From 798fef2b6712c0825d75c3316a8254136f0d22ea Mon Sep 17 00:00:00 2001
From: ilia <idobkin@gmail.com>
Date: Fri, 22 May 2026 21:48:57 -0400
Subject: [PATCH] Fix CI: use node:20-bookworm for ansible jobs

actions/checkout@v4 requires Node; python:3.11-slim broke job 2.
Bootstrap pip on bookworm without apt to avoid runner GPG issues.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .gitea/workflows/ci.yml | 56 +++++++++++++++++++++++++++++------------
 1 file changed, 40 insertions(+), 16 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 206b5c9..0c7a023 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -65,7 +65,7 @@ jobs:
     runs-on: ubuntu-latest
     if: needs.skip-ci-check.outputs.should-skip != '1' && (github.event_name == 'pull_request' || github.ref == 'refs/heads/master')
     container:
-      image: node:20-bullseye
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -87,11 +87,19 @@ jobs:
     env:
       PIP_NO_CACHE_DIR: "1"
     container:
-      image: python:3.11-slim-bookworm
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4
 
+      - name: Ensure pip (node image has Python 3.11, not pip)
+        run: |
+          python3 --version
+          python3 -m pip --version 2>/dev/null || {
+            curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
+            python3 /tmp/get-pip.py --disable-pip-version-check
+          }
+
       - name: Show disk space (runner may be full)
         run: df -h / /tmp || true
 
@@ -153,7 +161,7 @@ jobs:
     if: needs.skip-ci-check.outputs.should-skip != '1'
     runs-on: ubuntu-latest
     container:
-      image: node:20-bullseye
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -172,7 +180,7 @@ jobs:
     if: needs.skip-ci-check.outputs.should-skip != '1'
     runs-on: ubuntu-latest
     container:
-      image: node:20-bullseye
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -190,9 +198,10 @@ jobs:
       - name: Scan Python dependencies
         run: |
           if [ -f requirements.txt ]; then
-            PY=$(python3 -c 'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}")')
-            curl -fsSL "https://bootstrap.pypa.io/pip/${PY}/get-pip.py" -o /tmp/get-pip.py
-            python3 /tmp/get-pip.py --disable-pip-version-check
+            python3 -m pip --version 2>/dev/null || {
+              curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
+              python3 /tmp/get-pip.py --disable-pip-version-check
+            }
             python3 -m pip install --no-cache-dir pip-audit
             python3 -m pip-audit -r requirements.txt
           else
@@ -205,17 +214,18 @@ jobs:
     if: needs.skip-ci-check.outputs.should-skip != '1'
     runs-on: ubuntu-latest
     container:
-      image: node:20-bullseye
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4
 
-      - name: Bootstrap pip (no apt)
+      - name: Bootstrap pip
         run: |
           python3 --version
-          PY=$(python3 -c 'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}")')
-          curl -fsSL "https://bootstrap.pypa.io/pip/${PY}/get-pip.py" -o /tmp/get-pip.py
-          python3 /tmp/get-pip.py --disable-pip-version-check
+          python3 -m pip --version 2>/dev/null || {
+            curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
+            python3 /tmp/get-pip.py --disable-pip-version-check
+          }
 
       - name: Install Semgrep
         run: python3 -m pip install --no-cache-dir semgrep
@@ -229,7 +239,7 @@ jobs:
     if: needs.skip-ci-check.outputs.should-skip != '1'
     runs-on: ubuntu-latest
     container:
-      image: node:20-bullseye
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -254,11 +264,18 @@ jobs:
     env:
       PIP_NO_CACHE_DIR: "1"
     container:
-      image: python:3.11-slim-bookworm
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4
 
+      - name: Ensure pip
+        run: |
+          python3 -m pip --version 2>/dev/null || {
+            curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
+            python3 /tmp/get-pip.py --disable-pip-version-check
+          }
+
       - name: Install Ansible
         run: python3 -m pip install --no-cache-dir ansible-core
 
@@ -300,11 +317,18 @@ jobs:
     env:
       PIP_NO_CACHE_DIR: "1"
     container:
-      image: python:3.11-slim-bookworm
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4
 
+      - name: Ensure pip
+        run: |
+          python3 -m pip --version 2>/dev/null || {
+            curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py
+            python3 /tmp/get-pip.py --disable-pip-version-check
+          }
+
       - name: Configure CI Ansible (no vault, localhost inventory)
         run: |
           set -e
@@ -395,7 +419,7 @@ jobs:
     if: needs.skip-ci-check.outputs.should-skip != '1'
     runs-on: ubuntu-latest
     container:
-      image: node:20-bullseye
+      image: node:20-bookworm
     steps:
       - name: Check out code
         uses: actions/checkout@v4