diff --git a/checkout-config/action.yml b/checkout-config/action.yml
index b42d4fd..9dcc967 100644
--- a/checkout-config/action.yml
+++ b/checkout-config/action.yml
@@ -1,30 +1,30 @@
-name: 'Checkout and Config Injection'
-description: 'Clones the project via SSH and injects configs from a separate repo'
+name: "Checkout and Config Injection"
+description: "Clones the project via SSH and injects configs from a separate repo"
 inputs:
   ssh_key:
-    description: 'SSH Private Key'
+    description: "SSH Private Key"
     required: true
   config_repo:
-    description: 'Configuration Repository Path (e.g., dev-ops/configs.git)'
+    description: "Configuration Repository Path (e.g., dev-ops/configs.git)"
     required: false
-    default: ''
+    default: ""
   config_repo_branch:
-    description: 'Configuration Repository Branch'
+    description: "Configuration Repository Branch"
     required: false
-    default: 'main'
+    default: "main"
   app_key:
-    description: 'Application Key in the config repo'
+    description: "Application Key in the config repo"
     required: true
   gitea_host:
-    description: 'Gitea Hostname'
+    description: "Gitea Hostname"
     required: false
-    default: 'gitea.hclife.co'
+    default: "gitea.hclife.co"
   gitea_port:
-    description: 'Gitea SSH Port'
+    description: "Gitea SSH Port"
     required: false
-    default: '2222'
+    default: "2222"
 runs:
-  using: 'composite'
+  using: "composite"
   steps:
     - name: Checkout and Config
       shell: bash
@@ -37,16 +37,27 @@ runs:
         GITEA_PORT: ${{ inputs.gitea_port }}
       run: |
         set -eu
-        
+
         SSH_TMP_DIR=$(mktemp -d)
         trap 'rm -rf "$SSH_TMP_DIR"' EXIT
-        
+
         echo "$SSH_KEY" > "$SSH_TMP_DIR/id_rsa"
         chmod 600 "$SSH_TMP_DIR/id_rsa"
+
+        # Ensure ssh-keyscan is available for strict host key checking
+        if ! command -v ssh-keyscan &> /dev/null; then
+          echo "ssh-keyscan not found, attempting to install..."
+          if command -v apk &> /dev/null; then
+            apk add --no-cache openssh-client
+          elif command -v apt-get &> /dev/null; then
+            export DEBIAN_FRONTEND=noninteractive
+            apt-get update && apt-get install -y openssh-client
+          fi
+        fi
+
         ssh-keyscan -p "$GITEA_PORT" "$GITEA_HOST" > "$SSH_TMP_DIR/known_hosts"
-        
         export GIT_SSH_COMMAND="ssh -i $SSH_TMP_DIR/id_rsa -o UserKnownHostsFile=$SSH_TMP_DIR/known_hosts -o StrictHostKeyChecking=yes"
-        
+
         echo "Initializing project repository..."
         git init
         git config --global --add safe.directory "$GITHUB_WORKSPACE"
@@ -57,7 +68,7 @@ runs:
         fi
         git fetch --depth 1 origin "${{ github.sha }}"
         git checkout FETCH_HEAD
-        
+
         if [ -n "$CONFIG_REPO" ]; then
           echo "Fetching optional config repository..."
           echo "Config repo: $CONFIG_REPO"