true
   ansible.builtin.group:
-    name: "{{ forgeo_runner__group }}"
+    name: "{{ forgejo_runner__group }}"
     system: true
     state: "present"
 
-- name: "Create Forgeo runner user"
+- name: "Create Forgejo runner user"
   become: true
   ansible.builtin.user:
-    name: "{{ forgeo_runner__user }}"
-    comment: "Forgeo runner user"
-    group: "{{ forgeo_runner__group }}"
-    groups: "{{ forgeo_runner__groups | default(omit) }}"
-    home: "{{ forgeo_runner__user_home }}"
+    name: "{{ forgejo_runner__user }}"
+    comment: "Forgejo runner user"
+    group: "{{ forgejo_runner__group }}"
+    groups: "{{ forgejo_runner__groups | default(omit) }}"
+    home: "{{ forgejo_runner__user_home }}"
     shell: '/usr/sbin/nologin'
     system: true
diff --git a/tasks/install_runner.yml b/tasks/install_runner.yml
@@ -0,0 +1,69 @@
+---
+- name: Install forgejo block
+  when: (not ansible_check_mode and (forgejo_runner__active_version.stdout[1:] != forgejo_runner__version_target))
+  become: true
+  block:
+    - name: Info what we do
+      ansible.builtin.debug:
+        msg: "Updating forgejo Runner {{ forgejo_runner__active_version.stdout[1:] }} to {{ forgejo_runner__version_target }}"
+        verbosity: 1
+
+    - name: Create temporary folder
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: _runner
+      register: _runner_tmp
+
+    - name: Download forgejo-runner binary
+      get_url:
+        url: "{{ forgejo_runner__dl_url }}/{{ forgejo_runner__filename }}"
+        dest: "{{ _runner_tmp.path }}/{{ forgejo_runner__filename }}"
+        mode: "0755"
+        owner: "{{ forgejo_runner__user }}"
+        group: "{{ forgejo_runner__group }}"
+
+    - name: Download forgejo-runner.asc file
+      get_url:
+        url: "{{ forgejo_runner__dl_url }}/{{ forgejo_runner__filename }}.asc"
+        dest: "{{ _runner_tmp.path }}/{{ forgejo_runner__filename }}.asc"
+        mode: "0644"
+        owner: "{{ forgejo_runner__user }}"
+        group: "{{ forgejo_runner__group }}"
+
+    - name: Check forgejo runner gpg key
+      ansible.builtin.command: "gpg --list-keys 0x{{ forgejo_runner__gpg_id }}"
+      register: _forgejo_runner_gpg_key_status
+      changed_when: false
+      become: false
+      failed_when: _forgejo_runner_gpg_key_status.rc not in (0, 2)
+
+    - name: Print gpg key status on verbosity  # noqa: H500
+      ansible.builtin.debug:
+        msg: "{{ _forgejo_runner_gpg_key_status.stdout }}"
+        verbosity: 1
+
+    - name: Import forgejo gpg key
+      ansible.builtin.command: "gpg --keyserver keys.openpgp.org --recv {{ forgejo_runner__gpg_id }}"
+      register: _forgejo_runner_import_key
+      changed_when: '"imported: 1" in _forgejo_runner_import_key.stderr'
+      when: '_forgejo_runner_gpg_key_status.rc != 0 or "expired" in _forgejo_runner_gpg_key_status.stdout'
+
+    - name: Check archive signature
+      ansible.builtin.command: "gpg --verify  {{ _runner_tmp.path }}/{{ forgejo_runner__filename }}.asc {{ _runner_tmp.path }}/{{ forgejo_runner__filename }}"
+      changed_when: false
+      register: _runner_signature
+
+    - name: Copy verifyed forgejo runner binary
+      ansible.builtin.copy:
+        src: "{{ _runner_tmp.path }}/{{ forgejo_runner__filename }}"
+        dest: "{{ forgejo_runner__full_executable_path }}"
+        mode: "0755"
+        owner: "{{ forgejo_runner__user }}"
+        group: "{{ forgejo_runner__group }}"
+        remote_src: true
+      when: not  _runner_signature.failed
+
+    - name: Verification Failed
