From d674756bec3b52941944e79a92acd2b85fa1f1bb Mon Sep 17 00:00:00 2001
From: Jonathon <jonathon.graham@digital.trade.gov.uk>
Date: Thu, 12 Feb 2026 14:00:14 +0000
Subject: [PATCH 1/5] Added additional keys, as they can't be reused across
 multiple repos

Signed-off-by: DBT pre-commit check
---
 .github/workflows/org.terraform-ci.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/org.terraform-ci.yml b/.github/workflows/org.terraform-ci.yml
index ca977ad1..845c20dc 100644
--- a/.github/workflows/org.terraform-ci.yml
+++ b/.github/workflows/org.terraform-ci.yml
@@ -98,7 +98,10 @@ jobs:
         id: ssh-agent
         uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd  # v0.9.1
         with:
-          ssh-private-key: ${{ secrets.TERRAFORM_DEPLOY_KEY }}
+          ssh-private-key: |
+            ${{ secrets.TERRAFORM_CLOUDFRONT_CI_SSH }}
+            ${{ secrets.TERRAFORM_DATADOG_CI_SSH }}
+            ${{ secrets.TERRAFORM_PLATFORM_LOGGING_CI_SSH }}
 
       # ---- Provider cache (used by init/validate) ----
       - name: Prepare Terraform provider cache dir

From dd45094a54707ff5eb1ca01adb18f3a411fda78e Mon Sep 17 00:00:00 2001
From: Jonathon <jonathon.graham@digital.trade.gov.uk>
Date: Thu, 12 Feb 2026 14:53:57 +0000
Subject: [PATCH 2/5] Attempting to load SSH keys without using 3rd party
 action

Signed-off-by: DBT pre-commit check
---
 .github/workflows/org.terraform-ci.yml | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/org.terraform-ci.yml b/.github/workflows/org.terraform-ci.yml
index 845c20dc..8d5b13bc 100644
--- a/.github/workflows/org.terraform-ci.yml
+++ b/.github/workflows/org.terraform-ci.yml
@@ -94,14 +94,23 @@ jobs:
         run: |
           git config --global url."https://x-access-token:${TOKEN}@github.com/".insteadOf "https://github.com/"
           git config --global --get-regexp '^url\..*\.insteadOf$' || true
-      - name: Add SSH Key
-        id: ssh-agent
-        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd  # v0.9.1
-        with:
-          ssh-private-key: |
-            ${{ secrets.TERRAFORM_CLOUDFRONT_CI_SSH }}
-            ${{ secrets.TERRAFORM_DATADOG_CI_SSH }}
-            ${{ secrets.TERRAFORM_PLATFORM_LOGGING_CI_SSH }}
+      - name: Start SSH agent
+        run: |
+          eval "$(ssh-agent -s)"
+      - name: Add SSH keys
+        run: |
+          mkdir -p ~/.ssh
+          chmod 700 ~/.ssh
+    
+          echo "${{ TERRAFORM_CLOUDFRONT_CI_SSH }}" > ~/.ssh/TERRAFORM_CLOUDFRONT_CI_SSH
+          echo "${{ secrets.TERRAFORM_DATADOG_CI_SSH }}" > ~/.ssh/TERRAFORM_DATADOG_CI_SSH
+          echo "${{ secrets.TERRAFORM_PLATFORM_LOGGING_CI_SSH }}" > ~/.ssh/TERRAFORM_PLATFORM_LOGGING_CI_SSH
+    
+          chmod 600 ~/.ssh/TERRAFORM_CLOUDFRONT_CI_SSH ~/.ssh/TERRAFORM_DATADOG_CI_SSH ~/.ssh/TERRAFORM_PLATFORM_LOGGING_CI_SSH
+    
+          ssh-add ~/.ssh/TERRAFORM_CLOUDFRONT_CI_SSH
+          ssh-add ~/.ssh/TERRAFORM_DATADOG_CI_SSH
+          ssh-add ~/.ssh/TERRAFORM_PLATFORM_LOGGING_CI_SSH
 
       # ---- Provider cache (used by init/validate) ----
       - name: Prepare Terraform provider cache dir

From 6595cb6946dff2c313a53ef9d40ef6f02f2bb5f0 Mon Sep 17 00:00:00 2001
From: Jonathon <jonathon.graham@digital.trade.gov.uk>
Date: Thu, 12 Feb 2026 14:54:49 +0000
Subject: [PATCH 3/5] Missed secret annotation from variable

Signed-off-by: DBT pre-commit check
---
 .github/workflows/org.terraform-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/org.terraform-ci.yml b/.github/workflows/org.terraform-ci.yml
index 8d5b13bc..4ea9b4d7 100644
--- a/.github/workflows/org.terraform-ci.yml
+++ b/.github/workflows/org.terraform-ci.yml
@@ -102,7 +102,7 @@ jobs:
           mkdir -p ~/.ssh
           chmod 700 ~/.ssh
     
