PROGRESS: Nuclear fix working perfectly! Python project detected correctly.
Issue: 'pip: command not found' - Python environment not properly set up
Root cause: Runner missing Python3 and pip installation
Solution:
- Add Python environment setup to all workflows
- Install python3, python3-pip, python3-venv if not available
- Upgrade pip to latest version
- Verify Python and pip versions before proceeding
- Maintain same nuclear fix approach for workspace control
Updated workflows:
- audit.yml: Python setup + poetry install + audit
- fix.yml: Python setup + poetry install + safety fixes
- security-scanning.yml: Python setup + poetry install + security scans
Expected results:
- Python 3 installed and available
- pip upgraded and working
- Poetry installed for dependency management
- Security scanning tools (safety, bandit) installed
- All workflows should complete successfully
This should resolve the 'command not found' errors and enable
proper Python dependency management and security scanning.
BREAKTHROUGH: Nuclear fix is working! Repo successfully cloned to
/opt/gitea-runner/workspace/repo with all files present.
Issue: Workflows were looking for package.json in a Python project
Root cause: AITBC is a Python project (pyproject.toml + poetry.lock)
with minimal package.json for OpenZeppelin contracts only
Solution:
- Add project type detection in all workflows
- Handle both Node.js (package.json) and Python (pyproject.toml) projects
- For Python: install poetry, run 'poetry install'
- For Node.js: run 'npm install --legacy-peer-deps'
- Add appropriate security scanning for each project type
- Python: safety + bandit for security
- Node.js: npm audit for security
Updated workflows:
- audit.yml: Detects project type, runs appropriate tools
- fix.yml: Handles both Python and Node.js dependency fixes
- security-scanning.yml: Project-specific security scanning
This should resolve the 'package.json NOT found' error since the
workflows now properly detect and handle Python projects.
Issue: Only test.yml was working, other workflows failing
Root cause:
- audit.yml had 'debianname: audit' instead of 'name: audit'
- Inconsistent patterns between workflows
- Missing debug output that was helping test.yml work
Fix:
- Standardize all workflows to match test.yml working pattern
- Add comprehensive debug output to all workflows
- Use same nuclear fix approach for consistency
- Add --legacy-peer-deps flag for npm install
- Include detailed verification steps
Updated workflows:
- audit.yml: Fixed name field, added debug output
- fix.yml: Standardized pattern, added debug output
- security-scanning.yml: Standardized pattern, added debug output
- test.yml: Already working (reference pattern)
All workflows now follow the same proven working pattern that
successfully installs npm dependencies in the correct workspace.
CRITICAL FIX: Resolve act_runner host mode working directory issue
Problem:
- act_runner host mode does not persist working directory between steps
- Each 'cd repo' command was being lost due to isolated step execution
- npm install was still running in hostexecutor directory instead of repo
Solution:
- Add 'working-directory: repo' to every step after clone
- Enforce working directory at step level instead of inside run commands
- This bypasses act_runner host mode quirks completely
Changes:
- Update all 7 workflows to use working-directory: repo
- Remove 'cd repo' from run commands (redundant with working-directory)
- Keep git clone step outside working-directory (needs to run in default dir)
- Add verification steps to confirm correct working directory
Workflows updated:
- ci.yml, audit.yml, fix.yml, test.yml, security-scanning.yml
- cli-level1-tests.yml, ci-cd.yml
This should finally resolve the ENOENT: no such file or directory
errors for package.json by ensuring all npm commands execute in the
correct repository directory.
BREAKING CHANGE: Replace GitHub Actions checkout with explicit git clone
- Remove unreliable actions/checkout@v4 from all workflows
- Add manual git clone with HTTPS URL for deterministic behavior
- Explicit working directory control with 'cd repo' in each step
- Add debug verification steps to confirm repository context
- Fix npm install failures by ensuring correct working directory
- Update all 7 workflows: ci.yml, audit.yml, fix.yml, test.yml, security-scanning.yml, cli-level1-tests.yml, ci-cd.yml
- Use HTTPS clone URL for compatibility with Gitea runners
- Add 'rm -rf repo' to ensure clean clone each run
This resolves the issue where workflows were executing in hostexecutor directory
instead of repository workspace, causing npm install failures.
- Add minimal debug workflow to security-scanning.yml
- Test actions/checkout@v4 vs manual git clone
- Verify repository context before and after checkout
- Add package.json detection and npm install test
- Prepare manual clone fallback if checkout fails
- Updated runs-on from gitea-runner to debian across all workflow files
- Changed audit.yml, ci-cd.yml, ci.yml, fix.yml, security-scanning.yml, and test.yml
- Updated cli-level1-tests.yml from gitea-runner to debian
- Fixed audit.yml workflow name from 'gitea-runnername' to 'debianname'
- Standardizes runner configuration to use debian label
- Updated runs-on from debian:host to gitea-runner across all workflow files
- Changed audit.yml, ci-cd.yml, ci.yml, fix.yml, security-scanning.yml, and test.yml
- Updated cli-level1-tests.yml from debian:host to gitea-runner
- Fixed audit.yml workflow name from 'name' to 'gitea-runnername'
- Standardizes runner configuration to use gitea-runner label
- Updated runs-on from incus-debian to debian:host across all workflow files
- Changed audit.yml, ci-cd.yml, ci.yml, fix.yml, security-scanning.yml, and test.yml
- Updated cli-level1-tests.yml from ubuntu-latest to debian:host
- Standardizes runner configuration across all CI/CD pipelines
