--- - name: Deploy Gitea hosts: gitea become: true tasks: - name: Check if host has gitea service ansible.builtin.set_fact: has_gitea_service: "{{ 'gitea' in services | default([]) }}" - name: Skip hosts without gitea service ansible.builtin.meta: end_host when: not has_gitea_service - name: Install required packages ansible.builtin.apt: name: - git - git-lfs - curl - memcached state: present update_cache: true - name: Ensure Memcached is running ansible.builtin.service: name: memcached state: started enabled: true - name: Create git system group ansible.builtin.group: name: "{{ gitea_group }}" system: true state: present - name: Create git system user ansible.builtin.user: name: "{{ gitea_user }}" group: "{{ gitea_group }}" system: true shell: /bin/bash home: "{{ gitea_home_dir }}" create_home: true comment: "Git Version Control" - name: Create Gitea directories ansible.builtin.file: path: "{{ item.path }}" state: directory owner: "{{ item.owner }}" group: "{{ item.group }}" mode: "{{ item.mode }}" loop: - { path: "{{ gitea_work_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" } - { path: "{{ gitea_work_dir }}/custom", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" } - { path: "{{ gitea_data_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" } - { path: "{{ gitea_lfs_dir }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" } - { path: "{{ gitea_repo_root }}", owner: "{{ gitea_user }}", group: "{{ gitea_group }}", mode: "0755" } - { path: "/etc/gitea", owner: "root", group: "{{ gitea_group }}", mode: "0770" } - name: Get installed Gitea version ansible.builtin.command: cmd: /usr/local/bin/gitea --version register: gitea_installed_version changed_when: false failed_when: false - name: Parse installed version ansible.builtin.set_fact: gitea_current_version: "{{ gitea_installed_version.stdout | regex_search('([0-9]+\\.[0-9]+\\.[0-9]+)') | default('0.0.0') }}" when: gitea_installed_version.rc == 0 - name: Set current version to 0.0.0 if not installed ansible.builtin.set_fact: gitea_current_version: "0.0.0" when: gitea_installed_version.rc != 0 - name: Get latest Gitea release version from GitHub ansible.builtin.uri: url: https://api.github.com/repos/go-gitea/gitea/releases/latest return_content: true register: gitea_latest_release - name: Extract latest version number ansible.builtin.set_fact: gitea_latest_version: "{{ gitea_latest_release.json.tag_name | regex_replace('^v', '') }}" - name: Display version information ansible.builtin.debug: msg: "Gitea: installed={{ gitea_current_version }}, latest={{ gitea_latest_version }}" - name: Stop Gitea before upgrade ansible.builtin.systemd: name: gitea state: stopped when: - gitea_current_version != gitea_latest_version - gitea_current_version != "0.0.0" - name: Download Gitea binary ansible.builtin.get_url: url: "https://dl.gitea.com/gitea/{{ gitea_latest_version }}/gitea-{{ gitea_latest_version }}-linux-amd64" dest: /usr/local/bin/gitea mode: '0755' owner: root group: root force: true when: gitea_current_version != gitea_latest_version notify: restart gitea - name: Template Gitea configuration ansible.builtin.template: src: app.ini.j2 dest: "{{ gitea_config_file }}" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" mode: '0640' notify: restart gitea - name: Create Gitea systemd service ansible.builtin.copy: dest: /etc/systemd/system/gitea.service mode: '0644' owner: root group: root content: | [Unit] Description=Gitea (Git with a cup of tea) After=syslog.target After=network.target After=postgresql.service [Service] RestartSec=2s Type=simple User={{ gitea_user }} Group={{ gitea_group }} WorkingDirectory={{ gitea_work_dir }}/ ExecStart=/usr/local/bin/gitea web --config {{ gitea_config_file }} Restart=always Environment=USER={{ gitea_user }} HOME={{ gitea_home_dir }} GITEA_WORK_DIR={{ gitea_work_dir }} [Install] WantedBy=multi-user.target notify: restart gitea - name: Reload systemd daemon ansible.builtin.systemd: daemon_reload: true - name: Enable and start Gitea service ansible.builtin.systemd: name: gitea enabled: true state: started # OAuth2 Provider Configuration (Casdoor SSO) - name: Flush handlers to ensure Gitea is restarted before healthcheck ansible.builtin.meta: flush_handlers - name: Wait for Gitea to be ready ansible.builtin.uri: url: "http://127.0.0.1:{{ gitea_web_port }}/api/healthz" method: GET status_code: 200 register: gitea_health until: gitea_health.status == 200 retries: 30 delay: 5 when: gitea_oauth_enabled | default(false) - name: Check if Casdoor OAuth source exists ansible.builtin.command: cmd: > /usr/local/bin/gitea admin auth list --config {{ gitea_config_file }} become: true become_user: "{{ gitea_user }}" register: gitea_auth_list changed_when: false when: gitea_oauth_enabled | default(false) - name: Add Casdoor OAuth2 authentication source ansible.builtin.command: cmd: > /usr/local/bin/gitea admin auth add-oauth --config {{ gitea_config_file }} --name "{{ gitea_oauth_name }}" --provider openidConnect --key "{{ gitea_oauth_client_id }}" --secret "{{ gitea_oauth_client_secret }}" --auto-discover-url "https://id.ouranos.helu.ca/.well-known/openid-configuration" --scopes "{{ gitea_oauth_scopes }}" --skip-local-2fa --group-claim-name "" --admin-group "" become: true become_user: "{{ gitea_user }}" when: - gitea_oauth_enabled | default(false) - gitea_oauth_name not in gitea_auth_list.stdout notify: restart gitea - name: Update Casdoor OAuth2 authentication source ansible.builtin.command: cmd: > /usr/local/bin/gitea admin auth update-oauth --config {{ gitea_config_file }} --id {{ gitea_auth_list.stdout_lines | select('search', gitea_oauth_name) | first | regex_search('^\d+') }} --name "{{ gitea_oauth_name }}" --provider openidConnect --key "{{ gitea_oauth_client_id }}" --secret "{{ gitea_oauth_client_secret }}" --auto-discover-url "https://id.ouranos.helu.ca/.well-known/openid-configuration" --scopes "{{ gitea_oauth_scopes }}" --skip-local-2fa become: true become_user: "{{ gitea_user }}" when: - gitea_oauth_enabled | default(false) - gitea_oauth_name in gitea_auth_list.stdout notify: restart gitea handlers: - name: restart gitea ansible.builtin.systemd: name: gitea state: restarted daemon_reload: true