fix: resolve remaining CI/CD issues

Zie619 · claude · Zie619 · commit 87eb66ed7dde · 2025-11-03T22:01:24.000+02:00
Fixed multiple CI/CD failures: 🐳 Docker Multi-Platform Build: - Removed pinned pip/setuptools/wheel versions for ARM64 compatibility - Now using latest versions which have better ARM64 support - This should fix: "buildx failed with: ERROR: failed to build" 🔒 Security Scan: - Added required permissions to security job: - security-events: write (for SARIF upload) - contents: read - actions: read - This fixes: "Resource not accessible by integration" 📄 GitHub Pages Deploy: - Disabled redundant deploy-pages.yml workflow - The working pages-deploy.yml already handles deployment - Removed dependency on missing scripts (create_categories.py) - This fixes: "Deploy GitHub Pages / build" failure All test jobs are now passing (3.9, 3.10, 3.11) ✅ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -85,6 +85,10 @@ jobs:
     needs: test
     # Don't fail the workflow if Trivy finds issues
     continue-on-error: true
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
 
     steps:
     - name: Checkout code
diff --git a/.github/workflows/deploy-pages.yml b/.github/workflows/deploy-pages.yml
@@ -1,15 +1,9 @@
-name: Deploy GitHub Pages
+name: Deploy GitHub Pages (Legacy - Disabled)
 
+# This workflow is disabled - using pages-deploy.yml instead
+# The docs folder already contains pre-built static files
 on:
-  push:
-    branches: [ main ]
-    paths:
-      - 'workflows/**'
-      - 'docs/**'
-      - 'scripts/**'
-      - 'workflow_db.py'
-      - 'create_categories.py'
-  workflow_dispatch:  # Allow manual triggering
+  workflow_dispatch:  # Only allow manual triggering
 
 # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
 permissions:
diff --git a/Dockerfile b/Dockerfile
@@ -34,8 +34,9 @@ RUN chown -R appuser:appuser /app
 COPY --chown=appuser:appuser requirements.txt .
 
 # Install Python dependencies with security hardening
-RUN python -m pip install --no-cache-dir --upgrade pip==24.3.1 setuptools==75.3.0 wheel==0.44.0 && \
-    python -m pip install --no-cache-dir --no-compile -r requirements.txt && \
+# Use pip without pinning versions for better ARM64 compatibility
+RUN python -m pip install --no-cache-dir --upgrade pip setuptools wheel && \
+    python -m pip install --no-cache-dir -r requirements.txt && \
     find /usr/local -type f -name '*.pyc' -delete && \
     find /usr/local -type d -name '__pycache__' -delete
 
