fix(ci): use CPU-only torch wheel and rebase before daily push

.github/workflows/main.yml

@@ -2,11 +2,11 @@ name: CVE Forecast Daily Update
 
 on:
   push:
-    branches: [ main, master ]
+    branches: [main, master]
   schedule:
     # Run daily at midnight UTC
-    - cron: '0 0 * * *'
-  
+    - cron: "0 0 * * *"
+
   # Allow manual triggering
   workflow_dispatch:
 
@@ -26,79 +26,80 @@ jobs:
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
-    
+
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v6
-      with:
-        fetch-depth: 0
-        token: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Set up Python
-      uses: actions/setup-python@v6
-      with:
-        python-version: '3.13'
-        cache: 'pip'
-
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install -r requirements.txt
-
-    - name: Configure Git
-      run: |
-        git config --local user.email "action@github.com"
-        git config --local user.name "GitHub Action"
-
-    - name: Clone CVE data repository
-      run: |
-        git clone --depth 1 https://github.com/CVEProject/cvelistV5.git cvelistV5
-        echo "CVE data cloned successfully"
-        ls -la cvelistV5/
-
-    - name: Run CVE forecast
-      run: |
-        python code/run_production_forecast.py
-      env:
-        PYTHONUNBUFFERED: 1
-
-    - name: Validate forecast data
-      run: python code/scripts/validate_forecast_data.py
-
-    - name: Check for changes
-      id: verify-changed-files
-      run: |
-        if [ -n "$(git status --porcelain)" ]; then
-          echo "changed=true" >> $GITHUB_OUTPUT
-        else
-          echo "changed=false" >> $GITHUB_OUTPUT
-        fi
-
-    - name: Commit and push changes
-      if: steps.verify-changed-files.outputs.changed == 'true'
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        git add web/data.json web/cna_data.json web/forecast_history.json web/pipeline_results.json web/model_info.json || true
-        git commit -m "Update CVE forecast data - $(date -u '+%Y-%m-%d %H:%M:%S UTC')"
-        git push
-
-    - name: Upload artifacts
-      if: always()
-      uses: actions/upload-artifact@v7
-      with:
-        name: forecast-data
-        path: web/data.json
-        retention-days: 30
-
-    - name: Setup Pages
-      uses: actions/configure-pages@v6
-
-    - name: Upload to GitHub Pages
-      uses: actions/upload-pages-artifact@v5
-      with:
-        path: web/
-
-    - name: Deploy to GitHub Pages
-      id: deployment
-      uses: actions/deploy-pages@v5
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.13"
+          cache: "pip"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Configure Git
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
+      - name: Clone CVE data repository
+        run: |
+          git clone --depth 1 https://github.com/CVEProject/cvelistV5.git cvelistV5
+          echo "CVE data cloned successfully"
+          ls -la cvelistV5/
+
+      - name: Run CVE forecast
+        run: |
+          python code/run_production_forecast.py
+        env:
+          PYTHONUNBUFFERED: 1
+
+      - name: Validate forecast data
+        run: python code/scripts/validate_forecast_data.py
+
+      - name: Check for changes
+        id: verify-changed-files
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "changed=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Commit and push changes
+        if: steps.verify-changed-files.outputs.changed == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          git add web/data.json web/cna_data.json web/forecast_history.json web/pipeline_results.json web/model_info.json || true
+          git commit -m "Update CVE forecast data - $(date -u '+%Y-%m-%d %H:%M:%S UTC')"
+          git pull --rebase origin main
+          git push
+
+      - name: Upload artifacts
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: forecast-data
+          path: web/data.json
+          retention-days: 30
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v6
+
+      - name: Upload to GitHub Pages
+        uses: actions/upload-pages-artifact@v5
+        with:
+          path: web/
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v5

.github/workflows/monthly_tuning.yml

@@ -34,7 +34,6 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install torch torchvision torchaudio --index-url https://download.pytorch.org/whl/cpu
           pip install -r requirements.txt
 
       - name: Configure Git

requirements.txt

@@ -1,3 +1,4 @@
+--extra-index-url https://download.pytorch.org/whl/cpu
 darts[all]>=0.43
 pandas>=3.0,<4
 numpy>=2.1