From 7def4e3abb57921208e13672b794ec93a1c0b54e Mon Sep 17 00:00:00 2001
From: root <root@s8891c72e.fastvps-server.com>
Date: Sun, 29 Mar 2026 20:50:40 +0000
Subject: [PATCH] fix: use pip-audit exit code for vulnerability check

---
 .gitea/workflows/pr-check.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/pr-check.yml b/.gitea/workflows/pr-check.yml
index d09ca0a..fba94e6 100644
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@@ -112,12 +112,14 @@ jobs:
           UV_NO_PROGRESS: "1"
         run: |
           uv pip compile pyproject.toml --no-deps -o requirements-prod.txt
-          uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
-          if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
-            echo "❌ Found vulnerabilities"
+          # pip-audit returns exit code 1 if vulnerabilities found, 0 if none
+          if uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt; then
+            echo "✅ No vulnerabilities found"
+            rm -f audit-results.json
+          else
+            echo "❌ Found vulnerabilities - see security-audit artifact"
             exit 1
           fi
-          echo "✅ No vulnerabilities found"
       
       - name: Upload audit log
         uses: actions/upload-artifact@v3