diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 0c7a023..f3caa6b 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -86,19 +86,20 @@ jobs: if: needs.skip-ci-check.outputs.should-skip != '1' && (github.event_name == 'pull_request' || github.ref == 'refs/heads/master') env: PIP_NO_CACHE_DIR: "1" + PIP_BREAK_SYSTEM_PACKAGES: "1" container: image: node:20-bookworm steps: - name: Check out code uses: actions/checkout@v4 - - name: Ensure pip (node image has Python 3.11, not pip) + - name: Bootstrap pip (PEP 668 / bookworm) run: | python3 --version - python3 -m pip --version 2>/dev/null || { + if ! python3 -m pip --version >/dev/null 2>&1; then curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py - python3 /tmp/get-pip.py --disable-pip-version-check - } + python3 /tmp/get-pip.py --disable-pip-version-check --break-system-packages + fi - name: Show disk space (runner may be full) run: df -h / /tmp || true @@ -179,6 +180,9 @@ jobs: needs: skip-ci-check if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest + env: + PIP_NO_CACHE_DIR: "1" + PIP_BREAK_SYSTEM_PACKAGES: "1" container: image: node:20-bookworm steps: @@ -198,10 +202,10 @@ jobs: - name: Scan Python dependencies run: | if [ -f requirements.txt ]; then - python3 -m pip --version 2>/dev/null || { + if ! python3 -m pip --version >/dev/null 2>&1; then curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py - python3 /tmp/get-pip.py --disable-pip-version-check - } + python3 /tmp/get-pip.py --disable-pip-version-check --break-system-packages + fi python3 -m pip install --no-cache-dir pip-audit python3 -m pip-audit -r requirements.txt else @@ -213,19 +217,22 @@ jobs: needs: skip-ci-check if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest + env: + PIP_NO_CACHE_DIR: "1" + PIP_BREAK_SYSTEM_PACKAGES: "1" container: image: node:20-bookworm steps: - name: Check out code uses: actions/checkout@v4 - - name: Bootstrap pip + - name: Bootstrap pip (PEP 668 / bookworm) run: | python3 --version - python3 -m pip --version 2>/dev/null || { + if ! python3 -m pip --version >/dev/null 2>&1; then curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py - python3 /tmp/get-pip.py --disable-pip-version-check - } + python3 /tmp/get-pip.py --disable-pip-version-check --break-system-packages + fi - name: Install Semgrep run: python3 -m pip install --no-cache-dir semgrep @@ -263,18 +270,19 @@ jobs: runs-on: ubuntu-latest env: PIP_NO_CACHE_DIR: "1" + PIP_BREAK_SYSTEM_PACKAGES: "1" container: image: node:20-bookworm steps: - name: Check out code uses: actions/checkout@v4 - - name: Ensure pip + - name: Bootstrap pip (PEP 668 / bookworm) run: | - python3 -m pip --version 2>/dev/null || { + if ! python3 -m pip --version >/dev/null 2>&1; then curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py - python3 /tmp/get-pip.py --disable-pip-version-check - } + python3 /tmp/get-pip.py --disable-pip-version-check --break-system-packages + fi - name: Install Ansible run: python3 -m pip install --no-cache-dir ansible-core @@ -316,18 +324,19 @@ jobs: runs-on: ubuntu-latest env: PIP_NO_CACHE_DIR: "1" + PIP_BREAK_SYSTEM_PACKAGES: "1" container: image: node:20-bookworm steps: - name: Check out code uses: actions/checkout@v4 - - name: Ensure pip + - name: Bootstrap pip (PEP 668 / bookworm) run: | - python3 -m pip --version 2>/dev/null || { + if ! python3 -m pip --version >/dev/null 2>&1; then curl -fsSL https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py - python3 /tmp/get-pip.py --disable-pip-version-check - } + python3 /tmp/get-pip.py --disable-pip-version-check --break-system-packages + fi - name: Configure CI Ansible (no vault, localhost inventory) run: |