83 lines
2.6 KiB
YAML
83 lines
2.6 KiB
YAML
---
|
|
- name: Dependency block
|
|
block:
|
|
- name: Update apt cache
|
|
become: true
|
|
ansible.builtin.apt:
|
|
cache_valid_time: 3600
|
|
update_cache: true
|
|
register: _pre_update_apt_cache
|
|
until: _pre_update_apt_cache is succeeded
|
|
when:
|
|
- ansible_pkg_mgr == "apt"
|
|
|
|
- name: Install dependencies
|
|
become: true
|
|
ansible.builtin.package:
|
|
name: "{{ gitea_dependencies }}"
|
|
state: present
|
|
register: _install_dep_packages
|
|
until: _install_dep_packages is succeeded
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Install forgejo block
|
|
when: (not gitea_version_check | bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version_target))
|
|
block:
|
|
- name: Download forgejo archive
|
|
ansible.builtin.get_url:
|
|
url: "{{ gitea_forgejo_dl_url | first }}"
|
|
dest: "/tmp/{{ gitea_filename }}"
|
|
checksum: "sha256:{{ gitea_forgejo_checksum }}"
|
|
mode: 0640
|
|
register: _download_archive
|
|
become: false
|
|
until: _download_archive is succeeded
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Download forgejo asc file
|
|
ansible.builtin.get_url:
|
|
url: "{{ gitea_forgejo_signed_url | first }}"
|
|
dest: "/tmp/{{ gitea_filename }}.asc"
|
|
mode: 0640
|
|
register: _download_asc
|
|
become: false
|
|
until: _download_asc is succeeded
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Check forgejo gpg key
|
|
ansible.builtin.command: "gpg --list-keys 0x{{ gitea_forgejo_gpg_key }}"
|
|
register: _gitea_gpg_key_status
|
|
changed_when: false
|
|
become: false
|
|
failed_when: _gitea_gpg_key_status.rc not in (0, 2)
|
|
|
|
- name: Print gpg key staus on verbosity
|
|
ansible.builtin.debug:
|
|
msg: "{{ _gitea_gpg_key_status.stdout }}"
|
|
verbosity: 1
|
|
|
|
- name: Import forgejo gpg key
|
|
ansible.builtin.command: "gpg --keyserver {{ gitea_gpg_server }} --recv {{ gitea_forgejo_gpg_key }}"
|
|
register: _gitea_import_key
|
|
become: false
|
|
changed_when: '"imported: 1" in _gitea_import_key.stderr'
|
|
when: '_gitea_gpg_key_status.rc != 0 or "expired" in _gitea_gpg_key_status.stdout'
|
|
|
|
- name: Check archive signature
|
|
become: false
|
|
ansible.builtin.command: "gpg --verify /tmp/{{ gitea_filename }}.asc /tmp/{{ gitea_filename }}"
|
|
changed_when: false
|
|
|
|
- name: Propagate gitea binary
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: "/tmp/{{ gitea_filename }}"
|
|
remote_src: true
|
|
dest: "{{ gitea_full_executable_path }}"
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
notify: "Restart gitea"
|