diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml index d8df592..a19ce9b 100644 --- a/.github/workflows/reusable-deploy.yml +++ b/.github/workflows/reusable-deploy.yml @@ -76,7 +76,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -128,10 +128,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v4 - name: Download build artifacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v4 with: name: deployment-package-${{ needs.detect.outputs.project-type }} path: ./dist @@ -139,10 +139,17 @@ jobs: - name: Setup SSH key if: inputs.deployment-method == 'ssh' || inputs.deployment-method == 'rsync' run: | + if [ -z "${{ secrets.DEPLOY_KEY }}" ]; then + echo "Error: DEPLOY_KEY secret is not set" + exit 1 + fi mkdir -p ~/.ssh echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/deploy_key chmod 600 ~/.ssh/deploy_key ssh-keyscan -H "${{ secrets.DEPLOY_HOST }}" >> ~/.ssh/known_hosts + + # Ensure cleanup happens even on failure + trap 'rm -f ~/.ssh/deploy_key' EXIT - name: Deploy via rsync if: inputs.deployment-method == 'rsync' diff --git a/.github/workflows/reusable-script-executor.yml b/.github/workflows/reusable-script-executor.yml index 48d1d62..294ea9b 100644 --- a/.github/workflows/reusable-script-executor.yml +++ b/.github/workflows/reusable-script-executor.yml @@ -65,11 +65,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v4 - name: Setup Python if: endsWith(inputs.script_path, '.py') - uses: actions/setup-python@v6 + uses: actions/setup-python@v5 with: python-version: ${{ inputs.python_version }} @@ -182,7 +182,7 @@ jobs: - name: Upload script output if: always() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v4 with: name: script-output-${{ github.run_id }} path: |