---
- name: Install Gitea Actions self-hosted runners
  hosts: all
  become: true

  pre_tasks:
    - name: Assert host defines a runners matrix
      ansible.builtin.assert:
        that:
          - runners is defined
          - runners | length > 0
          - runner_env is defined
        fail_msg: "Host {{ inventory_hostname }} is missing host_vars (runners / runner_env)."

  tasks:
    - name: Ensure runner service user exists
      ansible.builtin.user:
        name: "{{ runner_user }}"
        shell: /bin/bash
        create_home: true
        home: "{{ runner_home }}"

    # JS actions (actions/checkout@v4, etc.) execute with `node` on the host
    # executor. Without it act_runner fails: "Cannot find: node in PATH".
    # git is needed by checkout for its fetch step.
    - name: Ensure git is present
      ansible.builtin.apt:
        name: git
        state: present
        update_cache: true

    - name: Install Node.js {{ node_major_version }}.x (NodeSource)
      block:
        # Key is ASCII-armored, so store it as .asc — apt reads .gpg as binary
        # and .asc as armored; a mismatch fails repo signature verification.
        - name: Add NodeSource apt key
          ansible.builtin.get_url:
            url: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key
            dest: /usr/share/keyrings/nodesource.asc
            mode: "0644"

        - name: Add NodeSource apt repo
          ansible.builtin.apt_repository:
            repo: "deb [signed-by=/usr/share/keyrings/nodesource.asc] https://deb.nodesource.com/node_{{ node_major_version }}.x nodistro main"
            filename: nodesource

        - name: Install nodejs
          ansible.builtin.apt:
            name: nodejs
            state: present
            update_cache: true

    - name: Install runners for each project
      ansible.builtin.include_tasks: tasks/install_project.yml
      loop: "{{ runners }}"
      loop_control:
        loop_var: project_spec
        label: "{{ project_spec.project }}"