ilia/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CI: bootstrap pip without apt on act runner.
Some checks failed
CI / skip-ci-check (pull_request) Successful in 7s
Details
CI / lint-and-test (pull_request) Successful in 12s
Details
CI / ansible-validation (pull_request) Failing after 6s
Details
CI / secret-scanning (pull_request) Successful in 6s
Details
CI / dependency-scan (pull_request) Successful in 9s
Details
CI / sast-scan (pull_request) Failing after 6s
Details
CI / license-check (pull_request) Successful in 11s
Details
CI / vault-check (pull_request) Failing after 6s
Details
CI / playbook-test (pull_request) Failing after 6s
Details
CI / container-scan (pull_request) Successful in 6s
Details
CI / sonar-analysis (pull_request) Failing after 3s
Details
CI / workflow-summary (pull_request) Successful in 6s
Details

Browse Source 
Debian bullseye apt in Gitea act containers fails GPG signature checks;
use get-pip.py + python3 -m pip instead of apt-get python3-pip.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
ilia 2026-05-22 21:35:56 -04:00
parent 70af1b1355
commit 08d5cb4073
1 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
.gitea/workflows/ci.yml
View File

@ -90,12 +90,12 @@ jobs:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install system Python and pip - name: Bootstrap pip (no apt — act runner hits bullseye GPG errors)
run: | run: |
apt-get update -qq
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq python3 python3-pip python3-yaml ca-certificates
python3 --version python3 --version
pip3 --version curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
python3 /tmp/get-pip.py --disable-pip-version-check
python3 -m pip --version
- name: Configure CI Ansible (no vault, localhost inventory) - name: Configure CI Ansible (no vault, localhost inventory)
run: | run: |
@ -123,7 +123,7 @@ jobs:
echo "ANSIBLE_INVENTORY=/tmp/ci-inventory.ini" >> "$GITHUB_ENV" echo "ANSIBLE_INVENTORY=/tmp/ci-inventory.ini" >> "$GITHUB_ENV"
- name: Install Ansible and linting tools - name: Install Ansible and linting tools
run: pip3 install --no-cache-dir ansible ansible-lint yamllint pyyaml run: python3 -m pip install --no-cache-dir ansible ansible-lint yamllint pyyaml
- name: Install Ansible collections - name: Install Ansible collections
run: | run: |
@ -193,10 +193,10 @@ jobs:
- name: Scan Python dependencies - name: Scan Python dependencies
run: | run: |
if [ -f requirements.txt ]; then if [ -f requirements.txt ]; then
apt-get update -qq curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq python3 python3-pip python3 /tmp/get-pip.py --disable-pip-version-check
pip3 install --no-cache-dir pip-audit python3 -m pip install --no-cache-dir pip-audit
pip-audit -r requirements.txt python3 -m pip-audit -r requirements.txt
else else
echo "No requirements.txt, skipping pip-audit" echo "No requirements.txt, skipping pip-audit"
fi fi
@ -212,13 +212,14 @@ jobs:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install system Python and pip - name: Bootstrap pip (no apt)
run: | run: |
apt-get update -qq python3 --version
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq python3 python3-pip ca-certificates curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
python3 /tmp/get-pip.py --disable-pip-version-check
- name: Install Semgrep - name: Install Semgrep
run: pip3 install --no-cache-dir semgrep run: python3 -m pip install --no-cache-dir semgrep
- name: Run Semgrep scan - name: Run Semgrep scan
run: semgrep --config=auto --error run: semgrep --config=auto --error
@ -257,13 +258,14 @@ jobs:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install system Python and pip - name: Bootstrap pip (no apt)
run: | run: |
apt-get update -qq python3 --version
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq python3 python3-pip ca-certificates curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
python3 /tmp/get-pip.py --disable-pip-version-check
- name: Install Ansible - name: Install Ansible
run: pip3 install --no-cache-dir ansible run: python3 -m pip install --no-cache-dir ansible
- name: Validate vault files are encrypted - name: Validate vault files are encrypted
run: | run: |
@ -306,10 +308,11 @@ jobs:
- name: Check out code - name: Check out code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install system Python and pip - name: Bootstrap pip (no apt)
run: | run: |
apt-get update -qq python3 --version
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq python3 python3-pip ca-certificates curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
python3 /tmp/get-pip.py --disable-pip-version-check
- name: Configure CI Ansible (no vault, localhost inventory) - name: Configure CI Ansible (no vault, localhost inventory)
run: | run: |
@ -367,7 +370,7 @@ jobs:
echo "ANSIBLE_INVENTORY=/tmp/ci-inventory.ini" >> "$GITHUB_ENV" echo "ANSIBLE_INVENTORY=/tmp/ci-inventory.ini" >> "$GITHUB_ENV"
- name: Install Ansible - name: Install Ansible
run: pip3 install --no-cache-dir ansible run: python3 -m pip install --no-cache-dir ansible
- name: Install Ansible collections - name: Install Ansible collections
run: | run: |
@ -411,8 +414,6 @@ jobs:
continue-on-error: true continue-on-error: true
run: | run: |
set -e set -e
apt-get update -qq
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq curl ca-certificates
# Use a fixed, known-good Trivy version to avoid URL/redirect issues # Use a fixed, known-good Trivy version to avoid URL/redirect issues
TRIVY_VERSION="0.58.2" TRIVY_VERSION="0.58.2"
TRIVY_URL="https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" TRIVY_URL="https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"