---
- name: install podman for rootless CI job containers
  become: true
  ansible.builtin.dnf:
    name:
      - podman
    state: present
  tags: gitea-actions

- name: look up gitea-runner uid
  become: true
  changed_when: false
  check_mode: false
  ansible.builtin.command: id -u {{ gitea_runner_user }}
  register: gitea_runner_id
  tags:
    - gitea-actions
    - always

- name: set gitea_runner_uid fact
  ansible.builtin.set_fact:
    gitea_runner_uid: "{{ gitea_runner_id.stdout | trim }}"
  tags:
    - gitea-actions
    - always

# Rootless podman needs subuid/subgid ranges for the runner user. Fedora's
# useradd normally assigns them automatically; ensure they exist regardless.
- name: check gitea-runner subuid mapping
  become: true
  ansible.builtin.command: grep -q "^{{ gitea_runner_user }}:" /etc/subuid
  register: gitea_runner_subuid
  changed_when: false
  failed_when: false
  tags: gitea-actions

- name: assign subuid/subgid ranges for gitea-runner
  become: true
  ansible.builtin.command: >-
    usermod
    --add-subuids 100000000-100065535
    --add-subgids 100000000-100065535
    {{ gitea_runner_user }}
  when: gitea_runner_subuid.rc != 0
  register: gitea_runner_subuid_added
  tags: gitea-actions

- name: migrate gitea-runner podman storage to new id mapping
  become: true
  become_user: "{{ gitea_runner_user }}"
  ansible.builtin.command: podman system migrate
  environment:
    XDG_RUNTIME_DIR: "/run/user/{{ gitea_runner_uid }}"
  when: gitea_runner_subuid_added is changed
  changed_when: true
  tags: gitea-actions

- name: enable rootless podman socket for gitea-runner
  become: true
  become_user: "{{ gitea_runner_user }}"
  ansible.builtin.systemd:
    name: podman.socket
    scope: user
    enabled: true
    state: started
    daemon_reload: true
  environment:
    XDG_RUNTIME_DIR: "/run/user/{{ gitea_runner_uid }}"
  tags: gitea-actions