---

- name: Receive forgejo pgp key
  become: true
  ansible.builtin.command: gpg --keyserver hkps://keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
  register: result
  changed_when: '"not changed" not in result.stderr'

- name: Download forgejo asc file
  become: true
  ansible.builtin.get_url:
    url: "https://codeberg.org/forgejo/forgejo/releases/download/v{{ forgejo_latest_version }}/forgejo-{{ forgejo_latest_version }}-linux-{{ forgejo_architecture }}.asc"
    dest: "{{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version }}-linux-{{ forgejo_architecture }}.asc"
    owner: git
    group: git
    mode: 0644

- name: Verify forgejo binary with gpg
  become: true
  ansible.builtin.command: "gpg --verify {{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version }}-linux-{{ forgejo_architecture }}.asc {{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version }}-linux-{{ forgejo_architecture }}"
  register: result
  changed_when: false
  failed_when: '"Good signature from" not in result.stderr'

- name: Copy binary to global location
  become: true
  ansible.builtin.copy:
    src: "{{ forgejo_run_dir }}/forgejo-{{ forgejo_latest_version }}-linux-{{ forgejo_architecture }}"
    dest: /usr/local/bin/forgejo
    remote_src: true
    owner: root
    group: root
    mode: 0755
  notify: Restart forgejo service

- name: Start forgejo service
  become: true
  ansible.builtin.systemd:
    name: forgejo
    state: started
    enabled: true

- name: Restart forgejo service
  become: true
  ansible.builtin.systemd:
    name: forgejo
    state: restarted