deploy/ansible/install-runner.yml

---
- name: Install Gitea Actions self-hosted runners
  hosts: all
  become: true

  pre_tasks:
    - name: Assert host defines a runners matrix
      ansible.builtin.assert:
        that:
          - runners is defined
          - runners | length > 0
          - runner_env is defined
        fail_msg: "Host {{ inventory_hostname }} is missing host_vars (runners / runner_env)."

  tasks:
    - name: Ensure runner service user exists
      ansible.builtin.user:
        name: "{{ runner_user }}"
        shell: /bin/bash
        create_home: true
        home: "{{ runner_home }}"

    # JS actions (actions/checkout@v4, etc.) execute with `node` on the host
    # executor. Without it act_runner fails: "Cannot find: node in PATH".
    # git is needed by checkout for its fetch step.
    - name: Ensure git is present
      ansible.builtin.apt:
        name: git
        state: present
        update_cache: true

    - name: Install Node.js {{ node_major_version }}.x (NodeSource)
      block:
        # Key is ASCII-armored, so store it as .asc — apt reads .gpg as binary
        # and .asc as armored; a mismatch fails repo signature verification.
        - name: Add NodeSource apt key
          ansible.builtin.get_url:
            url: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key
            dest: /usr/share/keyrings/nodesource.asc
            mode: "0644"

        - name: Add NodeSource apt repo
          ansible.builtin.apt_repository:
            repo: "deb [signed-by=/usr/share/keyrings/nodesource.asc] https://deb.nodesource.com/node_{{ node_major_version }}.x nodistro main"
            filename: nodesource

        - name: Install nodejs
          ansible.builtin.apt:
            name: nodejs
            state: present
            update_cache: true

    - name: Install runners for each project
      ansible.builtin.include_tasks: tasks/install_project.yml
      loop: "{{ runners }}"
      loop_control:
        loop_var: project_spec
        label: "{{ project_spec.project }}"
ci + ansible 2026-06-20 11:06:27 +07:00			`---`
ci: add gitea + runner 2026-06-23 00:26:00 +00:00			`- name: Install Gitea Actions self-hosted runners`
ci + ansible 2026-06-20 11:06:27 +07:00			`hosts: all`
			`become: true`

			`pre_tasks:`
			`- name: Assert host defines a runners matrix`
			`ansible.builtin.assert:`
			`that:`
			`- runners is defined`
			`- runners \| length > 0`
			`- runner_env is defined`
			`fail_msg: "Host {{ inventory_hostname }} is missing host_vars (runners / runner_env)."`

			`tasks:`
			`- name: Ensure runner service user exists`
			`ansible.builtin.user:`
			`name: "{{ runner_user }}"`
			`shell: /bin/bash`
			`create_home: true`
			`home: "{{ runner_home }}"`

ci: fix runner node 2026-06-23 01:17:36 +00:00			# JS actions (actions/checkout@v4, etc.) execute with `node` on the host
			`# executor. Without it act_runner fails: "Cannot find: node in PATH".`
			`# git is needed by checkout for its fetch step.`
			`- name: Ensure git is present`
			`ansible.builtin.apt:`
			`name: git`
			`state: present`
			`update_cache: true`

			`- name: Install Node.js {{ node_major_version }}.x (NodeSource)`
			`block:`
			`# Key is ASCII-armored, so store it as .asc — apt reads .gpg as binary`
			`# and .asc as armored; a mismatch fails repo signature verification.`
			`- name: Add NodeSource apt key`
			`ansible.builtin.get_url:`
			`url: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key`
			`dest: /usr/share/keyrings/nodesource.asc`
			`mode: "0644"`

			`- name: Add NodeSource apt repo`
			`ansible.builtin.apt_repository:`
			`repo: "deb [signed-by=/usr/share/keyrings/nodesource.asc] https://deb.nodesource.com/node_{{ node_major_version }}.x nodistro main"`
			`filename: nodesource`

			`- name: Install nodejs`
			`ansible.builtin.apt:`
			`name: nodejs`
			`state: present`
			`update_cache: true`

ci + ansible 2026-06-20 11:06:27 +07:00			`- name: Install runners for each project`
			`ansible.builtin.include_tasks: tasks/install_project.yml`
			`loop: "{{ runners }}"`
			`loop_control:`
			`loop_var: project_spec`
			`label: "{{ project_spec.project }}"`