First post here, I have created a very simple composite action (https://github.com/marketplace/actions/create-and-use-docker-ssh-context).
I am using this action to deploy to remote Docker swarm cluster by using Docker context.
I have seen a lot of other actions that has post-run steps with cleanup of secrets, docker logout, etc.
- Is it possible to add post-run steps to composite action?
- Does my action leaves ssh-key in ssh-agent after run, and is it possible that my private ssh-key can be compromised by running this action on GitHub hosted runners?