From 9235ec44a46fc8532378b2332c0c1e026b0635fb Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 30 Jan 2026 02:44:13 +0000
Subject: [PATCH] fix: Add proper SSH key cleanup step

Co-authored-by: jmiller-moko <230051081+jmiller-moko@users.noreply.github.com>
---
 .github/workflows/reusable-deploy.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml
index a19ce9b..afcae2f 100644
--- a/.github/workflows/reusable-deploy.yml
+++ b/.github/workflows/reusable-deploy.yml
@@ -147,9 +147,6 @@ jobs:
           echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/deploy_key
           chmod 600 ~/.ssh/deploy_key
           ssh-keyscan -H "${{ secrets.DEPLOY_HOST }}" >> ~/.ssh/known_hosts
-          
-          # Ensure cleanup happens even on failure
-          trap 'rm -f ~/.ssh/deploy_key' EXIT
 
       - name: Deploy via rsync
         if: inputs.deployment-method == 'rsync'
@@ -251,6 +248,12 @@ jobs:
           echo "❌ Health check failed after ${TIMEOUT}s" >> $GITHUB_STEP_SUMMARY
           exit 1
 
+      - name: Cleanup SSH key
+        if: always() && (inputs.deployment-method == 'ssh' || inputs.deployment-method == 'rsync')
+        run: |
+          rm -f ~/.ssh/deploy_key
+          echo "SSH key cleaned up"
+
       - name: Update deployment status (success)
         if: success()
         uses: chrnorm/deployment-status@v2