diff --git a/roles/forgejo/handlers/main.yml b/roles/forgejo/handlers/main.yml index 2a3002a..ade4aeb 100644 --- a/roles/forgejo/handlers/main.yml +++ b/roles/forgejo/handlers/main.yml @@ -7,14 +7,15 @@ - name: Download forgejo asc file ansible.builtin.get_url: - url: "{{ (ansible_facts['architecture'] == 'x86_64') | ternary(latest_forgejo.amd64.asc, latest_forgejo.arm_6.asc) }}" - dest: "/tmp/forgejo-{{ latest_forgejo.version }}.asc" + url: "https://codeberg.org/forgejo/forgejo/releases/download/{{ forgejo_latest_version }}/forgejo-{{ forgejo_latest_version | replace('v', '') }}-linux-{{ forgejo_architecture }}.asc" + dest: "{{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version | replace('v', '') }}-linux-{{ forgejo_architecture }}.asc" mode: 0644 - name: Verify forgejo binary with gpg become: true - ansible.builtin.command: "gpg --verify /tmp/forgejo-{{ latest_forgejo.version }}.asc {{ forgejo_run_dir }}/forgejo-{{ latest_forgejo.version }}" + ansible.builtin.command: "gpg --verify {{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version | replace('v', '') }}-linux-{{ forgejo_architecture }}.asc {{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version | replace('v', '') }}-linux-{{ forgejo_architecture }}" register: result + changed_when: false failed_when: '"Good signature from" not in result.stderr' - name: Start forgejo service diff --git a/roles/forgejo/tasks/binary.yml b/roles/forgejo/tasks/binary.yml index e2c5ee1..b696ca4 100644 --- a/roles/forgejo/tasks/binary.yml +++ b/roles/forgejo/tasks/binary.yml @@ -1,15 +1,28 @@ --- +- name: Find latest available version + ansible.builtin.uri: + url: https://codeberg.org/forgejo/forgejo/releases/latest + register: latest_http_content + +- name: Set latest available version + ansible.builtin.set_fact: + forgejo_latest_version: "{{ latest_http_content.url | split('/') | last }}" + +- name: Define forgejo architecture + ansible.builtin.set_fact: + forgejo_architecture: "{{ (ansible_facts['architecture'] == 'x86_64') | ternary('amd64', 'arm-6') }}" + - name: Find if latest available version is installed become: true ansible.builtin.stat: - path: "{{ forgejo_run_dir }}/forgejo-{{ latest_forgejo.version }}" + path: "{{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version | replace('v', '') }}-linux-{{ forgejo_architecture }}" register: latest_installed_binary - name: Get latest forgejo binary become: true ansible.builtin.get_url: - url: "{{ (ansible_facts['architecture'] == 'x86_64') | ternary(latest_forgejo.amd64.binary, latest_forgejo.arm_6.binary) }}" - dest: "{{ forgejo_run_dir }}/forgejo-{{ latest_forgejo.version }}" + url: "https://codeberg.org/forgejo/forgejo/releases/download/{{ forgejo_latest_version }}/forgejo-{{ forgejo_latest_version | replace('v', '') }}-linux-{{ forgejo_architecture }}" + dest: "{{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version | replace('v', '') }}-linux-{{ forgejo_architecture }}" owner: git group: git mode: 0644 @@ -19,13 +32,13 @@ - Download forgejo asc file - Verify forgejo binary with gpg -- name: Verify downloaded binary +- name: Make sure downloaded binary has been verified ansible.builtin.meta: flush_handlers - name: Copy binary to global location become: true ansible.builtin.copy: - src: "{{ forgejo_run_dir }}/forgejo-{{ latest_forgejo.version }}" + src: "{{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version | replace('v', '') }}-linux-{{ forgejo_architecture }}" dest: /usr/local/bin/forgejo remote_src: true owner: root diff --git a/roles/forgejo/vars/main.yml b/roles/forgejo/vars/main.yml index 0200943..ec2203b 100644 --- a/roles/forgejo/vars/main.yml +++ b/roles/forgejo/vars/main.yml @@ -1,12 +1,4 @@ --- -latest_forgejo: - version: v1.19.1-0 - amd64: - binary: https://codeberg.org/attachments/f83c11d7-a22b-4494-9f62-61660e81b559 - asc: https://codeberg.org/attachments/24d04e8b-6c67-4ca5-a7fa-fc63fc905d6b - arm_6: - binary: https://codeberg.org/attachments/0364541f-721e-415e-a2fb-fb312a45b4fe - asc: https://codeberg.org/attachments/4fc94a7f-78b7-4a12-aea2-5b328a9ff256 server_admin: "{{ vault_forgejo_server_admin }}" forgejo_domain: git.tunuifranken.info forgejo_jtw_secret: "{{ vault_forgejo_jtw_secret }}"