fix(compliance): use PYTHON_BIN env var for venv support

Modern Debian/Ubuntu enforces PEP 668 which blocks system-wide pip installs. The backend now reads PYTHON_BIN from the environment (defaulting to 'python3') so each server can point to a venv. Updates README with venv setup instructions.
2026-04-01 12:47:50 -06:00
parent d0087ba9b7
commit 8aef51b59a
2 changed files with 21 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ The application provides:

 - Node.js 18 or later
 - npm
- Python 3 with `pandas` and `openpyxl` (required for compliance xlsx parsing)
+- Python 3 with a venv containing `pandas` and `openpyxl` (required for compliance xlsx parsing)

 ---

@@ -97,13 +97,29 @@ npm install

 ### 4. Install Python dependencies

+Modern Debian/Ubuntu systems enforce PEP 668 and block system-wide pip installs. Create a virtual environment instead:
+
 ```bash
-cd backend/scripts
-pip install -r requirements.txt
+# Install venv support if needed
+apt install -y python3-venv python3-full
+
+# Create the venv (once per server, from the app root)
+python3 -m venv /home/cve-dashboard/venv
+
+# Install packages into the venv
+/home/cve-dashboard/venv/bin/pip install -r backend/scripts/requirements.txt
 ```

 Required packages: `pandas>=2.0.0`, `openpyxl>=3.0.0`

+Then set the `PYTHON_BIN` environment variable so the backend uses the venv Python:
+
+```bash
+export PYTHON_BIN=/home/cve-dashboard/venv/bin/python3
+```
+
+Add this to the server's startup environment (e.g., your systemd unit or `.env` file) so it persists across restarts. If `PYTHON_BIN` is not set, the backend falls back to the system `python3`.
+
 > The bulk notes import script (`import_notes_from_csv.py`) uses only Python stdlib and does **not** require these packages.

 ### 5. Initialize the database