---
- name: check if Docker PGP key is already present
  ansible.builtin.stat:
    path: /usr/share/keyrings/docker-archive-keyring.gpg
  register: docker_gpg_presence
- name: download armored Docker PGP key
  ansible.builtin.get_url:
    url: https://download.docker.com/linux/debian/gpg
    dest: /tmp/docker.gpg
  when: not docker_gpg_presence.stat.exists
- name: ensure unarmored Docker PGP key is present
  ansible.builtin.command:
    cmd: gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg /tmp/docker.gpg
  when: not docker_gpg_presence.stat.exists
- name: remove temporary armored Docker PGP key
  ansible.builtin.file:
    path: /tmp/docker.gpg
    state: absent
  when: not docker_gpg_presence.stat.exists