From b85ed4d1767190a116c7dc2f064a9c9d3d0b6d0a Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Wed, 27 Nov 2024 14:38:25 +0100
Subject: [PATCH 1/2] Make use of other keyring

---
 .github/workflows/ci.yml |  1 +
 tasks/repository.yml     | 25 ++++++++++++++++++-------
 vars/main.yml            | 13 +++++++++++--
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 70e6297..d204d7b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -45,6 +45,7 @@ jobs:
       matrix:
         include:
           - distro: debian10
+            ansible-version: '>=9, <10'
           - distro: debian11
           - distro: debian12
           - distro: ubuntu1804
diff --git a/tasks/repository.yml b/tasks/repository.yml
index 9c101b0..a8bfbd8 100644
--- a/tasks/repository.yml
+++ b/tasks/repository.yml
@@ -9,19 +9,30 @@
   tags:
     - yarn-repository-install-dependencies
 
-- name: repository | add public key
-  ansible.builtin.apt_key:
-    id: 1646B01B86E50310
-    url: https://dl.yarnpkg.com/debian/pubkey.gpg
-    state: present
+- name: repository | (keyrings) directory | create
+  ansible.builtin.file:
+    path: "{{ yarn_keyring_dst | dirname }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
   tags:
-    - yarn-repository-public-key
+    - yarn-repository-keyrings-directory-create
+
+- name: repository | (keyring) file | download  # noqa command-instead-of-module risky-shell-pipe
+  ansible.builtin.shell: >
+    wget -O- {{ yarn_keyring_src }} | gpg --dearmor | tee {{ yarn_keyring_dst }} > /dev/null
+  args:
+    creates: "{{ yarn_keyring_dst }}"
+  tags:
+    - yarn-repository-keyring-file-download
 
 - name: repository | add
   ansible.builtin.apt_repository:
     repo: "{{ item.type }} {{ item.url }} {{ item.component }}"
-    state: present
+    state: "{{ item.state | default('present') }}"
     update_cache: true
+    mode: 0644
   with_items: "{{ yarn_repositories }}"
   tags:
     - yarn-repository-add
diff --git a/vars/main.yml b/vars/main.yml
index 1842c97..2521168 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,13 +1,22 @@
 # vars file
 ---
+yarn_keyring_src: https://dl.yarnpkg.com/debian/pubkey.gpg
+yarn_keyring_dst: /usr/share/keyrings/yarn.gpg
 yarn_repositories:
+  - type: "deb [signed-by={{ yarn_keyring_dst }}]"
+    url: 'https://dl.yarnpkg.com/debian/'
+    component: stable
   - type: deb
-    url: 'https://dl.yarnpkg.com/debian/ stable'
-    component: main
+    url: 'https://dl.yarnpkg.com/debian/'
+    component: stable
+    state: absent
 
 yarn_dependencies_pre:
   - software-properties-common
   - dirmngr
+  - apt-transport-https
+  - wget
+  - coreutils
 
 yarn_dependencies:
   - yarn

From 377f478207566130d101d4cb0b1732bbd90aa148 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Wed, 27 Nov 2024 14:43:31 +0100
Subject: [PATCH 2/2] Fix repo configuration

---
 vars/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/vars/main.yml b/vars/main.yml
index 2521168..f6f1b8f 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -4,11 +4,11 @@ yarn_keyring_src: https://dl.yarnpkg.com/debian/pubkey.gpg
 yarn_keyring_dst: /usr/share/keyrings/yarn.gpg
 yarn_repositories:
   - type: "deb [signed-by={{ yarn_keyring_dst }}]"
-    url: 'https://dl.yarnpkg.com/debian/'
-    component: stable
+    url: 'https://dl.yarnpkg.com/debian/ stable'
+    component: main
   - type: deb
-    url: 'https://dl.yarnpkg.com/debian/'
-    component: stable
+    url: 'https://dl.yarnpkg.com/debian/ stable'
+    component: main
     state: absent
 
 yarn_dependencies_pre: