---

- name: Create apt keys installation directory.
  ansible.builtin.file:
    path: "/etc/apt/keyrings"
    state: directory
    mode: "0755"

- name: Install dependencies.
  ansible.builtin.apt:
    name:
      - debian-archive-keyring
      - apt-transport-https
      - python3-gitlab
    state: present

# Key and Repository links are taken from official installation script
# https://docs.gitlab.com/ee/topics/build_your_application.html
# https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh

- name: Add Gitlab Runner apt key.
  ansible.builtin.get_url:
    url: "https://packages.gitlab.com/runner/gitlab-runner/gpgkey"
    dest: "/etc/apt/keyrings/runner_gitlab-runner-archive-keyring.asc"
    mode: "0444"

- name: Add Gitlab Runner apt repository.
  ansible.builtin.apt_repository:
    repo: "deb [signed-by=/etc/apt/keyrings/\
           runner_gitlab-runner-archive-keyring.asc] \
           https://packages.gitlab.com/runner/gitlab-runner/ubuntu \
           noble main"
    filename: runner_gitlab-runner
    state: present
    update_cache: true

- name: Install Gitlab Runner apt package.
  ansible.builtin.apt:
    name: gitlab-runner
    state: present

# Using deprecated method of regestiring runners
# (with registration token) because I had issues with
# api returning "403 Insufficient permissions" response.

- name: Create runner in Gitlab project.
  community.general.gitlab_runner:
    api_url: "{{ gitlab_runner_api_url }}"
    project: "{{ gitlab_runner_api_project }}"
    api_token: "{{ gitlab_runner_api_token }}"
    registration_token: "{{ gitlab_runner_registration_token }}"
    description: "{{ gitlab_runner_name }}"
    state: present
    active: true
    locked: true
  register: runner

- name: Prevent rerunning configuration tasks if the runner already registered.
  ansible.builtin.debug:
    msg: Runner already installed, skipping the next steps.
  when: runner.changed == false and runner.failed == false

- name: Install Gitlab Runner configuration file.
  ansible.builtin.template:
    src: templates/config.toml.j2
    dest: /etc/gitlab-runner/config.toml
    owner: root
    group: root
    mode: '0600'
  notify:
    - Restart gitlab-runner service
  when: runner.changed == true

- name: Enable gitlab-runner service.
  ansible.builtin.service:
    name: gitlab-runner
    enabled: true