ADFA- =2286 ssh cleanup issues fix

[jomen-adfa]

Address ssh cleanup issues preventing generate assets and release assets workflow from completing successfully.

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[coderabbitai]

📝 Walkthrough

• Changes

  • Made SSH cleanup steps tolerant of failures by appending || true to cleanup commands so missing entries/files no longer fail workflows:
    • ssh-keygen -R "$SCP_HOST" 2>/dev/null || true and ssh-keygen -R "$SSH_HOST" 2>/dev/null || true
    • rmdir ~/.ssh 2>/dev/null || true
  • Applied changes in both .github/workflows/generate_assets.yml and .github/workflows/release.yml across the cleanup steps.

• Risks & Best-practice notes

  • Error suppression: Using || true (especially combined with 2>/dev/null) hides all errors — this can mask real failures and makes debugging/auditing difficult.
    • Recommendation: Detect and suppress only expected benign errors (e.g., check existence before removing) and log unexpected failures.
  • Security: Workflows appear to disable host key verification (StrictHostKeyChecking no) — increases MITM risk.
    • Recommendation: Prefer StrictHostKeyChecking accept-new or manage a known_hosts file securely.
  • Directory cleanup: rmdir ~/.ssh only succeeds if the directory is empty; silent failures may leave partial state.
    • Recommendation: Ensure the directory is empty before rmdir or use a careful targeted removal with checks (avoid blind rm -rf).
  • Variable consistency: Different host variables appear (SCP_HOST, SSH_HOST, possibly GREENGEEKS_HOST) — risk of mismatched cleanup behavior.
    • Recommendation: Standardize and validate host variable usage across setup and cleanup steps.

• Summary

  • These changes reduce flaky workflow failures by making cleanup non-fatal when artifacts are already absent, but at the cost of reduced error visibility and potential security/maintenance risks. Implement more granular error handling, logging, and variable consistency to mitigate those issues.

Walkthrough

Two GitHub Actions workflow files were modified to make specific SSH and filesystem cleanup commands non-fatal by appending || true, preventing those steps from failing the workflow when entries or directories are already absent.

Changes

Cohort / File(s)	Summary
Workflow cleanup non-fatal .github/workflows/generate_assets.yml, .github/workflows/release.yml	Appended `

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Homogeneous, small edits across two workflow files.
• Focus review on workflow steps where || true was added to ensure no unintended masking of other errors.

Possibly related PRs

• ADFA-2286 switch git lfs for greengeeks website #743 — Edits SSH cleanup behavior in the same workflow files; directly related to handling of cleanup commands.
• ADFA-2284 Push the 4am nightly build to a directory on the website #711 — Touches the release workflow SSH cleanup steps that these changes adjust to be non-fatal.

Suggested reviewers

• hal-eisen-adfa
• Daniel-ADFA

Poem

🐰 I nudged the cleanup to skip a frown,
With || true I patched the nightly gown.
Missing keys or folders, hush now, be still—
Workflows hop onward, up the hill! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title mentions 'ssh cleanup issues fix' which directly relates to the changes in both workflow files that add error tolerance to ssh cleanup commands.
Description check	✅ Passed	The description states the changes address 'ssh cleanup issues preventing generate assets and release assets workflow from completing successfully', which aligns with the modifications to both .github/workflows/generate_assets.yml and .github/workflows/release.yml.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch task/ADFA-2286-ssh-cleanup

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6a734b2 and 4e5e436.

📒 Files selected for processing (2)

• .github/workflows/generate_assets.yml (1 hunks)
• .github/workflows/release.yml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/generate_assets.yml
• .github/workflows/release.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Generate Assets Zips

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[hal-eisen-adfa]

LGTM