fix: resolve remaining CI/CD issues

Fixed multiple CI/CD failures: 🐳 Docker Multi-Platform Build: - Removed pinned pip/setuptools/wheel versions for ARM64 compatibility - Now using latest versions which have better ARM64 support - This should fix: "buildx failed with: ERROR: failed to build" 🔒 Security Scan: - Added required permissions to security job: - security-events: write (for SARIF upload) - contents: read - actions: read - This fixes: "Resource not accessible by integration" 📄 GitHub Pages Deploy: - Disabled redundant deploy-pages.yml workflow - The working pages-deploy.yml already handles deployment - Removed dependency on missing scripts (create_categories.py) - This fixes: "Deploy GitHub Pages / build" failure All test jobs are now passing (3.9, 3.10, 3.11) ✅ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-25 03:15:25 +08:00 · 2025-11-03 22:01:24 +02:00
parent 346ea28100
commit 87eb66ed7d
3 changed files with 11 additions and 12 deletions
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -85,6 +85,10 @@ jobs:
    needs: test
    # Don't fail the workflow if Trivy finds issues
    continue-on-error: true
+    permissions:
+      contents: read
+      security-events: write
+      actions: read

    steps:
    - name: Checkout code
--- a/.github/workflows/deploy-pages.yml
+++ b/.github/workflows/deploy-pages.yml
@@ -1,15 +1,9 @@
-name: Deploy GitHub Pages
+name: Deploy GitHub Pages (Legacy - Disabled)

+# This workflow is disabled - using pages-deploy.yml instead
+# The docs folder already contains pre-built static files
 on:
-  push:
-    branches: [ main ]
-    paths:
-      - 'workflows/**'
-      - 'docs/**'
-      - 'scripts/**'
-      - 'workflow_db.py'
-      - 'create_categories.py'
-  workflow_dispatch:  # Allow manual triggering
+  workflow_dispatch:  # Only allow manual triggering

 # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
 permissions:
--- a/5
+++ b/5
@@ -34,8 +34,9 @@ RUN chown -R appuser:appuser /app
 COPY --chown=appuser:appuser requirements.txt .

 # Install Python dependencies with security hardening
-RUN python -m pip install --no-cache-dir --upgrade pip==24.3.1 setuptools==75.3.0 wheel==0.44.0 && \
-    python -m pip install --no-cache-dir --no-compile -r requirements.txt && \
+# Use pip without pinning versions for better ARM64 compatibility
+RUN python -m pip install --no-cache-dir --upgrade pip setuptools wheel && \
+    python -m pip install --no-cache-dir -r requirements.txt && \
    find /usr/local -type f -name '*.pyc' -delete && \
    find /usr/local -type d -name '__pycache__' -delete