fix: simplify security check to single command

.gitea/workflows/pr-check.yml

@@ -88,20 +88,7 @@ jobs:
         env:
           UV_NO_PROGRESS: "1"
         run: |
-          echo "Running pip-audit on production dependencies..."
+          uv pip compile pyproject.toml --no-dev -o requirements-prod.txt && uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt && test ! -s audit-results.json || test "$(cat audit-results.json)" = "[]"
-          # Audit only production dependencies (exclude dev)
-          uv pip compile pyproject.toml --no-dev -o requirements-prod.txt
-          uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
-          
-          # Check if vulnerabilities found
-          if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
-            echo "❌ Found vulnerabilities in production dependencies"
-            echo "📄 Audit log uploaded as artifact 'security-audit'"
-            exit 1
-          else
-            echo "✅ No vulnerabilities in production dependencies"
-            rm -f audit-results.json
-          fi
       
       - name: Upload audit log
         uses: actions/upload-artifact@v3