aitbc1
d186ce03b4
Some checks failed
audit / audit (push) Failing after 3s
ci-cd / build (push) Failing after 6s
ci / build (push) Failing after 3s
autofix / fix (push) Failing after 1s
security-scanning / audit (push) Failing after 2s
test / test (push) Successful in 1s
ci-cd / deploy (push) Has been skipped
PROGRESS: Python project detected, but hitting PEP 668 restriction Issue: 'externally-managed-environment' - Debian protects system Python Root cause: Modern Python installations prevent system-wide pip installs Solution: Use virtual environment (proper Python best practice) Changes: - Add python3-full to package installation - Create virtual environment: python3 -m venv venv - Activate venv: source venv/bin/activate - Install poetry and dependencies inside venv - Run security tools in isolated environment Updated workflows: - audit.yml: Virtual environment + poetry install + audit - fix.yml: Virtual environment + poetry install + safety fixes - security-scanning.yml: Virtual environment + poetry install + security scans Expected results: - Virtual environment created and activated - Poetry installed without system restrictions - Dependencies installed in isolated environment - Security tools (safety, bandit) working properly - All workflows should complete successfully This follows Python best practices and resolves PEP 668 restrictions while maintaining the nuclear fix for workspace control.
83 lines
2.7 KiB
YAML
83 lines
2.7 KiB
YAML
name: autofix
|
|
|
|
on:
|
|
push:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
fix:
|
|
runs-on: debian
|
|
|
|
steps:
|
|
- name: Nuclear fix - absolute path control
|
|
run: |
|
|
echo "=== AUTOFIX NUCLEAR FIX ==="
|
|
echo "Current PWD: $(pwd)"
|
|
echo "Forcing absolute workspace path..."
|
|
|
|
# Clean and create absolute workspace
|
|
rm -rf /opt/gitea-runner/workspace
|
|
mkdir -p /opt/gitea-runner/workspace
|
|
cd /opt/gitea-runner/workspace
|
|
|
|
echo "Workspace PWD: $(pwd)"
|
|
echo "Cloning repository..."
|
|
git clone https://gitea.bubuit.net/oib/aitbc.git repo
|
|
|
|
cd repo
|
|
echo "Repo PWD: $(pwd)"
|
|
echo "Files in repo:"
|
|
ls -la
|
|
|
|
echo "=== PROJECT TYPE CHECK ==="
|
|
if [ -f "package.json" ]; then
|
|
echo "✅ Node.js project detected!"
|
|
echo "=== NPM INSTALL ==="
|
|
npm install --legacy-peer-deps
|
|
echo "✅ Auto-fixing vulnerabilities..."
|
|
npm audit fix || true
|
|
elif [ -f "pyproject.toml" ]; then
|
|
echo "✅ Python project detected!"
|
|
echo "=== PYTHON SETUP ==="
|
|
|
|
# Install Python and pip if not available
|
|
if ! command -v python3 >/dev/null 2>&1; then
|
|
echo "Installing Python 3..."
|
|
apt-get update
|
|
apt-get install -y python3 python3-pip python3-venv python3-full
|
|
fi
|
|
|
|
if ! command -v pip >/dev/null 2>&1; then
|
|
echo "Installing pip..."
|
|
python3 -m pip install --upgrade pip
|
|
fi
|
|
|
|
echo "=== VIRTUAL ENVIRONMENT ==="
|
|
# Create and use virtual environment
|
|
python3 -m venv venv
|
|
source venv/bin/activate
|
|
|
|
echo "Virtual environment activated"
|
|
echo "Python in venv: $(python --version)"
|
|
echo "Pip in venv: $(pip --version)"
|
|
|
|
echo "=== PYTHON DEPENDENCIES ==="
|
|
if command -v poetry >/dev/null 2>&1; then
|
|
echo "Poetry found, installing dependencies..."
|
|
poetry install
|
|
else
|
|
echo "Installing poetry..."
|
|
pip install poetry
|
|
poetry install
|
|
fi
|
|
echo "✅ Python dependencies installed!"
|
|
echo "=== SECURITY FIXES ==="
|
|
# Check for common Python security issues
|
|
echo "Running safety check..."
|
|
pip install safety
|
|
safety check || echo "Safety check completed with warnings"
|
|
else
|
|
echo "❌ No supported project type found!"
|
|
exit 1
|
|
fi
|