fix: do not place shell wrapper in GITHUB_WORKSPACE; use RUNNER_TEMP or /tmp

2025-11-20 00:02:42 +02:00 · 2025-11-20 00:02:42 +02:00 · 763b8f8e8d
commit 763b8f8e8d
parent b41a00431c
1 changed files with 22 additions and 11 deletions
--- a/action.yml
+++ b/action.yml
@ -149,13 +149,15 @@ runs:
    
    - name: Create SSH Remote Shell Wrapper
      id: setup-shell-wrapper
-      if: inputs.use-shell-wrapper == 'true'
      shell: bash
      run: |
-        # Create a unique temporary wrapper script. Prefer RUNNER_TEMP if set.
-        WRAPPER_DIR="${RUNNER_TEMP:-/tmp}"
+        # Create a unique temporary directory for the wrapper. Do NOT place
+        # the wrapper in the `GITHUB_WORKSPACE` to avoid polluting repo files.
+        # Prefer runner-specific temp folders (RUNNER_TEMP), then /tmp.
+        TEMP_DIR="${RUNNER_TEMP:-/tmp}"
+        WRAPPER_DIR=$(mktemp -d "$TEMP_DIR/setup-ssh-client-XXXXXX")"
        mkdir -p "$WRAPPER_DIR"
-        WRAPPER_PATH="$(mktemp "$WRAPPER_DIR/ssh-remote-shell-XXXXXX.sh")"
+        WRAPPER_PATH="$WRAPPER_DIR/ssh-remote-shell.sh"
        
        cat << 'WRAPPER_EOF' > "$WRAPPER_PATH"
        #!/bin/bash
@ -185,17 +187,26 @@ runs:
        WRAPPER_EOF
        
        chmod +x "$WRAPPER_PATH"
-        echo "shell-wrapper-path=$WRAPPER_PATH" >> $GITHUB_OUTPUT
        echo "✅ SSH remote shell wrapper created at $WRAPPER_PATH"
-        echo ""
-        echo "To use the remote shell in subsequent steps, add:"
-        echo "  shell: ssh-remote"
-        echo ""
-        echo "The 'ssh-remote' shell is now available for use."
+        # We also create symlink without the .sh extension for use in path
+        if [ "${{ inputs.use-shell-wrapper }}" = "true" ]; then
+          ln -s "$WRAPPER_DIR/ssh-remote" "$WRAPPER_PATH"
+          echo ""
+          echo "To use the remote shell in subsequent steps, add:"
+          echo "  shell: ssh-remote"
+          echo ""
+          echo "The 'ssh-remote' shell is now available for use."
+        fi
+        echo "shell-wrapper-dir=$WRAPPER_DIR" >> $GITHUB_OUTPUT
+        echo "shell-wrapper-path=$WRAPPER_PATH" >> $GITHUB_OUTPUT
+
    
    - name: Register Custom Shell
      if: inputs.use-shell-wrapper == 'true'
      shell: bash
      run: |
-        echo "ssh-remote=${{ steps.setup-shell-wrapper.outputs.shell-wrapper-path }} {0}" >> "$GITHUB_ENV"
+        SHELL_WRAPPER_DIR="${{ steps.setup-shell-wrapper.outputs.shell-wrapper-dir }}"
+        # Register custom shell for this job
+        echo "Adding custom shell 'ssh-remote' to PATH"
+        echo "$SHELL_WRAPPER_DIR" >> $GITHUB_PATH
        echo "✅ Custom shell 'ssh-remote' registered for this job"