Skip to content

ADFA- =2286 ssh cleanup issues fix#751

Merged
jomen-adfa merged 5 commits intostagefrom
task/ADFA-2286-ssh-cleanup
Dec 18, 2025
Merged

ADFA- =2286 ssh cleanup issues fix#751
jomen-adfa merged 5 commits intostagefrom
task/ADFA-2286-ssh-cleanup

Conversation

@jomen-adfa
Copy link
Contributor

Address ssh cleanup issues preventing generate assets and release assets workflow from completing successfully.

Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 18, 2025

📝 Walkthrough
  • Changes

    • Made SSH cleanup steps tolerant of failures by appending || true to cleanup commands so missing entries/files no longer fail workflows:
      • ssh-keygen -R "$SCP_HOST" 2>/dev/null || true and ssh-keygen -R "$SSH_HOST" 2>/dev/null || true
      • rmdir ~/.ssh 2>/dev/null || true
    • Applied changes in both .github/workflows/generate_assets.yml and .github/workflows/release.yml across the cleanup steps.
  • Risks & Best-practice notes

    • Error suppression: Using || true (especially combined with 2>/dev/null) hides all errors — this can mask real failures and makes debugging/auditing difficult.
      • Recommendation: Detect and suppress only expected benign errors (e.g., check existence before removing) and log unexpected failures.
    • Security: Workflows appear to disable host key verification (StrictHostKeyChecking no) — increases MITM risk.
      • Recommendation: Prefer StrictHostKeyChecking accept-new or manage a known_hosts file securely.
    • Directory cleanup: rmdir ~/.ssh only succeeds if the directory is empty; silent failures may leave partial state.
      • Recommendation: Ensure the directory is empty before rmdir or use a careful targeted removal with checks (avoid blind rm -rf).
    • Variable consistency: Different host variables appear (SCP_HOST, SSH_HOST, possibly GREENGEEKS_HOST) — risk of mismatched cleanup behavior.
      • Recommendation: Standardize and validate host variable usage across setup and cleanup steps.
  • Summary

    • These changes reduce flaky workflow failures by making cleanup non-fatal when artifacts are already absent, but at the cost of reduced error visibility and potential security/maintenance risks. Implement more granular error handling, logging, and variable consistency to mitigate those issues.

Walkthrough

Two GitHub Actions workflow files were modified to make specific SSH and filesystem cleanup commands non-fatal by appending || true, preventing those steps from failing the workflow when entries or directories are already absent.

Changes

Cohort / File(s) Summary
Workflow cleanup non-fatal
.github/workflows/generate_assets.yml, .github/workflows/release.yml
Appended `

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

  • Homogeneous, small edits across two workflow files.
  • Focus review on workflow steps where || true was added to ensure no unintended masking of other errors.

Possibly related PRs

Suggested reviewers

  • hal-eisen-adfa
  • Daniel-ADFA

Poem

🐰 I nudged the cleanup to skip a frown,
With || true I patched the nightly gown.
Missing keys or folders, hush now, be still—
Workflows hop onward, up the hill! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title mentions 'ssh cleanup issues fix' which directly relates to the changes in both workflow files that add error tolerance to ssh cleanup commands.
Description check ✅ Passed The description states the changes address 'ssh cleanup issues preventing generate assets and release assets workflow from completing successfully', which aligns with the modifications to both .github/workflows/generate_assets.yml and .github/workflows/release.yml.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch task/ADFA-2286-ssh-cleanup

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6a734b2 and 4e5e436.

📒 Files selected for processing (2)
  • .github/workflows/generate_assets.yml (1 hunks)
  • .github/workflows/release.yml (2 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • .github/workflows/generate_assets.yml
  • .github/workflows/release.yml
⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Generate Assets Zips

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link
Collaborator

@hal-eisen-adfa hal-eisen-adfa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jomen-adfa jomen-adfa merged commit ecf441c into stage Dec 18, 2025
2 checks passed
@jomen-adfa jomen-adfa deleted the task/ADFA-2286-ssh-cleanup branch December 18, 2025 07:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants