fix: simplify security check to single command

2026-03-29 08:39:32 +00:00 · 2026-03-29 08:39:32 +00:00 · d5dc677789
commit d5dc677789
parent 91eec1ae2d
1 changed files with 1 additions and 14 deletions
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@ -88,20 +88,7 @@ jobs:
        env:
          UV_NO_PROGRESS: "1"
        run: |
-          echo "Running pip-audit on production dependencies..."
-          # Audit only production dependencies (exclude dev)
-          uv pip compile pyproject.toml --no-dev -o requirements-prod.txt
-          uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
-          
-          # Check if vulnerabilities found
-          if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
-            echo "❌ Found vulnerabilities in production dependencies"
-            echo "📄 Audit log uploaded as artifact 'security-audit'"
-            exit 1
-          else
-            echo "✅ No vulnerabilities in production dependencies"
-            rm -f audit-results.json
-          fi
+          uv pip compile pyproject.toml --no-dev -o requirements-prod.txt && uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt && test ! -s audit-results.json || test "$(cat audit-results.json)" = "[]"
      
      - name: Upload audit log
        uses: actions/upload-artifact@v3