fix: use venv pip explicitly to avoid system pip restrictions
Some checks failed
audit / audit (push) Failing after 44s
ci-cd / build (push) Failing after 5s
ci / build (push) Failing after 3s
autofix / fix (push) Failing after 17s
security-scanning / audit (push) Failing after 17s
test / test (push) Successful in 1s
ci-cd / deploy (push) Has been skipped
Some checks failed
audit / audit (push) Failing after 44s
ci-cd / build (push) Failing after 5s
ci / build (push) Failing after 3s
autofix / fix (push) Failing after 17s
security-scanning / audit (push) Failing after 17s
test / test (push) Successful in 1s
ci-cd / deploy (push) Has been skipped
ISSUE: Still hitting externally-managed-environment despite venv Root cause: Poetry installation using system pip instead of venv pip Solution: Use venv/bin/pip explicitly for all package installations Changes: - Use venv/bin/pip install poetry instead of pip install poetry - Use venv/bin/pip install safety bandit for security tools - Use venv/bin/safety and venv/bin/bandit for execution - Maintain source venv/bin/activate for environment context - Ensure all Python commands use isolated venv environment Updated workflows: - audit.yml: venv pip for poetry installation - fix.yml: venv pip for poetry + safety tools - security-scanning.yml: venv pip for poetry + security tools Expected results: - Poetry installed in virtual environment without system restrictions - Security tools installed and executed in venv - All Python dependencies managed in isolated environment - No more externally-managed-environment errors This ensures complete isolation from system Python and follows PEP 668 requirements while maintaining the nuclear fix approach.
This commit is contained in:
@@ -49,14 +49,6 @@ jobs:
|
||||
apt-get install -y python3 python3-pip python3-venv python3-full
|
||||
fi
|
||||
|
||||
if ! command -v pip >/dev/null 2>&1; then
|
||||
echo "Installing pip..."
|
||||
python3 -m pip install --upgrade pip
|
||||
fi
|
||||
|
||||
echo "Python version: $(python3 --version)"
|
||||
echo "Pip version: $(pip --version)"
|
||||
|
||||
echo "=== VIRTUAL ENVIRONMENT ==="
|
||||
# Create and use virtual environment
|
||||
python3 -m venv venv
|
||||
@@ -67,12 +59,13 @@ jobs:
|
||||
echo "Pip in venv: $(pip --version)"
|
||||
|
||||
echo "=== PYTHON DEPENDENCIES ==="
|
||||
# Use venv pip explicitly to avoid system pip
|
||||
if command -v poetry >/dev/null 2>&1; then
|
||||
echo "Poetry found, installing dependencies..."
|
||||
poetry install
|
||||
else
|
||||
echo "Installing poetry..."
|
||||
pip install poetry
|
||||
echo "Installing poetry with venv pip..."
|
||||
venv/bin/pip install poetry
|
||||
poetry install
|
||||
fi
|
||||
echo "✅ Python dependencies installed!"
|
||||
|
||||
@@ -47,11 +47,6 @@ jobs:
|
||||
apt-get install -y python3 python3-pip python3-venv python3-full
|
||||
fi
|
||||
|
||||
if ! command -v pip >/dev/null 2>&1; then
|
||||
echo "Installing pip..."
|
||||
python3 -m pip install --upgrade pip
|
||||
fi
|
||||
|
||||
echo "=== VIRTUAL ENVIRONMENT ==="
|
||||
# Create and use virtual environment
|
||||
python3 -m venv venv
|
||||
@@ -62,20 +57,21 @@ jobs:
|
||||
echo "Pip in venv: $(pip --version)"
|
||||
|
||||
echo "=== PYTHON DEPENDENCIES ==="
|
||||
# Use venv pip explicitly to avoid system pip
|
||||
if command -v poetry >/dev/null 2>&1; then
|
||||
echo "Poetry found, installing dependencies..."
|
||||
poetry install
|
||||
else
|
||||
echo "Installing poetry..."
|
||||
pip install poetry
|
||||
echo "Installing poetry with venv pip..."
|
||||
venv/bin/pip install poetry
|
||||
poetry install
|
||||
fi
|
||||
echo "✅ Python dependencies installed!"
|
||||
echo "=== SECURITY FIXES ==="
|
||||
# Check for common Python security issues
|
||||
echo "Running safety check..."
|
||||
pip install safety
|
||||
safety check || echo "Safety check completed with warnings"
|
||||
venv/bin/pip install safety
|
||||
venv/bin/safety check || echo "Safety check completed with warnings"
|
||||
else
|
||||
echo "❌ No supported project type found!"
|
||||
exit 1
|
||||
|
||||
@@ -47,11 +47,6 @@ jobs:
|
||||
apt-get install -y python3 python3-pip python3-venv python3-full
|
||||
fi
|
||||
|
||||
if ! command -v pip >/dev/null 2>&1; then
|
||||
echo "Installing pip..."
|
||||
python3 -m pip install --upgrade pip
|
||||
fi
|
||||
|
||||
echo "=== VIRTUAL ENVIRONMENT ==="
|
||||
# Create and use virtual environment
|
||||
python3 -m venv venv
|
||||
@@ -62,20 +57,21 @@ jobs:
|
||||
echo "Pip in venv: $(pip --version)"
|
||||
|
||||
echo "=== PYTHON DEPENDENCIES ==="
|
||||
# Use venv pip explicitly to avoid system pip
|
||||
if command -v poetry >/dev/null 2>&1; then
|
||||
echo "Poetry found, installing dependencies..."
|
||||
poetry install
|
||||
else
|
||||
echo "Installing poetry..."
|
||||
pip install poetry
|
||||
echo "Installing poetry with venv pip..."
|
||||
venv/bin/pip install poetry
|
||||
poetry install
|
||||
fi
|
||||
echo "✅ Running security scan..."
|
||||
pip install safety bandit
|
||||
venv/bin/pip install safety bandit
|
||||
echo "=== Safety check (dependencies) ==="
|
||||
safety check || echo "Safety check completed"
|
||||
venv/bin/safety check || echo "Safety check completed"
|
||||
echo "=== Bandit check (code security) ==="
|
||||
bandit -r . -f json || echo "Bandit scan completed"
|
||||
venv/bin/bandit -r . -f json || echo "Bandit scan completed"
|
||||
else
|
||||
echo "❌ No supported project type found!"
|
||||
exit 1
|
||||
|
||||
Reference in New Issue
Block a user