forgejo_runner(role): create role for setting up Forgejo Runner install

2026-05-21 03:05:34 +02:00 · 2026-05-21 03:05:34 +02:00 · d4a1dee108
commit d4a1dee108
parent 6e61fe7886
9 changed files with 267 additions and 0 deletions
--- a/roles/forgejo_runner/tasks/main/01_install.yaml
+++ b/roles/forgejo_runner/tasks/main/01_install.yaml
@ -0,0 +1,96 @@
+- name: get latest release info
+  ansible.builtin.uri:
+    url: "https://data.forgejo.org/api/v1/repos/forgejo/runner/releases/latest"
+    return_content: true
+  register: forgejo_runner__latest_release_info
+
+- name: set latest version
+  ansible.builtin.set_fact:
+    forgejo_runner__latest_version: "{{ forgejo_runner__latest_release_info.json.name | replace('v', '') }}"
+
+- name: set latest version forgejo-runner binary path
+  ansible.builtin.set_fact:
+    forgejo_runner__latest_version_binary_path: "/usr/local/bin/forgejo-runner-{{ forgejo_runner__latest_version }}"
+
+- name: check if latest version forgejo-runner binary is installed already
+  ansible.builtin.stat:
+    path: "{{ forgejo_runner__latest_version_binary_path }}"
+  register: forgejo_runner_latest_version_binary_stat
+
+- name: download and install latest version, if not already present
+  when: not forgejo_runner_latest_version_binary_stat.stat.exists
+  block:
+    - name: set download url
+      ansible.builtin.set_fact:
+        forgejo_runner__download_url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner__latest_version }}/forgejo-runner-{{ forgejo_runner__latest_version }}-linux-amd64"
+
+    - name: temporary directory for download
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: forgejo_runner_download
+      become: true
+      register: forgejo_runner__download_tempdir
+
+    - name: download the forgejo-runner binary
+      ansible.builtin.get_url:
+        url: "{{ forgejo_runner__download_url }}"
+        dest: "{{ forgejo_runner__download_tempdir.path }}/forgejo-runner"
+        owner: root
+        group: root
+        mode: "0755"
+      become: true
+
+    - name: download the signature
+      ansible.builtin.get_url:
+        url: "{{ forgejo_runner__download_url }}.asc"
+        dest: "{{ forgejo_runner__download_tempdir.path }}/forgejo-runner.asc"
+        owner: root
+        group: root
+        mode: "0644"
+      become: true
+
+    - name: copy key for verification
+      ansible.builtin.copy:
+        src: "EB114F5E6C0DC2BCDD183550A4B61A2DC5923710.asc"
+        dest: "{{ forgejo_runner__download_tempdir.path }}/forgejo-runner-key.asc"
+        owner: root
+        group: root
+        mode: "0644"
+      become: true
+
+    - name: ensure sq (Sequoia-PGP) is installed
+      ansible.builtin.apt:
+        name: sq
+      become: true
+
+    - name: verify signature
+      ansible.builtin.command:
+        cmd: /usr/bin/sq verify --signer-file ./forgejo-runner-key.asc --signature-file forgejo-runner.asc --signatures 1 forgejo-runner
+        chdir: "{{ forgejo_runner__download_tempdir.path }}"
+      become: true
+      changed_when: false
+
+    - name: install forgejo-runner binary of this latest version
+      ansible.builtin.copy:
+        remote_src: true
+        src: "{{ forgejo_runner__download_tempdir.path }}/forgejo-runner"
+        dest: "{{ forgejo_runner__latest_version_binary_path }}"
+        owner: root
+        group: root
+        mode: "0755"
+      become: true
+
+    - name: ensure symlink points to binary of this latest version
+      ansible.builtin.file:
+        src: "{{ forgejo_runner__latest_version_binary_path }}"
+        dest: "/usr/local/bin/forgejo-runner"
+        state: link
+        owner: root
+        group: root
+      become: true
+  always:
+    - name: delete temporary download directory
+      ansible.builtin.file:
+        path: "{{ forgejo_runner__download_tempdir.path }}"
+        state: absent
+      become: true
--- a/roles/forgejo_runner/tasks/main/02_setup.yaml
+++ b/roles/forgejo_runner/tasks/main/02_setup.yaml
@ -0,0 +1,46 @@
+- name: ensure runner group exists
+  ansible.builtin.group:
+    name: runner
+    system: true
+  become: true
+
+- name: ensure runner user exists
+  ansible.builtin.user:
+    name: runner
+    group: runner
+    password: '!'
+    system: true
+    create_home: true
+    groups:
+      - docker
+  become: true
+
+- name: ensure the configuration is deployed
+  ansible.builtin.copy:
+    content: "{{ forgejo_runner__config }}"
+    dest: /etc/forgejo-runner-config.yaml
+    owner: root
+    group: runner
+    mode: "0640"
+  become: true
+  notify:
+    - restart the forgejo-runner service
+
+- name: ensure systemd service exists
+  ansible.builtin.copy:
+    src: forgejo-runner.service
+    dest: /etc/systemd/system/forgejo-runner.service
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify:
+    - systemd daemon reload
+    - restart the forgejo-runner service
+
+- name: ensure systemd service is started and enabled
+  ansible.builtin.systemd_service:
+    name: forgejo-runner.service
+    state: started
+    enabled: true
+  become: true