From 763b8f8e8d50942197b8ebaa2232015fc9afab7c Mon Sep 17 00:00:00 2001
From: Karolis2011 <karolis@kkarolis.lt>
Date: Thu, 20 Nov 2025 00:02:42 +0200
Subject: [PATCH] fix: do not place shell wrapper in GITHUB_WORKSPACE; use
 RUNNER_TEMP or /tmp

---
 action.yml | 33 ++++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/action.yml b/action.yml
index 78f6ee8..60c36bc 100644
--- a/action.yml
+++ b/action.yml
@@ -149,13 +149,15 @@ runs:
     
     - name: Create SSH Remote Shell Wrapper
       id: setup-shell-wrapper
-      if: inputs.use-shell-wrapper == 'true'
       shell: bash
       run: |
-        # Create a unique temporary wrapper script. Prefer RUNNER_TEMP if set.
-        WRAPPER_DIR="${RUNNER_TEMP:-/tmp}"
+        # Create a unique temporary directory for the wrapper. Do NOT place
+        # the wrapper in the `GITHUB_WORKSPACE` to avoid polluting repo files.
+        # Prefer runner-specific temp folders (RUNNER_TEMP), then /tmp.
+        TEMP_DIR="${RUNNER_TEMP:-/tmp}"
+        WRAPPER_DIR=$(mktemp -d "$TEMP_DIR/setup-ssh-client-XXXXXX")"
         mkdir -p "$WRAPPER_DIR"
-        WRAPPER_PATH="$(mktemp "$WRAPPER_DIR/ssh-remote-shell-XXXXXX.sh")"
+        WRAPPER_PATH="$WRAPPER_DIR/ssh-remote-shell.sh"
         
         cat << 'WRAPPER_EOF' > "$WRAPPER_PATH"
         #!/bin/bash
@@ -185,17 +187,26 @@ runs:
         WRAPPER_EOF
         
         chmod +x "$WRAPPER_PATH"
-        echo "shell-wrapper-path=$WRAPPER_PATH" >> $GITHUB_OUTPUT
         echo "✅ SSH remote shell wrapper created at $WRAPPER_PATH"
-        echo ""
-        echo "To use the remote shell in subsequent steps, add:"
-        echo "  shell: ssh-remote"
-        echo ""
-        echo "The 'ssh-remote' shell is now available for use."
+        # We also create symlink without the .sh extension for use in path
+        if [ "${{ inputs.use-shell-wrapper }}" = "true" ]; then
+          ln -s "$WRAPPER_DIR/ssh-remote" "$WRAPPER_PATH"
+          echo ""
+          echo "To use the remote shell in subsequent steps, add:"
+          echo "  shell: ssh-remote"
+          echo ""
+          echo "The 'ssh-remote' shell is now available for use."
+        fi
+        echo "shell-wrapper-dir=$WRAPPER_DIR" >> $GITHUB_OUTPUT
+        echo "shell-wrapper-path=$WRAPPER_PATH" >> $GITHUB_OUTPUT
+
     
     - name: Register Custom Shell
       if: inputs.use-shell-wrapper == 'true'
       shell: bash
       run: |
-        echo "ssh-remote=${{ steps.setup-shell-wrapper.outputs.shell-wrapper-path }} {0}" >> "$GITHUB_ENV"
+        SHELL_WRAPPER_DIR="${{ steps.setup-shell-wrapper.outputs.shell-wrapper-dir }}"
+        # Register custom shell for this job
+        echo "Adding custom shell 'ssh-remote' to PATH"
+        echo "$SHELL_WRAPPER_DIR" >> $GITHUB_PATH
         echo "✅ Custom shell 'ssh-remote' registered for this job"