SEC-1533: Remove ssh key requirement

[Alexander-Cairns]

Summary by CodeRabbit

• New Features

  • SSH key input is now optional instead of required.

• Improvements

  • Composer authentication setup has been reorganized for better clarity.
  • SSH key configuration now runs conditionally—only when an SSH key is provided.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The action.yml workflow configuration has been refactored to make SSH key setup optional and separate composer credentials initialization into two distinct steps: auth.json setup (unconditional) and SSH configuration (conditional on ssh-key input presence).

Changes

Cohort / File(s)	Change Summary
GitHub Actions workflow restructuring action.yml	Made ssh-key input optional; split "Setup Composer credentials" into two separate steps: (1) "Setup Composer auth.json" runs unconditionally to create .ddev/homeadditions/.composer/auth.json, (2) "Setup Composer ssh keys" conditionally runs when inputs.ssh-key is provided to configure SSH keys and permissions. Subsequent steps remain unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Verify conditional logic for SSH key step (if: inputs.ssh-key != '' or similar guard)
• Confirm auth.json step correctly handles missing or empty composer-auth input
• Check file path references (.ddev/homeadditions/...) are correct
• Validate that decoupling the two steps doesn't introduce dependency issues

Poem

🐰 Two steps now dance where one did dwell,
With SSH optional—a flexible spell.
Auth.json first, then keys if they're near,
Conditions control what actions appear! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately reflects the main change: making SSH key input optional rather than required, which is the core objective of this pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch SEC-1533

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7beafec and 70c652f.

📒 Files selected for processing (1)

• action.yml (2 hunks)

🔇 Additional comments (2)

action.yml (2)

14-14: ✓ SSH key requirement correctly changed to optional.

The change from required: true to required: false aligns with the PR objective to remove the SSH key requirement.

---

37-41: ✓ Composer auth.json setup step is well-structured.

The new unconditional step correctly creates the directory hierarchy and populates the auth.json file from the required composer-auth input. This ensures composer authentication is always available regardless of SSH key provision.

[github-actions]

Tag generated by PR: v2.1.0