chore: release to public

.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.github/workflows/molecule.yml

@@ -0,0 +1,32 @@
+on: push
+
+jobs:
+  # TODO: Find a way to run against a Gitlab instance for testing
+  #molecule:
+  #  name: Run molecule against role
+  #  runs-on: ubuntu-latest
+  #  steps:
+  #    - uses: actions/checkout@v4
+
+  #    - uses: actions/setup-python@v5
+  #      with:
+  #        cache: pip
+
+  #    # TODO: Remove `requests` version pin https://github.com/ansible-community/molecule-plugins/issues/256
+  #    - run: python3 -m pip install ansible molecule molecule-docker 'requests<2.32.0'
+
+  #    - run: molecule test
+
+  lint:
+    name: Lint role
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          cache: pip
+
+      - run: python3 -m pip install ansible ansible-lint yamllint
+
+      - run: ansible-lint .

.github/workflows/release.yml

@@ -0,0 +1,17 @@
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  ansible-galaxy:
+    name: Publish on Ansible Galaxy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name:
+        uses: robertdebock/galaxy-action@1.2.1
+        with:
+          git_branch: main
+          galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}

.gitignore

@@ -0,0 +1,5 @@
+*.retry
+.kitchen/
+.kitchen.local.yml
+.idea/
+tests/roles/external/

.yamllint

@@ -0,0 +1,30 @@
+---
+extends: default
+
+# ignore-from-file: .gitignore
+ignore: |
+  .devcontainer/
+  .idea/
+
+rules:
+  line-length:
+    max: 120
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
+    check-keys: true
+  comments:
+    # https://github.com/prettier/prettier/issues/6780
+    min-spaces-from-content: 1
+  # https://github.com/adrienverge/yamllint/issues/384
+  comments-indentation: false
+  document-start: disable
+  # 160 chars was the default used by old E204 rule, but
+  # you can easily change it or disable in your .yamllint file.
+  braces:
+    min-spaces-inside: 0 # yamllint defaults to 0
+    max-spaces-inside: 1 # yamllint defaults to 0
+  # key-duplicates:
+  #   forbid-duplicated-merge-keys: true # not enabled by default
+  octal-values:
+    forbid-implicit-octal: true # yamllint defaults to false
+    forbid-explicit-octal: true # yamllint defaults to false

README.md

@@ -0,0 +1,137 @@
+# GitLab Runner Ansible role
+
+This Ansible role installs and configures GitLab runner.
+
+**Please note:** Only the **docker** and **shell** executor is supported. Other executors are
+untested and may not work out of the box with this role.
+
+Currently supported operating systems:
+- Debian 12
+
+## Requirements
+This role has been tested with the following dependencies:
+
+`ansible_core` >= `2.17.1`
+Ansible Collections
+  - `community.general` >= `9.2.0`
+Python >= `3.11.2`
+
+### Testing
+- `molecule` >= `24.7.0`
+- `molecule-plugins[docker]` >= `23.5.3`
+
+## Role Variables
+### Required
+- `gitlab_access_token`: **Required.** GitLab Personal Access Token with `admin` scope.
+
+### Optional
+- `os_pkg_gitlab_runner`: Optional. Installation package name.
+- `gitlab_gpg_key_url`: Optional. URL for GitLab's official gpg key.
+- `gitlab_url`:Optional. URL of GitLab server.
+- `gitlab_apt_repository_url`: Optional. GitLab Runner apt repository URL.
+- `apt_os_dependencies`: Optional. OS dependencies that should be installed.
+
+- `runner_count`: Optional. The number of runner instances.
+- `runner_name`: Optional. The runner's name.
+- `runner_executor`: Optional. The runner's executor that is used to run your
+builds.
+- `runner_concurrent`: Optional. Limits how many jobs globally can be run
+concurrently.
+- `runner_builds_limit`: Optional. Maximum number of builds processed by a
+runner.
+- `runner_is_locked`: Optional. If true, runner cannot be assigned to other
+projects.
+- `runner_is_paused`: Optional. If true, runner will not receive any new jobs.
+- `runner_run_untagged_builds`: Optional. Register to run untagged builds.
+- `runner_tags`: Optional. List of tags.
+- `runner_metrics_enabled`: Optional. If true, runner will expose Prometheus
+metrics via embedded HTTP server.
+- `runner_metrics_listen_address`. Optional. `<host>:<port>` address on which
+the Prometheus metrics HTTP server should be listening (default: `':9252'`).
+
+- `runner_docker_image`: Optional. Docker image to be used.
+- `runner_docker_privileged`: Optional. Give extended privileges to docker
+container.
+- `runner_docker_services_timeout`: Optional. How long to wait for service
+startup.
+- `runner_stop_timeout`: Optional. Timeout in seconds for the service stop
+command after which systemd will just `SIGKILL` the process.
+
+- `runner_user`: Optional. User that will be used to run the runner. Only used
+if `runner_executor` is set to `shell`.
+- `runner_group`: Optional. Group that will be used to run the runner. Only used
+if `runner_executor` is set to `shell`.
+
+- `force_unregistration`: Optional. Force unregistration of all existing runners,
+- `force_reregistration`: Optional. Force unregistration of all existing
+runners  before registration.
+
+- `runner_cleanup_is_enabled`: Optional. If true, GitLab Runner cleanup tool
+will be used.
+- `runner_cleanup_container_name`: Optional. GitLab Runner cleanup container
+name.
+- `runner_cleanup_container_image`: Optional. GitLab Runner cleanup container
+image.
+- `runner_cleanup_volumes`: Optional. GitLab Runner cleanup volumes.
+- `runner_cleanup_env`: Optional. GitLab Runner cleanup environment variables.
+
+- `runner_config_path`: Optional. Path to GitLab Runner's configuration file
+(TOML format).
+
+- `env_compose_http_timeout`: Optional. Value for `COMPOSE_HTTP_TIMEOUT`
+environment variable injected to build environment.
+- `env_docker_driver`: Optional. Value for `DOCKER_DRIVER` environment variable
+injected to build environment.
+- `env_docker_tls_certdir`: Optional. Value for `DOCKER_TLS_CERTDIR`
+environment variable injected to build environment.
+
+## Dependencies
+
+- [geerlingguy.docker](https://github.com/geerlingguy/ansible-role-docker) to use the `docker` executor
+
+## Example Playbook
+
+```yaml
+- hosts: servers
+  become: true
+  vars:
+    gitlab_access_token: "xxxxx-oemL-tu-cvi"
+  tasks:
+    - name: "Include netresearch.gitlab_runner"
+      ansible.builtin.include_role:
+        name: "netresearch.gitlab_runner"
+```
+
+## Testing
+
+For testing we use `Molecule` in combination with `Docker`.
+For more information see:
+- [Test requirements](molecule/default/INSTALL.rst)
+- [Molecule](https://molecule.readthedocs.io/en/latest/)
+
+Additionally we have two scenarios:
+- Debian 12
+
+1. Get a GitLab PAT with the `admin` scope.
+2. For starting the tests, please run:
+    ```bash
+    molecule test -- --extra-vars "gitlab_access_token=<TOKEN>"
+    ```
+    For development you can also run the test step-by-step for Debian scenario:
+    ```bash
+    # create testing environment
+    molecule create
+
+    # rollout Ansible config
+    molecule converge -- --extra-vars "gitlab_access_token=TOKEN_HERE"
+
+    # start tests
+    molecule verify
+
+    # login into the testing environment
+    molecule login --host <hostname_in_molecule.yml>
+    ```
+
+## License
+
+AGPL-3.0-or-later

