Write env vars to file instead of relying on sudo -E

The nohup + sudo -E approach wasn't reliably passing environment
variables to the script. Now we:
1. Write all env vars to /tmp/lambda-gha-scripts/env.sh
2. Source that file before running the setup script

Also updated update-lmbda-ssh to just write the HostName (other SSH
settings stay in ~/.ssh/config).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: ryan-williams

scripts/update-lmbda-ssh

@@ -1,12 +1,15 @@
 #!/usr/bin/env bash
 # Update the lmbda SSH host IP from the current running Lambda instance
 # Usage: ./scripts/update-lmbda-ssh [instance_id]
+#
+# Setup: Add to top of ~/.ssh/config:
+#   Include /Users/ryan/c/oa/lambda-gha/tmp/lmbda-ip.conf
 
 set -e
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
-SSH_CONF="$PROJECT_DIR/tmp/lmbda-ssh.conf"
+SSH_CONF="$PROJECT_DIR/tmp/lmbda-ip.conf"
 
 # Get instance IP (either by ID or first active instance)
 if [ -n "$1" ]; then
@@ -23,17 +26,11 @@ fi
 # Create tmp dir if needed
 mkdir -p "$PROJECT_DIR/tmp"
 
-# Write SSH config fragment
+# Write just the Host block with HostName (other settings in ~/.ssh/config)
 cat > "$SSH_CONF" <<EOF
 # Auto-generated by scripts/update-lmbda-ssh
-# Include this in ~/.ssh/config with: Include $SSH_CONF
 Host lmbda
     HostName $IP
-    User ubuntu
-    IdentitiesOnly yes
-    IdentityFile ~/.ssh/lambda_ecdsa
-    StrictHostKeyChecking no
-    UserKnownHostsFile /dev/null
 EOF
 
 echo "Updated $SSH_CONF with IP: $IP"

src/lambda_gha/start.py

@@ -456,15 +456,26 @@ def execute_setup_via_ssh(
             if scp_result.returncode != 0:
                 raise RuntimeError(f"Failed to SCP {dest_name}: {scp_result.stderr}")
 
-        # Build env export commands (add SCRIPTS_DIR for local script access)
+        # Add SCRIPTS_DIR for local script access
         env_vars["SCRIPTS_DIR"] = "/tmp/lambda-gha-scripts"
-        env_exports = "\n".join(f'export {k}="{v}"' for k, v in env_vars.items())
 
-        # Build the setup command: export vars, run script from scripts dir
-        setup_cmd = f'''
-{env_exports}
+        # Write env vars to a file on the instance (more reliable than sudo -E)
+        env_file_content = "\n".join(f'export {k}="{v}"' for k, v in env_vars.items())
+        write_env_cmd = f"cat > /tmp/lambda-gha-scripts/env.sh << 'ENVEOF'\n{env_file_content}\nENVOF"
+
+        print(f"Writing environment file to instance...")
+        env_result = subprocess.run(
+            ["ssh"] + ssh_opts + [f"{ssh_user}@{ip}", write_env_cmd],
+            capture_output=True,
+            text=True,
+        )
+        if env_result.returncode != 0:
+            raise RuntimeError(f"Failed to write env file: {env_result.stderr}")
+
+        # Build the setup command: source env file, then run script
+        setup_cmd = '''
 chmod +x /tmp/lambda-gha-scripts/*.sh
-sudo -E nohup /tmp/lambda-gha-scripts/runner-setup.sh > /var/log/runner-setup.log 2>&1 &
+sudo bash -c 'source /tmp/lambda-gha-scripts/env.sh && nohup /tmp/lambda-gha-scripts/runner-setup.sh > /var/log/runner-setup.log 2>&1 &'
 '''
 
         print(f"Executing setup script...")