From ac0f0d358bf346781f372d3f68c6e98aa90a7aa6 Mon Sep 17 00:00:00 2001
From: Ryan Hamilton <ryanehamil@outlook.com>
Date: Sun, 29 Jun 2025 23:07:29 -0500
Subject: [PATCH] refactor: update condition for removing legacy Docker APT
 source and add checks for GPG key

---
 playbooks/install-standard-docker.yml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/playbooks/install-standard-docker.yml b/playbooks/install-standard-docker.yml
index 292acc1..899218b 100644
--- a/playbooks/install-standard-docker.yml
+++ b/playbooks/install-standard-docker.yml
@@ -16,11 +16,12 @@
       ignore_errors: true
       changed_when: false
 
-    - name: Remove legacy docker APT source if present
+    - name: Remove legacy docker APT source if missing signed-by
       file:
         path: "{{ docker_repo_file }}"
         state: absent
-      when: docker_installed.rc != 0 or "signed-by=" not in (lookup("file", docker_repo_file, errors="ignore") or "")
+      when: docker_installed.rc != 0 or
+        "signed-by=" not in (lookup("file", docker_repo_file, errors="ignore") or "")
 
     - name: Ensure keyring directory exists
       file:
@@ -34,6 +35,16 @@
         dest: "{{ docker_key_path }}"
         mode: "0644"
 
+    - name: Stat Docker GPG key file
+      stat:
+        path: "{{ docker_key_path }}"
+      register: docker_key_stat
+
+    - name: Fail early if key file is missing or unreadable
+      fail:
+        msg: "Docker GPG key is missing or unreadable"
+      when: not docker_key_stat.stat.exists or docker_key_stat.stat.size == 0
+
     - name: Add Docker APT repository (signed-by style)
       apt_repository:
         repo: "deb [arch=amd64 signed-by={{ docker_key_path }}] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} stable"