Merge pull request #781 from endomorphosis/copilot/fix-ci-cd-workflow-issues

Fix GraphRAG Production CI/CD workflow failures on self-hosted runners

Author: endomorphosis

.github/workflows/graphrag-production-ci.yml

@@ -33,9 +33,8 @@ jobs:
           sudo rm -rf "$GITHUB_WORKSPACE/.git/index.lock" 2>/dev/null || true
           sudo rm -rf "$GITHUB_WORKSPACE/.git/shallow.lock" 2>/dev/null || true
           sudo chown -R $USER:$USER "$GITHUB_WORKSPACE" 2>/dev/null || true
-          # Clean the entire workspace to avoid conflicts
-          cd /
-          sudo rm -rf "$GITHUB_WORKSPACE" || true
+          # Clean workspace contents but keep the directory itself
+          sudo rm -rf "$GITHUB_WORKSPACE"/* "$GITHUB_WORKSPACE"/.[!.]* 2>/dev/null || true
         fi
     
     - name: Configure git
@@ -51,7 +50,8 @@ jobs:
       run: |
         # Use system python3 on self-hosted runner
         python3 --version
-        python3 -m pip install --user --upgrade pip
+        # Python 3.12+ requires --break-system-packages to override PEP 668 externally-managed-environment protection
+        python3 -m pip install --break-system-packages --upgrade pip || python3 -m pip install --user --upgrade pip
     
     - name: Start test services with Docker
       run: |
@@ -94,7 +94,12 @@ jobs:
             ipfs-datasets-graphrag-tests:py${{ matrix.python-version }}
         else
           echo "Running tests with system Python"
-          python3 -m pip install --user -e ".[test]" || true
+          # Try to install test dependencies with PEP 668 override, fallback to user install
+          if ! python3 -m pip install --break-system-packages -e ".[test]" 2>/dev/null; then
+            if ! python3 -m pip install --user -e ".[test]" 2>/dev/null; then
+              echo "Warning: Failed to install test dependencies, proceeding anyway"
+            fi
+          fi
           python3 -m pytest tests/ -v --tb=short -k "not slow" || echo "Tests completed with errors"
         fi
     
@@ -146,16 +151,17 @@ jobs:
     - name: Set up Python
       run: |
         python3 --version
-        python3 -m pip install --user --upgrade pip
+        # Python 3.12+ requires --break-system-packages to override PEP 668 externally-managed-environment protection
+        python3 -m pip install --break-system-packages --upgrade pip || python3 -m pip install --user --upgrade pip
     
     - name: Run bandit security scan
       run: |
-        python3 -m pip install --user bandit
+        python3 -m pip install --break-system-packages bandit || python3 -m pip install --user bandit
         python3 -m bandit -r ipfs_datasets_py/ -f json -o bandit-report.json || true
     
     - name: Run dependency vulnerability check
       run: |
-        python3 -m pip install --user safety
+        python3 -m pip install --break-system-packages safety || python3 -m pip install --user safety
         python3 -m safety check --json --output safety-report.json || true
     
     - name: Upload security scan results