defaults/main.yml

@@ -0,0 +1,36 @@
+---
+os_pkg_gitlab_runner: "gitlab-runner"
+gitlab_gpg_key_url: https://packages.gitlab.com/runner/gitlab-runner/gpgkey
+gitlab_url: "YOUR_GITLAB_URL"
+gitlab_apt_repository_url: https://packages.gitlab.com/runner/gitlab-runner/
+gitlab_access_token: "YOUR_ACCESS_TOKEN"
+
+runner_count: 1
+runner_concurrent: 1
+runner_name: "{{ ansible_hostname }}"
+runner_executor: docker
+runner_is_locked: false
+runner_is_paused: false
+runner_run_untagged_builds: true
+runner_tags:
+runner_metrics_enabled: false
+runner_stop_timeout: 3600
+
+runner_docker_volume_mount_daemon: "/etc/docker/daemon.json:/etc/docker/daemon.json:ro"
+runner_docker_volume_mount_ssl: "/etc/ssl/certs:/etc/ssl/certs:ro"
+runner_docker_image: "docker:stable"
+runner_docker_privileged: false
+runner_docker_services_timeout: 90
+
+runner_user: gitlab-runner
+runner_home: /home/gitlab-runner
+
+force_reregistration: false
+force_unregistration: false
+
+runner_cleanup_is_enabled: true
+runner_config_path: /etc/gitlab-runner/config.toml
+
+env_compose_http_timeout: 360
+env_docker_driver: overlay2
+env_docker_tls_certdir:

handlers/main.yml

@@ -0,0 +1,11 @@
+---
+# handlers file for ansible-role-gitlab-runner
+- name: Restart gitlab-runner service
+  ansible.builtin.service:
+    name: gitlab-runner
+    state: restarted
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    name: gitlab-runner
+    daemon_reload: true

meta/main.yml

@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  role_name: gitlab_runner
+  namespace: netresearch
+  author: it@netresearch.de
+  description: Ansible role that installs and configures GitLab runner.
+  company: Netresearch DTT GmbH
+  license: AGPL-3.0-or-later
+  min_ansible_version: "2.17.1"
+  platforms:
+    - name: Debian
+      versions:
+        - bookworm
+  galaxy_tags: []
+dependencies: []

molecule/default/INSTALL.rst

@@ -0,0 +1,22 @@
+*********************************
+Docker driver installation guide
+*********************************
+
+Requirements
+============
+
+* Docker
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip3 install ansible ansible-lint molecule "molecule-plugins[docker]"

molecule/default/cleanup.yml

@@ -0,0 +1,10 @@
+---
+- name: Cleanup
+  hosts: all
+  become: true
+  vars:
+    force_unregistration: true
+  tasks:
+    - name: "Include netresearch.gitlab_runner"
+      ansible.builtin.include_role:
+        name: "netresearch.gitlab_runner"

molecule/default/converge.yml

@@ -0,0 +1,10 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+  vars:
+    runner_run_untagged_builds: false
+  tasks:
+    - name: "Include netresearch.gitlab_runner"
+      ansible.builtin.include_role:
+        name: "netresearch.gitlab_runner"