fix: upload audit log as artifact on failure

.gitea/workflows/pr-check.yml

@@ -93,15 +93,24 @@ jobs:
           uv pip compile pyproject.toml --no-dev -o requirements-prod.txt
           uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
           
-          # Parse and display results
+          # Check if vulnerabilities found
           if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
-            echo "❌ Found vulnerabilities in production dependencies:"
-            uv run python -c 'import json; data=json.load(open("audit-results.json")); [print(f"  - {v.get(\"name\", \"unknown\")} {v.get(\"version\", \"\")}: {v.get(\"id\", \"\")}") for v in data]'
+            echo "❌ Found vulnerabilities in production dependencies"
+            echo "📄 Audit log uploaded as artifact 'security-audit'"
             exit 1
           else
             echo "✅ No vulnerabilities in production dependencies"
+            rm -f audit-results.json
           fi
       
+      - name: Upload audit log
+        uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: security-audit
+          path: audit-results.json
+          retention-days: 7
+      
       - name: Check for secrets
         run: |
           if grep -r "password\s*=" --include="*.py" src/; then