provide PACKAGES_TOKEN secret

ansible/arcodange/factory/roles/gitea_secret/defaults/main.yml

@@ -0,0 +1,11 @@
+gitea_username: arcodange
+gitea_organization: arcodange-org
+
+# URL de base du serveur Gitea
+gitea_base_url: http://{{ groups.gitea[0] }}:3000
+
+gitea_secret_name: "my_secret"      # The name of the secret to put
+gitea_secret_value: "super_secret_value"  # The value of the secret
+gitea_owner_type: "user"            # Can be "user" or "organization"
+gitea_owner_name: >-  # Username or organization name
+  {{ (gitea_owner_type == 'user') | ternary(gitea_username, gitea_organization) }}

ansible/arcodange/factory/roles/gitea_secret/tasks/main.yml

@@ -0,0 +1,37 @@
+- name: Generate Gitea Token
+  include_role:
+    name: arcodange.factory.gitea_token
+
+- name: Préparer l'URL de l'API pour mettre à jour ou ajouter un secret
+  set_fact:
+    gitea_api_url: |
+      {{
+        gitea_base_url ~ "/api/v1/"
+        ~ ((gitea_owner_type == 'user') | ternary('user', 'orgs/' ~ gitea_owner_name))  
+        ~ "/actions/secrets/" ~ gitea_secret_name
+      }}
+
+- name: Ajouter ou mettre à jour le secret
+  uri:
+    url: "{{ gitea_api_url }}"
+    method: PUT
+    headers:
+      Authorization: "token {{ gitea_api_token }}"
+      Content-Type: "application/json"
+    body_format: json
+    body: |
+      {
+        "name": "{{ gitea_secret_name }}",
+        "data": "{{ gitea_secret_value }}"
+      }
+    status_code:
+      - 201
+      - 204
+  register: gitea_secret_update
+
+- name: Afficher la réponse après l'ajout ou la mise à jour du secret
+  debug:
+    msg: >-
+      Secret {{ gitea_secret_name }}
+      {{ (gitea_secret_update.status == 204) | ternary('mis à jour','créé') }}
+      pour {{ gitea_owner_type }} {{ gitea_owner_name }}.

ansible/arcodange/factory/roles/gitea_token/defaults/main.yml

@@ -1,4 +1,8 @@
 gitea_user_name: arcodange
 gitea_container_name: gitea
 gitea_token_scopes: write:admin,write:organization,write:package,write:repository,write:user
-# gitea_base_url: 'http://{{ groups.gitea[0] }}:3000'
+gitea_token_fact_name: gitea_api_token
+gitea_base_url: 'http://{{ groups.gitea[0] }}:3000'
+gitea_token_replace: false
+gitea_token_name: ansible-{{ ansible_date_time.iso8601 }} # require gathering facts
+gitea_token_delete: false # only delete token

ansible/arcodange/factory/roles/gitea_token/tasks/main.yml

@@ -1,10 +1,12 @@
 # to see generated tokens
 # go to https://gitea.arcodange.duckdns.org/user/settings/applications
 
-- when: gitea_api_token is undefined
+- when: lookup('ansible.builtin.varnames', '^' ~ gitea_token_fact_name ~ '$') | length == 0 or gitea_token_delete
   block:
     
-    - name: Create new token for ansible
+    - &createTokenTask
+      name: Create new token for ansible
+      when: not gitea_token_delete
       delegate_to: "{{ groups.gitea[0] }}"
       delegate_facts: true
       ansible.builtin.command: >-
@@ -13,11 +15,29 @@
         --username {{ gitea_user_name }}
         --token-name {{ gitea_token_name }}
         --raw
-        --scopes {{gitea_token_scopes}}
+        --scopes {{ gitea_token_scopes }}
       register: gitea_api_token_cmd
-      vars:
-        # ansible_date_time requires having gathered facts
-        gitea_token_name: ansible-{{ ansible_date_time.iso8601 }}
+      ignore_errors: '{{ gitea_token_replace }}'
+    
+    - name: replace token
+      when:
+        - gitea_token_delete or gitea_api_token_cmd.rc != 0
+        - gitea_token_delete or "'access token name has been used already' in gitea_api_token_cmd.stderr"
+        - gitea_token_delete or gitea_token_replace
+        - gitea_api_token is defined
+      block:
+        - name: "delete token{{ gitea_token_replace | ternary(' to replace','') }}"
+          uri:
+            url: "{{ gitea_base_url }}/api/v1/users/{{ gitea_user_name }}/tokens/{{ gitea_token_name }}"
+            method: DELETE
+            headers:
+              Authorization: "Basic {{ (gitea_user_name ~ ':' ~ gitea_api_token) | b64encode }}"
+              Accept: application/json'
+            status_code: 204
+        - <<: *createTokenTask
+          ignore_errors: false
+          register: gitea_api_token_cmd_bis
 
     - ansible.builtin.set_fact:
-        gitea_api_token: '{{ gitea_api_token_cmd.stdout }}'
+        '{{ gitea_token_fact_name }}': '{{ (gitea_api_token_cmd.rc == 0) | ternary(gitea_api_token_cmd.stdout, gitea_api_token_cmd_bis.stdout) }}'
+      when: not gitea_token_delete