fix: use pip-audit exit code for vulnerability check

.gitea/workflows/pr-check.yml

@@ -112,12 +112,14 @@ jobs:
           UV_NO_PROGRESS: "1"
         run: |
           uv pip compile pyproject.toml --no-deps -o requirements-prod.txt
-          uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
+          # pip-audit returns exit code 1 if vulnerabilities found, 0 if none
-          if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
+          if uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt; then
-            echo "❌ Found vulnerabilities"
+            echo "✅ No vulnerabilities found"
+            rm -f audit-results.json
+          else
+            echo "❌ Found vulnerabilities - see security-audit artifact"
             exit 1
           fi
-          echo "✅ No vulnerabilities found"
       
       - name: Upload audit log
         uses: actions/upload-artifact@v3