add scripts

defaults/main.yml

@@ -13,3 +13,9 @@ RUNNER_DOWNLOAD_DIR: /tmp
 RUNNER_LABELS:
   - REPLACE_ME
 RUNNER_REDEPLOY: false
+RUNNER_SCRIPT_DIR: "{{ RUNNER_DIR }}/scripts"
+RUNNER_DEFAULT_SCRIPTS:
+  - name: askpass_helper.sh
+    content: |
+      #!/bin/bash
+      echo $GIT_TOKEN

tasks/config.yml

@@ -0,0 +1,39 @@
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/service_module.html
+---
+- name: delete .runner file for redeploy
+  ansible.builtin.file:
+    state: absent
+    path: "{{ RUNNER_DIR }}/.runner"
+  when: RUNNER_REDEPLOY
+
+- name: register runner
+  notify: restart runner
+  ansible.builtin.command: 
+    cmd: "{{ RUNNER_DIR }}/{{ RUNNER_NAME }} register --no-interactive --instance {{ RUNNER_INSTANCE }} --token {{ RUNNER_TOKEN }}"
+    chdir: "{{ RUNNER_DIR }}"
+    creates: "{{ RUNNER_DIR }}/.runner"
+  when: 
+    - RUNNER_TOKEN != None
+
+- name: ensure correct access rights for .runner file
+  ansible.builtin.file:
+    path: "{{ RUNNER_DIR }}/.runner"
+    owner: "{{ RUNNER_USER }}"
+    group: "{{ RUNNER_GROUP }}"
+    mode: '0660'
+
+- name: enable runner
+  notify: restart runner
+  ansible.builtin.service:
+    name: "{{ RUNNER_SERVICE_NAME }}"
+    enabled: yes
+
+- name: create default scripts
+  ansible.builtin.copy:
+    dest: "{{ RUNNER_SCRIPT_DIR }}/{{ item.name }}"
+    content: "{{ item.content }}"
+    owner: "{{ RUNNER_USER }}"
+    group: "{{ RUNNER_GROUP }}"
+    mode: '0760'
+  loop: "{{ RUNNER_DEFAULT_SCRIPTS }}"

tasks/install.yml

@@ -0,0 +1,49 @@
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/template_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/service_module.html
+---
+- name: create runner user
+  ansible.builtin.user:
+    name: "{{ RUNNER_USER }}"
+    create_home: yes
+    groups: "{{ RUNNER_USER_GROUPS }}"
+    append: true
+    home: "{{ RUNNER_DIR }}"
+
+- name: download runner
+  delegate_to: localhost
+  run_once: true
+  ansible.builtin.get_url: 
+    url: "{{ RUNNER_DOWNLOAD_URL }}"
+    dest: "/{{ RUNNER_DOWNLOAD_DIR }}/{{ RUNNER_NAME }}"
+    mode: '0440'
+
+- name: copy runner binary
+  copy:
+    src: "{{ RUNNER_DOWNLOAD_DIR }}/{{ RUNNER_NAME }}"
+    dest: "{{ RUNNER_DIR }}/{{ RUNNER_NAME }}"
+    owner: "{{ RUNNER_USER }}"
+    group: "{{ RUNNER_GROUP | default(RUNNER_USER) }}"
+    mode: '0770'
+
+- name: create runner config
+  ansible.builtin.template:
+    src: config.yml.j2
+    dest: "{{ RUNNER_DIR }}/config.yml"
+    owner: "{{ RUNNER_USER }}"
+    group: "{{ RUNNER_GROUP | default(RUNNER_USER) }}"
+    mode: '0660'
+
+- name: create runner service file
+  notify: reload daemons
+  ansible.builtin.template:
+    src: runner.service.j2
+    dest: "/etc/systemd/system/{{ RUNNER_SERVICE_NAME }}"
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: flush handlers
+  meta: flush_handlers

tasks/main.yml

@@ -1,83 +1,9 @@
-# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/include_tasks_module.html
-# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
-# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
-# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/template_module.html
-# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html
-# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/service_module.html
 ---
-- name: check runner token
+- name: install runner
-  ansible.builtin.fail:
+  tags: [install]
-    msg: no token is set!
+  include_tasks: install.yml
-  when: RUNNER_TOKEN == None
 
-- name: create runner user
+- name: config env
-  ansible.builtin.user:
+  tags: [install, config]
-    name: "{{ RUNNER_USER }}"
+  include_tasks: config.yml
-    create_home: yes
-    groups: "{{ RUNNER_USER_GROUPS }}"
-    append: true
-    home: "{{ RUNNER_DIR }}"
-
-- name: download runner
-  delegate_to: localhost
-  run_once: true
-  ansible.builtin.get_url: 
-    url: "{{ RUNNER_DOWNLOAD_URL }}"
-    dest: "/{{ RUNNER_DOWNLOAD_DIR }}/{{ RUNNER_NAME }}"
-    mode: '0440'
-
-- name: copy runner binary
-  copy:
-    src: "{{ RUNNER_DOWNLOAD_DIR }}/{{ RUNNER_NAME }}"
-    dest: "{{ RUNNER_DIR }}/{{ RUNNER_NAME }}"
-    owner: "{{ RUNNER_USER }}"
-    group: "{{ RUNNER_GROUP | default(RUNNER_USER) }}"
-    mode: '0770'
-
-- name: create runner config
-  ansible.builtin.template:
-    src: config.yml.j2
-    dest: "{{ RUNNER_DIR }}/config.yml"
-    owner: "{{ RUNNER_USER }}"
-    group: "{{ RUNNER_GROUP | default(RUNNER_USER) }}"
-    mode: '0660'
-
-- name: create runner service file
-  notify: reload daemons
-  ansible.builtin.template:
-    src: runner.service.j2
-    dest: "/etc/systemd/system/{{ RUNNER_SERVICE_NAME }}"
-    owner: root
-    group: root
-    mode: '0600'
-
-- name: flush handlers
-  meta: flush_handlers
-
-- name: delete .runner file for redeploy
-  ansible.builtin.file:
-    state: absent
-    path: "{{ RUNNER_DIR }}/.runner"
-  when: RUNNER_REDEPLOY
-
-- name: register runner
-  notify: restart runner
-  ansible.builtin.command: 
-    cmd: "{{ RUNNER_DIR }}/{{ RUNNER_NAME }} register --no-interactive --instance {{ RUNNER_INSTANCE }} --token {{ RUNNER_TOKEN }}"
-    chdir: "{{ RUNNER_DIR }}"
-    creates: "{{ RUNNER_DIR }}/.runner"
-  when: 
-    - RUNNER_TOKEN != None
-
-- name: ensure correct access rights for .runner file
-  ansible.builtin.file:
-    path: "{{ RUNNER_DIR }}/.runner"
-    owner: "{{ RUNNER_USER }}"
-    group: "{{ RUNNER_GROUP }}"
-    mode: '0660'
-
-- name: enable runner
-  notify: restart runner
-  ansible.builtin.service:
-    name: "{{ RUNNER_SERVICE_NAME }}"
-    enabled: yes