-          echo "${{ TERRAFORM_CLOUDFRONT_CI_SSH }}" > ~/.ssh/TERRAFORM_CLOUDFRONT_CI_SSH
+          echo "${{ secrets.TERRAFORM_CLOUDFRONT_CI_SSH }}" > ~/.ssh/TERRAFORM_CLOUDFRONT_CI_SSH
           echo "${{ secrets.TERRAFORM_DATADOG_CI_SSH }}" > ~/.ssh/TERRAFORM_DATADOG_CI_SSH
           echo "${{ secrets.TERRAFORM_PLATFORM_LOGGING_CI_SSH }}" > ~/.ssh/TERRAFORM_PLATFORM_LOGGING_CI_SSH
     

From c022673f0e8c3b99cf1dd39d92eb42b88e1bef49 Mon Sep 17 00:00:00 2001
From: Jonathon <jonathon.graham@digital.trade.gov.uk>
Date: Thu, 12 Feb 2026 14:56:55 +0000
Subject: [PATCH 4/5] Updated SSH agent to pass data to next steps

Signed-off-by: DBT pre-commit check
---
 .github/workflows/org.terraform-ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/org.terraform-ci.yml b/.github/workflows/org.terraform-ci.yml
index 4ea9b4d7..3cb47880 100644
--- a/.github/workflows/org.terraform-ci.yml
+++ b/.github/workflows/org.terraform-ci.yml
@@ -97,6 +97,8 @@ jobs:
       - name: Start SSH agent
         run: |
           eval "$(ssh-agent -s)"
+          echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> $GITHUB_ENV
+          echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> $GITHUB_ENV
       - name: Add SSH keys
         run: |
           mkdir -p ~/.ssh

From 2fd10979ce1ed2a6577298d2f174d609a2da305a Mon Sep 17 00:00:00 2001
From: Jonathon <jonathon.graham@digital.trade.gov.uk>
Date: Thu, 12 Feb 2026 15:07:16 +0000
Subject: [PATCH 5/5] Testing workflow again

Signed-off-by: DBT pre-commit check
---
 .github/workflows/org.terraform-ci.yml | 27 ++++++++------------------
 1 file changed, 8 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/org.terraform-ci.yml b/.github/workflows/org.terraform-ci.yml
index 3cb47880..845c20dc 100644
--- a/.github/workflows/org.terraform-ci.yml
+++ b/.github/workflows/org.terraform-ci.yml
@@ -94,25 +94,14 @@ jobs:
         run: |
           git config --global url."https://x-access-token:${TOKEN}@github.com/".insteadOf "https://github.com/"
           git config --global --get-regexp '^url\..*\.insteadOf$' || true
-      - name: Start SSH agent
-        run: |
-          eval "$(ssh-agent -s)"
-          echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> $GITHUB_ENV
-          echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> $GITHUB_ENV
-      - name: Add SSH keys
-        run: |
-          mkdir -p ~/.ssh
-          chmod 700 ~/.ssh
-    
-          echo "${{ secrets.TERRAFORM_CLOUDFRONT_CI_SSH }}" > ~/.ssh/TERRAFORM_CLOUDFRONT_CI_SSH
-          echo "${{ secrets.TERRAFORM_DATADOG_CI_SSH }}" > ~/.ssh/TERRAFORM_DATADOG_CI_SSH
-          echo "${{ secrets.TERRAFORM_PLATFORM_LOGGING_CI_SSH }}" > ~/.ssh/TERRAFORM_PLATFORM_LOGGING_CI_SSH
-    
-          chmod 600 ~/.ssh/TERRAFORM_CLOUDFRONT_CI_SSH ~/.ssh/TERRAFORM_DATADOG_CI_SSH ~/.ssh/TERRAFORM_PLATFORM_LOGGING_CI_SSH
-    
-          ssh-add ~/.ssh/TERRAFORM_CLOUDFRONT_CI_SSH
-          ssh-add ~/.ssh/TERRAFORM_DATADOG_CI_SSH
-          ssh-add ~/.ssh/TERRAFORM_PLATFORM_LOGGING_CI_SSH
+      - name: Add SSH Key
+        id: ssh-agent
+        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd  # v0.9.1
+        with:
+          ssh-private-key: |
+            ${{ secrets.TERRAFORM_CLOUDFRONT_CI_SSH }}
+            ${{ secrets.TERRAFORM_DATADOG_CI_SSH }}
+            ${{ secrets.TERRAFORM_PLATFORM_LOGGING_CI_SSH }}
 
       # ---- Provider cache (used by init/validate) ----
       - name: Prepare Terraform provider cache dir