+      ansible.builtin.fail:
+        msg: Signature verification of forgejo runner failed
+      when: _runner_signature.failed
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -4,6 +4,14 @@
     file: 'versioncheck.yml'
   when: submodules_versioncheck | bool
 
-- name: Create User ans Group for forgeo runner
+- name: Create User ans Group for forgejo runner
   ansible.builtin.include_tasks:
     file: 'create_user.yml'
+
+- name: Set forgejo runner version
+  ansible.builtin.include_tasks:
+    file: 'set_runner_version.yml'
+
+- name: Install forgejo runner binary
+  ansible.builtin.include_tasks:
+    file: 'install_runner.yml'
diff --git a/tasks/set_runner_version.yml b/tasks/set_runner_version.yml
@@ -0,0 +1,46 @@
+---
+- name: "Check  forgejo runner installed version"
+  ansible.builtin.shell: "set -eo pipefail; {{ forgejo_runner__full_executable_path }} --version | cut -d' ' -f 3"
+  args:
+    executable: /bin/bash
+  register: forgejo_runner__active_version
+  changed_when: false
+  failed_when: false
+
+- name: "Determine 'latest' forgejo runner version release"
+  when: forgejo_runner__version == "latest"
+  block:
+    - name: "Get latest forgejo runner release metadata"
+      ansible.builtin.uri:
+        url: "{{ forgejo_runner__releases_latest }}"
+        return_content: true
+      register: forgejo_runner__remote_metadata
+      become: false
+      when: not ansible_check_mode
+
+    - name: "Fail if running in check mode without versions set."
+      ansible.builtin.fail:
+        msg: |
+          "You are running this playbook in check mode:
+          Please set the  forgejo runner version with the variable 'forgejo_runner__version', because the URI module cannot detect the latest version in this mode."
+      when: ansible_check_mode and (forgejo_runner__version == 'latest')
+
+    - name: "Set fact latest forgejo runner release"
+      ansible.builtin.set_fact:
+        forgejo_runner__remote_version: "{{ forgejo_runner__remote_metadata.json.0.tag_name[1:] }}"
+      when: not ansible_check_mode
+
+    - name: "Set forgejo runner version target (latest)"
+      ansible.builtin.set_fact:
+        forgejo_runner__version_target: "{{ forgejo_runner__remote_version }}"
+      when: not ansible_check_mode
+
+- name: "Set forgejo runner version target {{ forgejo_runner__version }}"
+  ansible.builtin.set_fact:
+    forgejo_runner__version_target: "{{ forgejo_runner__version }}"
+  when: forgejo_runner__version != "latest"
+
+- name: "Generate forgejo runner download URL"
+  ansible.builtin.set_fact:
+    forgejo_runner__filename: "forgejo-runner-{{ forgejo_runner__version_target }}-linux-{{ forgejo_runner__arch }}"
+    forgejo_runner__dl_url: "{{ forgejo_runner__git_repo }}/releases/download/v{{ forgejo_runner__version_target }}"
diff --git a/vars/main.yml b/vars/main.yml
@@ -1,4 +1,16 @@
 ---
+forgejo_runner__releases_latest: 'https://code.forgejo.org/api/v1/repos/forgejo/runner/releases?limit=1'
+forgejo_runner__go_arch_map:
+  x86_64: 'amd64'
+  aarch64: 'arm64'
+  armv7l: 'armv7'
+  armv6l: 'armv6'
+  armv5l: 'armv5'
+  ppc64le: 'ppc64le'
+  s390x: 's390x'
+forgejo_runner__arch: "{{ forgejo_runner__go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+forgejo_runner__git_repo: 'https://code.forgejo.org/forgejo/runner'
+
 # versionscheck
 playbook_version_number: 03   # should be a integer
-playbook_version_path: 'role-l3d.git-forgeo_runner.version'
+playbook_version_path: 'role-l3d.git-forgejo_runner.version'